Ticket #548: 2.0.8-2.0.9.diff
| File 2.0.8-2.0.9.diff, 250.8 KB (added by jim, 4 years ago) |
|---|
-
BARRACUDA.sh.txt
diff --git a/BARRACUDA.sh.txt b/BARRACUDA.sh.txt index 4ff6050..8b50509 100755
a b _EASY_LOCALHOST=NO 180 180 181 181 182 182 ###----------------------------------------### 183 ### PHP , NGINX AND REDIS INSTALL METHOD###183 ### PHP INSTALL METHOD ### 184 184 ###----------------------------------------### 185 185 ### 186 186 ### This option is used only in Debian Squeeze 187 ### and Ubuntu Precise.187 ### Debian Wheezy and Ubuntu Precise. 188 188 ### 189 189 ### By default Barracuda uses Dotdeb packages 190 ### to install PHP 5.3, Nginx and Redis on 191 ### Debian Squeeze and standard Ubuntu Precise 192 ### packages to install PHP 5.3 and Nginx on 193 ### Ubuntu Precise. 190 ### to install PHP 5.3 on Debian Squeeze and 191 ### standard Ubuntu packages to install 192 ### PHP 5.3 on Ubuntu Precise. 194 193 ### 195 194 ### They are sometimes not fully up to date 196 ### when new version of PHP or Nginx is197 ### released, so even if it is slower to build198 ### from sources,it may be useful.195 ### when new version of PHP is released, so 196 ### even if it is slower to build from sources 197 ### it may be useful. 199 198 ### 200 ### If you prefer to build from sources also 201 ### PHP 5.3, Nginx and Redis on Squeeze or 202 ### Precise, change this to: 199 ### If you want to build PHP 5.3 from sources 200 ### on Squeeze or Precise, change this to: 203 201 ### 204 202 ### _BUILD_FROM_SRC=YES 205 203 ### 204 ### Note that Debian Wheezy will force the 205 ### build from sources, at least until there 206 ### are Dotdeb packages for PHP 5.3 available. 207 ### 206 208 ### Note that PHP 5.2, if used, will be always 207 209 ### installed from sources in all supported 208 210 ### OS flavors. 209 211 ### 210 212 ### NOTE! We have switched to always build 211 213 ### Nginx from sources, because the packages 212 ### based version is really bloated, so this 213 ### option works as explained above only when 214 ### you will change _NGINX_FROM_SOURCES=YES 215 ### to _NGINX_FROM_SOURCES=NO in the advanced 216 ### config section further below. This may be 217 ### useful when you prefer to run system only 218 ### updates with apt-get instead of running 219 ### Barracuda. 214 ### based version is really bloated. 220 215 ### 221 216 _BUILD_FROM_SRC=NO 222 217 … … _FULL_FORCE_REINSTALL=NO 410 405 411 406 ### 412 407 ### Use YES to run major system upgrade 413 ### from Debian Lenny to Squeeze. 408 ### from Debian Squeeze to Debian Wheezy. 409 ### 410 _SQUEEZE_TO_WHEEZY=NO 411 412 ### 413 ### Use YES to run major system upgrade 414 ### from Debian Lenny to Debian Squeeze. 414 415 ### 415 416 _LENNY_TO_SQUEEZE=NO 416 417 … … _SMTP_RELAY_HOST="" 697 698 ### values. 698 699 ### 699 700 ### It will also disable all DNS and SMTP 700 ### relay tests and enable drush debug mode 701 ### automatically. 701 ### relay tests automatically. 702 702 ### 703 703 ### Note that for non-local installs with 704 704 ### private and/or dynamic IPs on servers … … _USE_STOCK=NO 903 903 ### DON'T EDIT ANYTHING BELOW THIS LINE ### 904 904 ###----------------------------------------### 905 905 906 _INSTALLER_VERSION=BOA-2.0. 8906 _INSTALLER_VERSION=BOA-2.0.9 907 907 908 908 ### 909 909 ### Software versions … … _JETTY_8_VERSION=8.1.10.v20130312 922 922 _JETTY_9_VERSION=9.0.0.v20130308 923 923 _LSHELL_VERSION=0.9.15.1-sec-auto-normalize 924 924 _MARIADB_VERSION=5.5.30 925 _NGINX_VERSION=1. 3.15925 _NGINX_VERSION=1.5.0 926 926 _PERCONA_VERSION=5.5.30 927 _PHP_VERSION_NEW=5.3.2 3927 _PHP_VERSION_NEW=5.3.25 928 928 _PHP_VERSION=5.2.17 929 929 _PURE_FTPD_VERSION=1.0.36 930 _REDIS_VERSION=2.6.1 2930 _REDIS_VERSION=2.6.13 931 931 _SOLR_1_VERSION=1.4.1 932 932 _SOLR_3_VERSION=3.6.2 933 933 _SOLR_4_VERSION=4.2.0 … … not_supported_os () { 1017 1017 msg "== FATAL ERROR ==" 1018 1018 msg "Invalid install script or OS used" 1019 1019 msg "It is not any supported Debian or Ubuntu version" 1020 msg "You need Debian - Squeeze (recommended) "1020 msg "You need Debian - Squeeze (recommended) or Wheezy" 1021 1021 msg "or Ubuntu - Precise or Lucid" 1022 1022 exit 1 1023 1023 } … … st_runner () { 1089 1089 # 1090 1090 # Remove dangerous stuff from the string. 1091 1091 sanitize_string () { 1092 echo "$1" | sed 's/[\ `\#\"\{\(\$\@]//g' | sed 's/\(['"'"'\]\)//g'1092 echo "$1" | sed 's/[\\\/\^\?\>\`\#\"\{\(\$\@]//g' | sed 's/\(['"'"'\]\)//g' 1093 1093 } 1094 1094 # 1095 1095 # Find correct IP. … … fix_php_ini_redis () { 1147 1147 fi 1148 1148 } 1149 1149 # 1150 # Forced Redis password update. 1151 forced_redis_password_update () { 1152 msg "INFO: Generating random password for Redis server" 1153 touch /root/.redis.pass.txt 1154 chmod 0600 /root/.redis.pass.txt &> /dev/null 1155 _ESC_RPASS="" 1156 _LEN_RPASS=0 1157 if [ "$_STRONG_PASSWORDS" = "YES" ] ; then 1158 _ESC_RPASS=$(randpass 32 alnum) 1159 _ESC_RPASS=`echo -n $_ESC_RPASS | tr -d "\n"` 1160 _LEN_RPASS=$(echo ${#_ESC_RPASS}) 1161 fi 1162 if [ -z "$_ESC_RPASS" ] || [ $_LEN_RPASS -lt 19 ] ; then 1163 _ESC_RPASS=`pwgen -v -s -1` 1164 _ESC_RPASS=`echo -n $_ESC_RPASS | tr -d "\n"` 1165 _ESC_RPASS=`sanitize_string "$_ESC_RPASS"` 1166 fi 1167 echo "$_ESC_RPASS" > /root/.redis.pass.txt 1168 touch /var/log/sec-redis-pass-$_INSTALLER_VERSION-$_NOW.log 1169 _FORCE_REDIS_RESTART=YES 1170 sed -i "s/^requirepass.*/requirepass $_ESC_RPASS/g" /etc/redis/redis.conf &> /dev/null 1171 chown redis:redis /etc/redis/redis.conf 1172 chmod 0600 /etc/redis/redis.conf 1173 } 1174 # 1150 1175 # Set or update Redis password. 1151 1176 update_redis_password () { 1152 1177 if [ -e "/etc/redis/redis.conf" ] ; then 1153 if [ ! -e "/var/log/sec-redis-pass-$_INSTALLER_VERSION-$_NOW.log" ] || [ ! -e "/root/.redis.pass.txt" ] ; then 1154 msg "INFO: Generating random password for Redis server" 1155 touch /root/.redis.pass.txt 1156 chmod 0600 /root/.redis.pass.txt &> /dev/null 1157 _ESC_RPASS="" 1158 _LEN_RPASS=0 1159 if [ "$_STRONG_PASSWORDS" = "YES" ] ; then 1160 _ESC_RPASS=$(randpass 32 alnum) 1161 _ESC_RPASS=`echo -n $_ESC_RPASS | tr -d "\n"` 1162 _LEN_RPASS=$(echo ${#_ESC_RPASS}) 1163 fi 1164 if [ -z "$_ESC_RPASS" ] || [ $_LEN_RPASS -lt 19 ] ; then 1165 _ESC_RPASS=`pwgen -v -s -1` 1166 _ESC_RPASS=`echo -n $_ESC_RPASS | tr -d "\n"` 1167 _ESC_RPASS=`sanitize_string "$_ESC_RPASS"` 1178 if [ ! -e "/var/log/sec-redis-pass-$_INSTALLER_VERSION-$_NOW.log" ] ; then 1179 if [ ! -e "/root/.redis.no.new.password.cnf" ] || [ ! -e "/root/.redis.pass.txt" ] ; then 1180 forced_redis_password_update 1168 1181 fi 1169 echo "$_ESC_RPASS" > /root/.redis.pass.txt1170 touch /var/log/sec-redis-pass-$_INSTALLER_VERSION-$_NOW.log1171 _FORCE_REDIS_RESTART=YES1172 1182 fi 1173 1183 fi 1174 1184 if [ -e "/root/.redis.pass.txt" ] && [ -e "/etc/redis/redis.conf" ] ; then … … update_redis_password () { 1178 1188 else 1179 1189 RPASS="$_ESC_RPASS" 1180 1190 fi 1181 sed -i "s/^requirepass.*/requirepass $RPASS/g" /etc/redis/redis.conf &> /dev/null 1182 sed -i "s/isfoobared/$RPASS/g" /data/conf/global.inc &> /dev/null 1183 sed -i "s/isfoobared/$RPASS/g" /var/aegir/config/includes/global.inc &> /dev/null 1184 chown redis:redis /etc/redis/redis.conf 1185 chmod 0600 /etc/redis/redis.conf 1191 _REDIS_PWD_TEST=`grep "'$RPASS'" /data/conf/global.inc 2>&1` 1192 if [[ "$_REDIS_PWD_TEST" =~ "'$RPASS'" ]] ; then 1193 true 1194 else 1195 if [ ! -z "$RPASS" ] ; then 1196 mkdir -p /data/conf 1197 if [ -e "/var/aegir/config/server_master/nginx/pre.d/nginx_wild_ssl.conf" ] ; then 1198 cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/global.inc.ssl.aegir.txt /data/conf/global.inc 1199 else 1200 cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/global.inc.aegir.txt /data/conf/global.inc 1201 fi 1202 sed -i "s/isfoobared/$RPASS/g" /data/conf/global.inc &> /dev/null 1203 fi 1204 fi 1205 if [ -e "/var/aegir/config/includes" ] && [ ! -L "/var/aegir/config/includes/global.inc" ] && [ -e "/data/conf/global.inc" ] ; then 1206 rm -f /var/aegir/config/includes/global.inc 1207 ln -s /data/conf/global.inc /var/aegir/config/includes/global.inc 1208 fi 1186 1209 fi 1187 1210 } 1188 1211 # … … update_redis_password () { 1190 1213 install_redis_src () { 1191 1214 msg "INFO: Installing Redis update for $_THIS_OS/$_THIS_RV, please wait..." 1192 1215 mrun "sleep 1" 1193 if [ "$_REL_VERSION" = "dummy" ] ; then 1194 st_runner "$_INSTAPP redis-server" 2> /dev/null 1195 else 1196 if [ ! -e "/var/lib/redis" ] ; then 1197 st_runner "adduser --system --group redis" 2> /dev/null 1198 fi 1199 cd /var/opt 1200 rm -f -r redis* 1201 wget -q -U iCab http://files.aegir.cc/dev/redis-$_REDIS_VERSION.tar.gz 1202 tar -xzf redis-$_REDIS_VERSION.tar.gz 1203 cd redis-$_REDIS_VERSION 1204 st_runner "make --quiet" 2> /dev/null 1205 st_runner "make --quiet install" 2> /dev/null 1206 if [ -e "/var/lib/redis" ] ; then 1207 st_runner "service redis-server stop" &> /dev/null 1208 mrun "sleep 1" 1209 killall -9 redis-server &> /dev/null 1210 fi 1211 cd /usr/local/bin 1212 if [ ! -L "/usr/local/bin/redis-server" ] ; then 1213 cp -p redis-server /usr/bin/ 1214 fi 1215 cp -p redis-benchmark /usr/bin/ 1216 cp -p redis-cli /usr/bin/ 1217 cp -p redis-check-dump /usr/bin/ 1218 cp -p redis-check-aof /usr/bin/ 1216 if [ ! -e "/var/lib/redis" ] ; then 1217 st_runner "adduser --system --group redis" 2> /dev/null 1219 1218 fi 1219 cd /var/opt 1220 rm -f -r redis* 1221 wget -q -U iCab http://files.aegir.cc/dev/redis-$_REDIS_VERSION.tar.gz 1222 tar -xzf redis-$_REDIS_VERSION.tar.gz 1223 cd redis-$_REDIS_VERSION 1224 st_runner "make --quiet" 2> /dev/null 1225 st_runner "make --quiet install" 2> /dev/null 1226 if [ -e "/var/lib/redis" ] ; then 1227 st_runner "service redis-server stop" &> /dev/null 1228 mrun "sleep 1" 1229 killall -9 redis-server &> /dev/null 1230 fi 1231 cd /usr/local/bin 1232 if [ ! -L "/usr/local/bin/redis-server" ] ; then 1233 cp -p redis-server /usr/bin/ 1234 fi 1235 cp -p redis-benchmark /usr/bin/ 1236 cp -p redis-cli /usr/bin/ 1237 cp -p redis-check-dump /usr/bin/ 1238 cp -p redis-check-aof /usr/bin/ 1220 1239 cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/redis-server /etc/init.d/redis-server 1221 1240 chmod 755 /etc/init.d/redis-server &> /dev/null 1222 1241 st_runner "update-rc.d redis-server defaults" &> /dev/null … … set_xterm () { 1257 1276 _XTERM_TEST=$(grep $_INSTALLER_VERSION /root/.bashrc) 1258 1277 if [[ "$_XTERM_TEST" =~ "$_INSTALLER_VERSION" ]] ; then 1259 1278 sed -i "s/^export TERM=.*/export TERM=xterm-color/g" /root/.bashrc &> /dev/null 1260 else1261 cp -af /root/.bashrc /root/.bashrc.bak.$_NOW1262 cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/boa.bashrc.txt /root/.bashrc1263 1279 fi 1264 1280 } 1265 1281 # … … enable_purge_cruft_machine () { 1316 1332 true 1317 1333 else 1318 1334 if [[ "$_THISHOST" =~ ".host8." ]] ; then 1319 echo "22 2 * * 7 root bash /var/xdrago/purge_cruft.sh " >> /etc/crontab1335 echo "22 2 * * 7 root bash /var/xdrago/purge_cruft.sh >/dev/null 2>&1" >> /etc/crontab 1320 1336 sed -i "/^$/d" /etc/crontab &> /dev/null 1321 1337 fi 1322 1338 fi … … fix_php_ext () { 1331 1347 if [ -e "/var/backups/php53-20090626/newrelic.so" ] ; then 1332 1348 mv -f /var/backups/php53-20090626/newrelic.so /usr/lib/php5/20090626/ &> /dev/null 1333 1349 fi 1350 if [ -e "/var/backups/php53-20090626/mongo.so" ] ; then 1351 mv -f /var/backups/php53-20090626/mongo.so /usr/lib/php5/20090626/ &> /dev/null 1352 fi 1353 if [ -e "/var/backups/php53-20090626/geos.so" ] ; then 1354 mv -f /var/backups/php53-20090626/geos.so /usr/lib/php5/20090626/ &> /dev/null 1355 fi 1334 1356 elif [ -e "/usr/lib/php5/20090626+lfs" ] && [ -L "/opt/local/lib/php/extensions/no-debug-non-zts-20090626" ] ; then 1335 1357 mkdir -p /var/backups/php53-20090626+lfs 1336 1358 mv -f /usr/lib/php5/20090626+lfs/* /var/backups/php53-20090626+lfs/ &> /dev/null 1337 1359 if [ -e "/var/backups/php53-20090626+lfs/newrelic.so" ] ; then 1338 1360 mv -f /var/backups/php53-20090626+lfs/newrelic.so /usr/lib/php5/20090626+lfs/ &> /dev/null 1339 1361 fi 1362 if [ -e "/var/backups/php53-20090626+lfs/mongo.so" ] ; then 1363 mv -f /var/backups/php53-20090626+lfs/mongo.so /usr/lib/php5/20090626+lfs/ &> /dev/null 1364 fi 1365 if [ -e "/var/backups/php53-20090626+lfs/geos.so" ] ; then 1366 mv -f /var/backups/php53-20090626+lfs/geos.so /usr/lib/php5/20090626+lfs/ &> /dev/null 1367 fi 1340 1368 fi 1341 1369 if [ -e "/etc/php5/conf.d" ] ; then 1342 1370 mkdir -p /var/backups/php53-conf-d … … update_sql_conf () { 1593 1621 if [[ "$_THIS_DB_SERVER_TEST" =~ "MariaDB" ]] ; then 1594 1622 sed -i "s/.*innodb_lazy_drop_table /#innodb_lazy_drop_table /g" /etc/mysql/my.cnf &> /dev/null 1595 1623 fi 1624 if [[ "$_THISHOST" =~ ".host8." ]] ; then 1625 if [[ "$_THISHOST" =~ "ocean.ams.host8.biz" ]] || [[ "$_THISHOST" =~ "ocean.nyc.host8.biz" ]] ; then 1626 true 1627 else 1628 sed -i "s/^connect_timeout.*/connect_timeout = 30/g" /etc/mysql/my.cnf &> /dev/null 1629 sed -i "s/^join_buffer_size.*/join_buffer_size = 2M/g" /etc/mysql/my.cnf &> /dev/null 1630 sed -i "s/^max_connections.*/max_connections = 80/g" /etc/mysql/my.cnf &> /dev/null 1631 sed -i "s/^max_user_connections.*/max_user_connections = 80/g" /etc/mysql/my.cnf &> /dev/null 1632 sed -i "s/^query_cache_size.*/query_cache_size = 256M/g" /etc/mysql/my.cnf &> /dev/null 1633 sed -i "s/^read_rnd_buffer_size.*/read_rnd_buffer_size = 8M/g" /etc/mysql/my.cnf &> /dev/null 1634 sed -i "s/^tmp_table_size.*/tmp_table_size = 128M/g" /etc/mysql/my.cnf &> /dev/null 1635 sed -i "s/^max_heap_table_size.*/max_heap_table_size = 256M/g" /etc/mysql/my.cnf &> /dev/null 1636 sed -i "s/^myisam_sort_buffer_size.*/myisam_sort_buffer_size = 2048K/g" /etc/mysql/my.cnf &> /dev/null 1637 fi 1638 fi 1639 if [ "$_CUSTOM_CONFIG_SQL" = "NO" ] ; then 1640 if [ "$_DB_BINARY_LOG" = "NO" ] ; then 1641 bash /var/xdrago/purge_binlogs.sh &> /dev/null 1642 sed -i "s/.*purge_binlogs.*//g" /var/spool/cron/crontabs/root &> /dev/null 1643 sed -i "/^$/d" /var/spool/cron/crontabs/root &> /dev/null 1644 sed -i "s/^log_bin/#log_bin/g" /etc/mysql/my.cnf &> /dev/null 1645 sed -i "s/^expire_logs_days/#expire_logs_days/g" /etc/mysql/my.cnf &> /dev/null 1646 sed -i "s/^max_binlog_size/#max_binlog_size/g" /etc/mysql/my.cnf &> /dev/null 1647 elif [ "$_DB_BINARY_LOG" = "YES" ] ; then 1648 sed -i "s/.*log_bin/log_bin/g" /etc/mysql/my.cnf &> /dev/null 1649 sed -i "s/.*expire_logs_days/expire_logs_days/g" /etc/mysql/my.cnf &> /dev/null 1650 sed -i "s/.*max_binlog_size/max_binlog_size/g" /etc/mysql/my.cnf &> /dev/null 1651 fi 1652 if [ "$_DB_ENGINE" = "MyISAM" ] || [ "$_DB_ENGINE" = "InnoDB" ] ; then 1653 sed -i "s/^default_storage_engine.*/default_storage_engine = $_DB_ENGINE/g" /etc/mysql/my.cnf &> /dev/null 1654 fi 1655 fi 1596 1656 } 1597 1657 # 1598 1658 # Update Nginx Config. … … update_nginx_conf () { 1607 1667 fi 1608 1668 fi 1609 1669 if [ -e "/var/aegir/config/server_master/nginx/pre.d" ] ; then 1610 if [ ! -e "/var/log/nginx-speed-purge-$_INSTALLER_VERSION" ] && [ "$_PURGE_MODE" = "ON" ] ; then 1611 cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/nginx_speed_purge.conf /var/aegir/config/server_master/nginx/pre.d/nginx_speed_purge.conf 1612 touch /var/log/nginx-speed-purge-$_INSTALLER_VERSION 1670 if [ "$_PURGE_MODE" = "ON" ] ; then 1671 if [ ! -e "/var/log/nginx-speed-purge-$_INSTALLER_VERSION" ] || [ ! -e "/var/aegir/config/server_master/nginx/pre.d/nginx_speed_purge.conf" ] ; then 1672 cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/nginx_speed_purge.conf /var/aegir/config/server_master/nginx/pre.d/nginx_speed_purge.conf 1673 touch /var/log/nginx-speed-purge-$_INSTALLER_VERSION 1674 fi 1613 1675 fi 1614 1676 fi 1615 1677 } … … fix_on_upgrade () { 1634 1696 cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/clean-boa-env /etc/init.d/clean-boa-env 1635 1697 chmod 755 /etc/init.d/clean-boa-env &> /dev/null 1636 1698 st_runner "update-rc.d clean-boa-env defaults" &> /dev/null 1637 set_xterm1638 1699 kill_nash 1639 1700 fix_ftps_modern 1640 1701 fix_ftps_pam … … sub_force_advanced_nginx_config () { 1853 1914 else 1854 1915 sed -i "s/127.0.0.1:9000/127.0.0.1:9090/g" $_THIS_NGX_PATH/nginx_advanced_include.conf &> /dev/null 1855 1916 fi 1917 else 1918 if [ "$_USE_STOCK" = "NO" ] ; then 1919 sed -i "s/127.0.0.1:9090/127.0.0.1:9000/g" $_THIS_NGX_PATH/nginx_octopus_include.conf &> /dev/null 1920 else 1921 sed -i "s/127.0.0.1:9090/127.0.0.1:9000/g" $_THIS_NGX_PATH/nginx_advanced_include.conf &> /dev/null 1922 fi 1856 1923 fi 1857 1924 fi 1858 1925 } … … force_advanced_nginx_config () { 1891 1958 # Tune Web Sever configuration. 1892 1959 tune_web_server_config () { 1893 1960 _LIM_FPM="$_L_PHP_FPM_WORKERS" 1894 if [ "$_LIM_FPM" -lt "6" ] ; then 1895 _LIM_FPM=6 1961 if [ "$_LIM_FPM" -lt "3" ] ; then 1962 _LIM_FPM=3 1963 fi 1964 let "_PROCESS_MAX_FPM = (($_LIM_FPM * 2))" 1965 let "_CHILD_MAX_FPM = (($_PROCESS_MAX_FPM - 2))" 1966 let "_START_FPM = (($_CHILD_MAX_FPM - 4))" 1967 if [ "$_START_FPM" -lt "2" ] ; then 1968 _START_FPM=2 1969 fi 1970 let "_START_LEGACY_FPM = (($_LIM_FPM / 3))" 1971 if [ "$_START_LEGACY_FPM" -lt "2" ] ; then 1972 _START_LEGACY_FPM=2 1896 1973 fi 1897 let "_START_FPM = (($_LIM_FPM / 2))"1898 1974 if [ ! -z "$_START_FPM" ] ; then 1899 let "_PROCESS_MAX_FPM = (($_LIM_FPM * 2))" 1900 sed -i "s/max_children\">.*</max_children\">$_START_FPM</g" /opt/etc/php-fpm.conf &> /dev/null 1901 sed -i "s/pm.max_children =.*/pm.max_children = $_LIM_FPM/g" /opt/local/etc/php53-fpm.conf &> /dev/null 1975 sed -i "s/max_children\">.*</max_children\">$_START_LEGACY_FPM</g" /opt/etc/php-fpm.conf &> /dev/null 1976 sed -i "s/pm.max_children =.*/pm.max_children = $_CHILD_MAX_FPM/g" /opt/local/etc/php53-fpm.conf &> /dev/null 1902 1977 sed -i "s/pm.start_servers =.*/pm.start_servers = $_START_FPM/g" /opt/local/etc/php53-fpm.conf &> /dev/null 1903 1978 sed -i "s/pm.max_spare_servers =.*/pm.max_spare_servers = $_START_FPM/g" /opt/local/etc/php53-fpm.conf &> /dev/null 1904 1979 sed -i "s/process.max =.*/process.max = $_PROCESS_MAX_FPM/g" /opt/local/etc/php53-fpm.conf &> /dev/null … … tune_memory_limits () { 2013 2088 _USE_PHP=512 2014 2089 _USE_APC=256 2015 2090 if [ "$_PHP_FPM_WORKERS" = "AUTO" ] ; then 2016 _L_PHP_FPM_WORKERS= 62091 _L_PHP_FPM_WORKERS=3 2017 2092 else 2018 2093 _L_PHP_FPM_WORKERS=$_PHP_FPM_WORKERS 2019 2094 fi … … tune_memory_limits () { 2041 2116 _USE_PHP="$_USE" 2042 2117 _USE_APC="$_USE" 2043 2118 if [ "$_PHP_FPM_WORKERS" = "AUTO" ] ; then 2044 _L_PHP_FPM_WORKERS= 62119 _L_PHP_FPM_WORKERS=3 2045 2120 else 2046 2121 _L_PHP_FPM_WORKERS=$_PHP_FPM_WORKERS 2047 2122 fi … … tune_memory_limits () { 2081 2156 if [ -e "/etc/default/jetty7" ] && [ -e "/opt/solr1" ] ; then 2082 2157 sed -i "s/^JAVA_OPTIONS.*/JAVA_OPTIONS=\"-Xms8m $_USE_JETTY -Djava.awt.headless=true -Dsolr.solr.home=\/opt\/solr1 \$JAVA_OPTIONS\" # Options/g" /etc/default/jetty7 &> /dev/null 2083 2158 fi 2084 if [[ "$_THISHOST" =~ ".host8." ]] ; then2085 if [[ "$_THISHOST" =~ "ocean.ams.host8.biz" ]] || [[ "$_THISHOST" =~ "ocean.nyc.host8.biz" ]] ; then2086 true2087 else2088 sed -i "s/^connect_timeout.*/connect_timeout = 30/g" /etc/mysql/my.cnf &> /dev/null2089 sed -i "s/^join_buffer_size.*/join_buffer_size = 2M/g" /etc/mysql/my.cnf &> /dev/null2090 sed -i "s/^max_connections.*/max_connections = 80/g" /etc/mysql/my.cnf &> /dev/null2091 sed -i "s/^max_user_connections.*/max_user_connections = 80/g" /etc/mysql/my.cnf &> /dev/null2092 sed -i "s/^query_cache_size.*/query_cache_size = 256M/g" /etc/mysql/my.cnf &> /dev/null2093 sed -i "s/^read_rnd_buffer_size.*/read_rnd_buffer_size = 8M/g" /etc/mysql/my.cnf &> /dev/null2094 sed -i "s/^tmp_table_size.*/tmp_table_size = 128M/g" /etc/mysql/my.cnf &> /dev/null2095 sed -i "s/^max_heap_table_size.*/max_heap_table_size = 256M/g" /etc/mysql/my.cnf &> /dev/null2096 sed -i "s/^myisam_sort_buffer_size.*/myisam_sort_buffer_size = 2048K/g" /etc/mysql/my.cnf &> /dev/null2097 fi2098 fi2099 if [ "$_CUSTOM_CONFIG_SQL" = "NO" ] ; then2100 if [ "$_DB_BINARY_LOG" = "NO" ] ; then2101 sed -i "s/.*purge_binlogs.*//g" /var/spool/cron/crontabs/root &> /dev/null2102 sed -i "/^$/d" /var/spool/cron/crontabs/root &> /dev/null2103 sed -i "s/^log_bin/#log_bin/g" /etc/mysql/my.cnf &> /dev/null2104 sed -i "s/^expire_logs_days/#expire_logs_days/g" /etc/mysql/my.cnf &> /dev/null2105 sed -i "s/^max_binlog_size/#max_binlog_size/g" /etc/mysql/my.cnf &> /dev/null2106 elif [ "$_DB_BINARY_LOG" = "YES" ] ; then2107 sed -i "s/.*log_bin/log_bin/g" /etc/mysql/my.cnf &> /dev/null2108 sed -i "s/.*expire_logs_days/expire_logs_days/g" /etc/mysql/my.cnf &> /dev/null2109 sed -i "s/.*max_binlog_size/max_binlog_size/g" /etc/mysql/my.cnf &> /dev/null2110 fi2111 if [ "$_DB_ENGINE" = "MyISAM" ] || [ "$_DB_ENGINE" = "InnoDB" ] ; then2112 sed -i "s/^default_storage_engine.*/default_storage_engine = $_DB_ENGINE/g" /etc/mysql/my.cnf &> /dev/null2113 fi2114 fi2115 2159 tune_web_server_config 2116 2160 } 2117 2161 # 2118 2162 # Fix locales. 2119 2163 fix_locales () { 2164 _LOCALE_TEST=BROKEN 2120 2165 _LOC_TEST=`locale 2>&1` 2166 if [[ "$_LOC_TEST" =~ LANGUAGE=.*UTF-8 ]] && [[ "$_LOC_TEST" =~ LANG=.*UTF-8 ]] ; then 2167 _LOCALE_TEST=OK 2168 fi 2121 2169 if [[ "$_LOC_TEST" =~ "Cannot" ]] ; then 2122 2170 _LOCALE_TEST=BROKEN 2171 fi 2172 if [ "$_LOCALE_TEST" = "BROKEN" ] ; then 2123 2173 msg "WARNING!" 2124 2174 cat <<EOF 2125 2175 2126 2176 Locales on this system are broken or not installed 2127 and/or not configured correctly yet. This is "default" 2128 issue at RackSpaceCloud (and maybe others). 2177 and/or not configured correctly yet. This is a known 2178 issue on some systems/hosts which either don't configure 2179 locales at all or don't use UTF-8 compatible locales 2180 during initial OS setup. 2129 2181 2130 2182 We will fix this problem for you now, so you shouldn't 2131 2183 use any tricks to change system/ssh settings before 2132 running this Barracudainstaller.2184 running this installer. 2133 2185 2134 2186 You can experience problems if your SSH client 2135 2187 forces locales other than en_US.UTF-8 we are using by default. 2136 2188 2137 You should log out when Barracudawill finish all its tasks2189 You should log out when this installer will finish all its tasks 2138 2190 and display last line with "BYE!" and then log in again 2139 to see the result (and possibly run Octopus installer).2191 to see the result. 2140 2192 2141 We will continue in 10seconds...2193 We will continue in 5 seconds... 2142 2194 2143 2195 EOF 2144 sleep 102196 sleep 5 2145 2197 locale-gen en_US en_US.UTF-8 &> /dev/null 2146 2198 update-locale &> /dev/null 2147 2199 localedef -v -c -i en_US -f UTF-8 en_US.UTF-8 &> /dev/null 2148 2200 echo "LANG=en_US.UTF-8" > /etc/default/locale 2149 export LANG=en_US.UTF-8 2150 export LC_ALL=en_US.UTF-8 2151 export LANGUAGE=en_US.UTF-8 2201 if [ -e "/opt/tmp/$_BOA_REPO_NAME/aegir/conf/boa.bashrc.txt" ] ; then 2202 cp -af /root/.bashrc /root/.bashrc.bak.$_NOW 2203 cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/boa.bashrc.txt /root/.bashrc 2204 set_xterm 2205 fi 2152 2206 echo "export LANG=en_US.UTF-8" >> /root/.bashrc 2153 echo "export LC_ALL=en_US.UTF-8" >> /root/.bashrc2154 2207 echo "export LANGUAGE=en_US.UTF-8" >> /root/.bashrc 2208 echo "export LC_ALL=\"\"" >> /root/.bashrc 2209 export LANG=en_US.UTF-8 2210 export LANGUAGE=en_US.UTF-8 2211 export LC_ALL="" 2155 2212 else 2156 _LOCALE_TEST=OK 2213 if [ -e "/opt/tmp/$_BOA_REPO_NAME/aegir/conf/boa.bashrc.txt" ] ; then 2214 cp -af /root/.bashrc /root/.bashrc.bak.$_NOW 2215 cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/boa.bashrc.txt /root/.bashrc 2216 set_xterm 2217 fi 2157 2218 locale-gen en_US en_US.UTF-8 &> /dev/null 2219 update-locale &> /dev/null 2158 2220 localedef -v -c -i en_US -f UTF-8 en_US.UTF-8 &> /dev/null 2159 2221 fi 2160 2222 } … … barracuda_cnf () { 2272 2334 sed -i "s/^_DEBUG_MODE=.*/_DEBUG_MODE=YES/g" /root/.barracuda.cnf &> /dev/null 2273 2335 sed -i "s/^_FORCE_GIT_MIRROR=.*/_FORCE_GIT_MIRROR=\"\"/g" /root/.barracuda.cnf &> /dev/null 2274 2336 sed -i "s/^_LOCAL_DEBIAN_MIRROR=.*/_LOCAL_DEBIAN_MIRROR=\"ftp.debian.org\"/g" /root/.barracuda.cnf &> /dev/null 2337 sed -i "s/^_MY_EMAIL=.*/_MY_EMAIL=\"notify\@omega8.cc\"/g" /root/.barracuda.cnf &> /dev/null 2275 2338 sed -i "s/^_STRONG_PASSWORDS=.*/_STRONG_PASSWORDS=YES/g" /root/.barracuda.cnf &> /dev/null 2276 2339 sed -i "s/^_USE_STOCK=.*/_USE_STOCK=NO/g" /root/.barracuda.cnf &> /dev/null 2277 2340 sed -i "s/^_FORCE_GIT_MIRROR=.*/_FORCE_GIT_MIRROR=\"\"/g" /root/.*.octopus.cnf &> /dev/null … … barracuda_cnf () { 2529 2592 sed -i "s/^_DEBUG_MODE=.*/_DEBUG_MODE=YES/g" /root/.barracuda.cnf &> /dev/null 2530 2593 sed -i "s/^_FORCE_GIT_MIRROR=.*/_FORCE_GIT_MIRROR=\"\"/g" /root/.barracuda.cnf &> /dev/null 2531 2594 sed -i "s/^_LOCAL_DEBIAN_MIRROR=.*/_LOCAL_DEBIAN_MIRROR=\"ftp.debian.org\"/g" /root/.barracuda.cnf &> /dev/null 2595 sed -i "s/^_MY_EMAIL=.*/_MY_EMAIL=\"notify\@omega8.cc\"/g" /root/.barracuda.cnf &> /dev/null 2532 2596 sed -i "s/^_STRONG_PASSWORDS=.*/_STRONG_PASSWORDS=YES/g" /root/.barracuda.cnf &> /dev/null 2533 2597 sed -i "s/^_USE_STOCK=.*/_USE_STOCK=NO/g" /root/.barracuda.cnf &> /dev/null 2534 2598 sed -i "s/^_FORCE_GIT_MIRROR=.*/_FORCE_GIT_MIRROR=\"\"/g" /root/.*.octopus.cnf &> /dev/null 2535 2599 sed -i "s/^_STRONG_PASSWORDS=.*/_STRONG_PASSWORDS=YES/g" /root/.*.octopus.cnf &> /dev/null 2536 2600 sed -i "s/^_USE_STOCK=.*/_USE_STOCK=NO/g" /root/.*.octopus.cnf &> /dev/null 2601 ### 2602 sed -i "s/^_PHP_CLI_VERSION=.*/_PHP_CLI_VERSION=5.3/g" /root/.barracuda.cnf &> /dev/null 2603 sed -i "s/^_PHP_FPM_VERSION=.*/_PHP_FPM_VERSION=5.3/g" /root/.barracuda.cnf &> /dev/null 2604 sed -i "s/^_PHP_MODERN_ONLY=.*/_PHP_MODERN_ONLY=YES/g" /root/.barracuda.cnf &> /dev/null 2605 sed -i "s/^_PHP_CLI_VERSION=.*/_PHP_CLI_VERSION=5.3/g" /root/.*.octopus.cnf &> /dev/null 2606 sed -i "s/^_PHP_FPM_VERSION=.*/_PHP_FPM_VERSION=5.3/g" /root/.*.octopus.cnf &> /dev/null 2607 sed -i "s/^_PHP_MODERN_ONLY=.*/_PHP_MODERN_ONLY=YES/g" /root/.*.octopus.cnf &> /dev/null 2608 ### 2537 2609 fi 2538 2610 fi 2539 sed -i "s/^_PHP_CLI_VERSION=.*/_PHP_CLI_VERSION=5.3/g" /root/.barracuda.cnf &> /dev/null2540 sed -i "s/^_PHP_FPM_VERSION=.*/_PHP_FPM_VERSION=5.3/g" /root/.barracuda.cnf &> /dev/null2541 sed -i "s/^_PHP_MODERN_ONLY=.*/_PHP_MODERN_ONLY=YES/g" /root/.barracuda.cnf &> /dev/null2542 sed -i "s/^_PHP_CLI_VERSION=.*/_PHP_CLI_VERSION=5.3/g" /root/.*.octopus.cnf &> /dev/null2543 sed -i "s/^_PHP_FPM_VERSION=.*/_PHP_FPM_VERSION=5.3/g" /root/.*.octopus.cnf &> /dev/null2544 sed -i "s/^_PHP_MODERN_ONLY=.*/_PHP_MODERN_ONLY=YES/g" /root/.*.octopus.cnf &> /dev/null2545 2611 echo " " 2546 2612 while read line ; do 2547 2613 echo "$line" … … run_apt_update_again () { 2620 2686 echo "fixed-mytop-mariadb" > /var/log/fixed-mytop-mariadb.log 2621 2687 fi 2622 2688 st_runner "aptitude -f -y -q -o Dpkg::Options::=--force-confdef -o Dpkg::Options::=--force-confold full-upgrade" 2> /dev/null 2689 if [[ "$_THIS_DB_SERVER_TEST" =~ "MariaDB" ]] && [ -e "/var/log/fixed-mytop-mariadb.log" ] ; then 2690 st_runner "$_INSTAPP mytop" 2> /dev/null 2691 fi 2623 2692 } 2624 2693 # 2625 2694 # Install IonCube. … … install_libmemcached () { 2669 2738 fi 2670 2739 } 2671 2740 # 2672 # Install extensions for PHP universal.2673 install_php_ extensions () {2741 # Install extensions for PHP built from sources. 2742 install_php_scr_build_extensions () { 2674 2743 ###--------------------### 2675 2744 msg "INFO: Installing APC for PHP-FPM $_LOC_PHP_VERSION, please wait..." 2676 2745 mrun "sleep 1" … … install_php_extensions () { 2701 2770 if [ "$_USE_MEMCACHED" = "YES" ] ; then 2702 2771 msg "INFO: Installing memcached for PHP-FPM $_LOC_PHP_VERSION, please wait..." 2703 2772 mrun "sleep 1" 2704 if [ "$_REL_VERSION" = "oneiric" ] || [ "$_REL_VERSION" = "precise" ] ; then2773 if [ "$_REL_VERSION" = "oneiric" ] || [ "$_REL_VERSION" = "precise" ] || [ "$_REL_VERSION" = "wheezy" ] ; then 2705 2774 st_runner "$_INSTAPP libcloog-ppl0" 2> /dev/null 2706 2775 fi 2707 2776 if [ "$_FROM_SOURCES" = "NO" ] ; then … … install_php_extensions () { 2724 2793 fi 2725 2794 } 2726 2795 # 2727 # Install more extensions for PHP universal.2728 install_php_ extensions_more() {2796 # Install extensions for PHP installed from packages or built from sources. 2797 install_php_universal_extensions () { 2729 2798 ###--------------------### 2730 2799 msg "INFO: Installing PhpRedis for PHP-FPM $_LOC_PHP_VERSION, please wait..." 2731 2800 mrun "sleep 1" … … install_php_extensions_more () { 2750 2819 st_runner "sh ./configure --with-php-config=$_LOC_PHP_PATH/php-config" 2> /dev/null 2751 2820 st_runner "make --quiet" 2> /dev/null 2752 2821 st_runner "make --quiet install" 2> /dev/null 2822 echo "uploadprogress $_LOC_PHP_VERSION $_NOW" > /var/log/uploadprogress-$_LOC_PHP_VERSION.log 2753 2823 ###--------------------### 2754 2824 msg "INFO: Installing JSMin for PHP-FPM $_LOC_PHP_VERSION, please wait..." 2755 2825 mrun "sleep 1" … … install_php_extensions_more () { 2765 2835 echo "php-jsmin $_LOC_PHP_VERSION $_NOW" > /var/log/php-jsmin-$_LOC_PHP_VERSION.log 2766 2836 ###--------------------### 2767 2837 if [ "$_PHP_GEOS" = "YES" ] || [[ "$_XTRAS_LIST" =~ "GEO" ]] ; then 2768 if [ "$_LOC_PHP_VERSION" = "$_PHP_VERSION_NEW" ] && [ ! -e "/var/log/php-geos-$_LOC_PHP_VERSION.log" ]; then2838 if [ "$_LOC_PHP_VERSION" = "$_PHP_VERSION_NEW" ] ; then 2769 2839 msg "INFO: Installing GEOS PHP extension for PHP-FPM $_LOC_PHP_VERSION, please wait..." 2770 2840 mrun "sleep 1" 2771 2841 if [ ! -e "/var/log/geos-$_INSTALLER_VERSION.log" ] ; then … … install_php_extensions_more () { 2788 2858 fi 2789 2859 ###--------------------### 2790 2860 if [ "$_PHP_MONGODB" = "YES" ] || [[ "$_XTRAS_LIST" =~ "MNG" ]] ; then 2791 if [ "$_LOC_PHP_VERSION" = "$_PHP_VERSION_NEW" ] && [ ! -e "/var/log/php-mongo-$_LOC_PHP_VERSION.log" ]; then2861 if [ "$_LOC_PHP_VERSION" = "$_PHP_VERSION_NEW" ] ; then 2792 2862 msg "INFO: Installing MongoDB PHP driver for PHP-FPM $_LOC_PHP_VERSION, please wait..." 2793 2863 mrun "sleep 1" 2794 2864 cd /var/opt … … install_php_extensions_more () { 2805 2875 fi 2806 2876 } 2807 2877 # 2808 # Update PHP universal.2809 update_php_ universal() {2878 # Update extensions for PHP built from sources. 2879 update_php_scr_build_extensions () { 2810 2880 ###--------------------### 2811 2881 if [ ! -e "/var/log/apc-$_APC_VERSION-$_LOC_PHP_VERSION.log" ] ; then 2812 2882 msg "INFO: Installing APC upgrade for PHP-FPM $_LOC_PHP_VERSION, please wait..." … … update_php_universal () { 2857 2927 fi 2858 2928 fi 2859 2929 fi 2860 ###--------------------###2861 if [ ! -e "/var/log/php-jsmin-$_LOC_PHP_VERSION.log" ] ; then2862 msg "INFO: Installing JSMin upgrade for PHP-FPM $_LOC_PHP_VERSION, please wait..."2863 mrun "sleep 1"2864 cd /var/opt2865 rm -f -r php-jsmin*2866 wget -q -U iCab http://files.aegir.cc/dev/php-jsmin-1.0.tgz2867 tar -xzf php-jsmin-1.0.tgz2868 cd /var/opt/php-jsmin-1.02869 st_runner "$_LOC_PHP_PATH/phpize" 2> /dev/null2870 st_runner "sh ./configure --with-php-config=$_LOC_PHP_PATH/php-config" 2> /dev/null2871 st_runner "make --quiet" 2> /dev/null2872 st_runner "make --quiet install" 2> /dev/null2873 echo "php-jsmin $_LOC_PHP_VERSION $_NOW" > /var/log/php-jsmin-$_LOC_PHP_VERSION.log2874 fi2875 2930 } 2876 2931 # 2877 # Update PHP universal more.2878 update_php_universal_ more() {2932 # Update extensions for PHP installed from packages or built from sources. 2933 update_php_universal_extensions () { 2879 2934 ###--------------------### 2880 2935 if [ ! -e "/var/log/phpredis-$_LOC_PHP_VERSION.log" ] ; then 2881 2936 msg "INFO: Installing PhpRedis upgrade for PHP-FPM $_LOC_PHP_VERSION, please wait..." … … update_php_universal_more () { 2891 2946 echo "phpredis $_LOC_PHP_VERSION $_NOW" > /var/log/phpredis-$_LOC_PHP_VERSION.log 2892 2947 fi 2893 2948 ###--------------------### 2949 if [ ! -e "/var/log/uploadprogress-$_LOC_PHP_VERSION.log" ] ; then 2950 msg "INFO: Installing UploadProgress upgrade for PHP-FPM $_LOC_PHP_VERSION, please wait..." 2951 mrun "sleep 1" 2952 cd /var/opt 2953 rm -f -r uploadprogress* 2954 wget -q -U iCab http://files.aegir.cc/dev/uploadprogress-1.0.1.tgz 2955 tar -xzf uploadprogress-1.0.1.tgz 2956 cd /var/opt/uploadprogress-1.0.1 2957 st_runner "$_LOC_PHP_PATH/phpize" 2> /dev/null 2958 st_runner "sh ./configure --with-php-config=$_LOC_PHP_PATH/php-config" 2> /dev/null 2959 st_runner "make --quiet" 2> /dev/null 2960 st_runner "make --quiet install" 2> /dev/null 2961 echo "uploadprogress $_LOC_PHP_VERSION $_NOW" > /var/log/uploadprogress-$_LOC_PHP_VERSION.log 2962 fi 2963 ###--------------------### 2894 2964 if [ ! -e "/var/log/php-jsmin-$_LOC_PHP_VERSION.log" ] ; then 2895 2965 msg "INFO: Installing JSMin upgrade for PHP-FPM $_LOC_PHP_VERSION, please wait..." 2896 2966 mrun "sleep 1" … … update_php_universal_more () { 2947 3017 fi 2948 3018 } 2949 3019 # 2950 # Install PHP 5.3.233020 # Install modern PHP version 2951 3021 install_php_modern () { 2952 3022 ###--------------------### 2953 3023 if [ "$_FROM_SOURCES" = "NO" ] ; then … … install_php_modern () { 2981 3051 patch -p1 < $_FPM_PATCH &> /dev/null 2982 3052 fi 2983 3053 st_runner "sh ./buildconf --force" 2> /dev/null 2984 if [ "$_REL_VERSION" = "oneiric" ] || [ "$_REL_VERSION" = "precise" ] ; then3054 if [ "$_REL_VERSION" = "oneiric" ] || [ "$_REL_VERSION" = "precise" ] || [ "$_REL_VERSION" = "wheezy" ] ; then 2985 3055 cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/patches/disable_SSLv2_for_openssl_1_0_0.patch ./ 2986 3056 patch -p1 < disable_SSLv2_for_openssl_1_0_0.patch &> /dev/null 2987 3057 fi … … install_php_modern () { 3026 3096 elif [ -x "/opt/local/bin/phpize" ] ; then 3027 3097 _LOC_PHP_PATH=/opt/local/bin 3028 3098 fi 3029 install_php_ extensions3099 install_php_scr_build_extensions 3030 3100 fi 3031 install_php_ extensions_more3101 install_php_universal_extensions 3032 3102 _THIS_DB_SERVER_TEST=`mysql -V 2>&1` 3033 3103 if [[ "$_THIS_DB_SERVER_TEST" =~ "MariaDB" ]] ; then 3034 3104 echo "$_MARIADB_VERSION-MariaDB" > /var/log/installed-$_MARIADB_VERSION-MariaDB.log … … install_php_modern () { 3045 3115 st_runner "update-rc.d php53-fpm defaults" &> /dev/null 3046 3116 } 3047 3117 # 3048 # Install PHP 5.2.173118 # Install legacy PHP version 3049 3119 install_php_legacy () { 3050 3120 ###--------------------### 3051 3121 msg "INFO: Installing PHP-FPM $_PHP_VERSION" … … install_php_legacy () { 3063 3133 mrun "sleep 1" 3064 3134 cd /var/opt/php-$_PHP_VERSION 3065 3135 st_runner "sh ./buildconf --force" 2> /dev/null 3066 if [ "$_REL_VERSION" = "oneiric" ] || [ "$_REL_VERSION" = "precise" ] ; then3136 if [ "$_REL_VERSION" = "oneiric" ] || [ "$_REL_VERSION" = "precise" ] || [ "$_REL_VERSION" = "wheezy" ] ; then 3067 3137 cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/patches/disable_SSLv2_for_openssl_1_0_0.patch ./ 3068 3138 patch -p1 < disable_SSLv2_for_openssl_1_0_0.patch &> /dev/null 3069 3139 fi … … install_php_legacy () { 3076 3146 st_runner "make --quiet install" 2> /dev/null 3077 3147 _LOC_PHP_VERSION="$_PHP_VERSION" 3078 3148 _LOC_PHP_PATH=/usr/local/bin 3079 install_php_ extensions3080 install_php_ extensions_more3149 install_php_scr_build_extensions 3150 install_php_universal_extensions 3081 3151 echo "libcurl4-openssl-dev" > /var/log/libcurl4-openssl-dev.log 3082 3152 _THIS_DB_SERVER_TEST=`mysql -V 2>&1` 3083 3153 if [[ "$_THIS_DB_SERVER_TEST" =~ "MariaDB" ]] ; then … … install_php_legacy () { 3092 3162 chmod 755 /usr/local/sbin/php-fpm &> /dev/null 3093 3163 } 3094 3164 # 3095 # Update PHP 5.3.233165 # Update modern PHP version 3096 3166 update_php_modern () { 3097 3167 _LOC_PHP_VERSION="$_PHP_VERSION_NEW" 3098 3168 if [ "$_FROM_SOURCES" = "NO" ] ; then 3099 3169 _LOC_PHP_PATH=/usr/bin 3100 update_php_universal_more3101 3170 else 3102 3171 if [ -x "/usr/bin/phpize" ] ; then 3103 3172 _LOC_PHP_PATH=/usr/bin 3104 3173 elif [ -x "/opt/local/bin/phpize" ] ; then 3105 3174 _LOC_PHP_PATH=/opt/local/bin 3106 3175 fi 3107 update_php_universal 3108 update_php_universal_more 3176 update_php_scr_build_extensions 3109 3177 fi 3178 update_php_universal_extensions 3110 3179 } 3111 3180 # 3112 # Update PHP 5.2.173181 # Update legacy PHP version 3113 3182 update_php_legacy () { 3114 3183 _LOC_PHP_VERSION="$_PHP_VERSION" 3115 3184 _LOC_PHP_PATH=/usr/local/bin 3116 update_php_universal 3185 update_php_scr_build_extensions 3186 update_php_universal_extensions 3117 3187 } 3118 3188 # 3119 3189 # Install latest Git. … … check_apt_updates () { 3145 3215 for Update in `/usr/bin/apt-get -q -y --allow-unauthenticated -s dist-upgrade | grep ^Inst | cut -d\ -f2 | sort` 3146 3216 do 3147 3217 case $Update in 3148 *linux-*) _UP_LNX=YES ;;3149 3218 *libcurl*) _UP_PHP=YES ;; 3150 3219 *libmysql*) _UP_PHP=YES ;; 3151 3220 *libssl*) _UP_PHP=YES ;; 3221 *linux-*) _UP_LNX=YES ;; 3152 3222 *mariadb*) _UP_PHP=YES ;; 3223 *newrelic*) _UP_NRC=YES ;; 3153 3224 *nginx*) _UP_NGX=YES ;; 3154 3225 *openjdk*) _UP_JDK=YES ;; 3155 3226 *openssl*) _UP_PHP=YES ;; … … check_apt_updates () { 3160 3231 done 3161 3232 } 3162 3233 # 3163 # Generate new secure password.3164 main_dbuser_reborn() {3234 # Generate provision backend db_passwd. 3235 provision_backend_dbpass_generate () { 3165 3236 _ESC_APASS="" 3166 3237 _LEN_APASS=0 3167 3238 if [ "$_STRONG_PASSWORDS" = "YES" ] ; then … … main_dbuser_reborn () { 3186 3257 msg "FATAL ERROR:: Aborting Barracuda installer NOW!" 3187 3258 touch /opt/tmp/status-Barracuda-FAIL 3188 3259 exit 1 3189 else3190 _AEGIR_HOST_IP="$_RESOLVEIP"3191 3260 fi 3192 3261 mysql -uroot mysql<<EOFMYSQL 3193 3262 GRANT ALL PRIVILEGES ON *.* TO '$_ADBU'@'$_AEGIR_HOST' IDENTIFIED BY '$_ESC_APASS' WITH GRANT OPTION; 3194 GRANT ALL PRIVILEGES ON *.* TO '$_ADBU'@'$_ AEGIR_HOST_IP' IDENTIFIED BY '$_ESC_APASS' WITH GRANT OPTION;3263 GRANT ALL PRIVILEGES ON *.* TO '$_ADBU'@'$_RESOLVEIP' IDENTIFIED BY '$_ESC_APASS' WITH GRANT OPTION; 3195 3264 GRANT ALL PRIVILEGES ON *.* TO '$_ADBU'@'localhost' IDENTIFIED BY '$_ESC_APASS' WITH GRANT OPTION; 3196 3265 EOFMYSQL 3266 mysqladmin flush-privileges &> /dev/null 3267 } 3268 # 3269 # Sync provision backend db_passwd. 3270 provision_backend_dbpass_sync () { 3271 msg "INFO: Syncing provision backend db_passwd, please wait..." 3272 mrun "sleep 1" 3273 _ADBU=aegir_root 3274 _L_SYS="/var/aegir/backups/system/.$_ADBU.pass.txt" 3275 mv -f $_L_SYS $_L_SYS-pre-$_INSTALLER_VERSION-$_NOW &> /dev/null 3276 provision_backend_dbpass_generate 3277 if [ ! -z "$_ESC_APASS" ] && [ ! -z "$_ENC_APASS" ] ; then 3278 su -s /bin/bash - aegir -c "drush @hostmaster sqlq \"UPDATE hosting_db_server SET db_passwd='$_ESC_APASS' WHERE db_user='$_ADBU'\" &> /dev/null" 3279 mysql -u root -e "UPDATE mysql.user SET Password=PASSWORD('$_ESC_APASS') WHERE User='$_ADBU';" &> /dev/null 3280 sed -i "s/mysql:\/\/$_ADBU:.*/mysql:\/\/$_ADBU:$_ENC_APASS@localhost',/g" /var/aegir/.drush/server_localhost.alias.drushrc.php &> /dev/null 3281 sed -i "s/mysql:\/\/$_ADBU:.*/mysql:\/\/$_ADBU:$_ENC_APASS@localhost',/g" /var/aegir/.drush/server_master.alias.drushrc.php &> /dev/null 3282 fi 3283 mysqladmin flush-privileges &> /dev/null 3284 if [ "$_USE_STOCK" = "YES" ] || [ "$_DRUSH_CC_REQ" = "YES" ] ; then 3285 su -s /bin/bash - aegir -c "drush cache-clear drush &> /dev/null" 3286 fi 3287 if [ -e "/var/aegir/.drush/server_localhost.alias.drushrc.php" ] ; then 3288 su -s /bin/bash aegir -c "drush @hostmaster hosting-task @server_localhost verify --force &> /dev/null" 3289 else 3290 su -s /bin/bash aegir -c "drush @hostmaster hosting-task @server_master verify --force &> /dev/null" 3291 fi 3292 msg "INFO: Running hosting-dispatch (1/3), please wait..." 3293 su -s /bin/bash - aegir -c "drush @hostmaster hosting-dispatch &> /dev/null" 3294 mrun "sleep 5" 3295 msg "INFO: Running hosting-dispatch (2/3), please wait..." 3296 su -s /bin/bash - aegir -c "drush @hostmaster hosting-dispatch &> /dev/null" 3297 mrun "sleep 5" 3298 msg "INFO: Running hosting-dispatch (3/3), please wait..." 3299 su -s /bin/bash - aegir -c "drush @hostmaster hosting-dispatch &> /dev/null" 3300 } 3301 # 3302 # Sync hostmaster frontend db_passwd. 3303 hostmaster_frontend_dbpass_sync () { 3304 msg "INFO: Syncing hostmaster frontend db_passwd, please wait..." 3305 mrun "sleep 1" 3306 _THIS_HM_SPTH=`cat /var/aegir/.drush/hostmaster.alias.drushrc.php | grep "site_path'" | cut -d: -f2 | awk '{ print $3}' | sed "s/[\,']//g"` 3307 _THIS_HM_DBUR=`cat $_THIS_HM_SPTH/drushrc.php | grep "options\['db_user'\] = " | cut -d: -f2 | awk '{ print $3}' | sed "s/[\,';]//g"` 3308 _THIS_HM_DBPD=`cat $_THIS_HM_SPTH/drushrc.php | grep "options\['db_passwd'\] = " | cut -d: -f2 | awk '{ print $3}' | sed "s/[\,';]//g"` 3309 if [ -e "$_THIS_HM_SPTH" ] && [ ! -z "$_THIS_HM_DBUR" ] && [ ! -z "$_THIS_HM_DBPD" ] ; then 3310 mysql -u root -e "UPDATE mysql.user SET Password=PASSWORD('$_THIS_HM_DBPD') WHERE User='$_THIS_HM_DBUR';" &> /dev/null 3311 fi 3312 mysqladmin flush-privileges &> /dev/null 3197 3313 } 3198 3314 # 3199 3315 # Upgrade Aegir Master Instance. … … upgrade_aegir_master () { 3237 3353 sed -i "s/EDIT_STRONG_PASSWORDS/$_STRONG_PASSWORDS/g" /var/aegir/AegirUpgrade.sh.txt &> /dev/null 3238 3354 sed -i "s/EDIT_THIS_DB_HOST/$_THIS_DB_HOST/g" /var/aegir/AegirUpgrade.sh.txt &> /dev/null 3239 3355 sed -i "s/EDIT_USE_STOCK/$_USE_STOCK/g" /var/aegir/AegirUpgrade.sh.txt &> /dev/null 3356 mysqladmin flush-hosts &> /dev/null 3357 provision_backend_dbpass_sync 3358 hostmaster_frontend_dbpass_sync 3240 3359 su -s /bin/bash - aegir -c "bash AegirUpgrade.sh.txt" 3241 3360 if [ -e "/opt/tmp/status-AegirUpgrade-FAIL" ] ; then 3242 3361 msg "FATAL ERROR: AegirUpgrade installer failed" … … upgrade_aegir_master () { 3244 3363 touch /opt/tmp/status-Barracuda-FAIL 3245 3364 exit 1 3246 3365 else 3247 _ADBU=aegir_root 3248 _L_SYS="/var/aegir/backups/system/.$_ADBU.pass.txt" 3249 mv -f $_L_SYS $_L_SYS-pre-$_INSTALLER_VERSION-$_NOW &> /dev/null 3250 main_dbuser_reborn 3251 if [ ! -z "$_ESC_APASS" ] ; then 3252 su -s /bin/bash - aegir -c "drush @hostmaster sqlq \"UPDATE hosting_db_server SET db_passwd='$_ESC_APASS' WHERE db_user='$_ADBU'\" &> /dev/null" 3253 mysql -u root -e "FLUSH PRIVILEGES;" &> /dev/null 3254 mysql -u root -e "UPDATE mysql.user SET Password=PASSWORD('$_ESC_APASS') WHERE User='$_ADBU';" &> /dev/null 3255 mysql -u root -e "FLUSH PRIVILEGES;" &> /dev/null 3256 sed -i "s/mysql:\/\/$_ADBU:.*/mysql:\/\/$_ADBU:$_ENC_APASS@localhost',/g" /var/aegir/.drush/server_localhost.alias.drushrc.php &> /dev/null 3257 sed -i "s/mysql:\/\/$_ADBU:.*/mysql:\/\/$_ADBU:$_ENC_APASS@localhost',/g" /var/aegir/.drush/server_master.alias.drushrc.php &> /dev/null 3258 if [ "$_USE_STOCK" = "YES" ] || [ "$_DRUSH_CC_REQ" = "YES" ] ; then 3259 su -s /bin/bash - aegir -c "drush cache-clear drush &> /dev/null" 3260 fi 3261 if [ -e "/var/aegir/.drush/server_localhost.alias.drushrc.php" ] ; then 3262 su -s /bin/bash aegir -c "drush @hostmaster hosting-task @server_localhost verify --force &> /dev/null" 3263 else 3264 su -s /bin/bash aegir -c "drush @hostmaster hosting-task @server_master verify --force &> /dev/null" 3265 fi 3266 msg "INFO: Running hosting-dispatch (1/3), please wait..." 3267 su -s /bin/bash - aegir -c "drush @hostmaster hosting-dispatch &> /dev/null" 3268 mrun "sleep 5" 3269 msg "INFO: Running hosting-dispatch (2/3), please wait..." 3270 su -s /bin/bash - aegir -c "drush @hostmaster hosting-dispatch &> /dev/null" 3271 mrun "sleep 5" 3272 msg "INFO: Running hosting-dispatch (3/3), please wait..." 3273 su -s /bin/bash - aegir -c "drush @hostmaster hosting-dispatch &> /dev/null" 3274 fi 3366 hostmaster_frontend_dbpass_sync 3367 sed -i "s/hosting-dispatch.*/hosting-dispatch \>\/dev\/null 2\>\&1/g" /var/spool/cron/crontabs/aegir &> /dev/null 3275 3368 fi 3276 mv -f /var/aegir/config/includes/global.inc /var/aegir/config/includes/global.inc-pre-$_INSTALLER_VERSION-$_NOW &> /dev/null 3369 if [ ! -L "/var/aegir/config/includes/global.inc" ] && [ -e "/var/aegir/config/includes/global.inc" ] ; then 3370 mv -f /var/aegir/config/includes/global.inc /var/aegir/config/includes/global.inc-pre-$_INSTALLER_VERSION-$_NOW &> /dev/null 3371 fi 3372 mkdir -p /data/conf 3277 3373 if [ -e "/var/aegir/config/server_master/nginx/pre.d/nginx_wild_ssl.conf" ] ; then 3278 cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/global.inc.ssl.aegir.txt / var/aegir/config/includes/global.inc3374 cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/global.inc.ssl.aegir.txt /data/conf/global.inc 3279 3375 else 3280 cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/global.inc.aegir.txt /var/aegir/config/includes/global.inc 3376 cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/global.inc.aegir.txt /data/conf/global.inc 3377 fi 3378 sed -i "s/3600/$_SPEED_VALID_MAX/g" /data/conf/global.inc &> /dev/null 3379 if [ -e "/var/aegir/config/includes" ] && [ ! -L "/var/aegir/config/includes/global.inc" ] && [ -e "/data/conf/global.inc" ] ; then 3380 rm -f /var/aegir/config/includes/global.inc 3381 ln -s /data/conf/global.inc /var/aegir/config/includes/global.inc 3281 3382 fi 3282 sed -i "s/3600/$_SPEED_VALID_MAX/g" /var/aegir/config/includes/global.inc &> /dev/null3283 3383 update_redis_password 3284 3384 force_advanced_nginx_config 3285 3385 if [ "$_DRUSH_VERSION" = "7.x-4.5" ] || [ "$_DRUSH_VERSION" = "4.6-dev" ] ; then … … upgrade_aegir_master () { 3313 3413 rm -f /var/aegir/*install.sh.txt 3314 3414 } 3315 3415 # 3416 # Check for Linux/Cdorked.A malware and delete if discovered. 3417 detect_cdorked_malware () { 3418 _C_DORKED=NO 3419 _C_FILE=/opt/tmp/$_BOA_REPO_NAME/aegir/helpers/dump_cdorked_config.c 3420 if [ -e "$_C_FILE" ] ; then 3421 msg "INFO: Checking for Linux/Cdorked.A malware, please wait..." 3422 mrun "sleep 1" 3423 chattr -ai $(which nginx) &> /dev/null 3424 cd /var/backups 3425 rm -f -r /var/opt/foo_bar* 3426 gcc -o /var/opt/foo_bar /opt/tmp/$_BOA_REPO_NAME/aegir/helpers/dump_cdorked_config.c &> /dev/null 3427 _C_DORKED_TEST=$(/var/opt/foo_bar) 3428 if [[ "$_C_DORKED_TEST" =~ "No shared memory matching Cdorked signature was found" ]] ; then 3429 msg "INFO: No Linux/Cdorked.A malware traces found - system clean" 3430 else 3431 msg "ALRT: Your system is probably infected by Linux/Cdorked.A malware!" 3432 msg "ALRT: Please send /var/backups/httpd_cdorked_config.bin file to leveille@eset.com" 3433 rm -f $(which nginx) 3434 _NGX_FORCE_REINSTALL=YES 3435 _C_DORKED=YES 3436 fi 3437 fi 3438 } 3439 # 3316 3440 # Install or upgrade Nginx. 3317 3441 install_upgrade_nginx () { 3318 3442 msg "INFO: Testing Nginx version..." … … install_upgrade_nginx () { 3320 3444 if [ "$_STATUS" = "UPGRADE" ] ; then 3321 3445 _NGINX_INSTALL_REQUIRED=NO 3322 3446 fi 3323 _NGINX_EXTRA_CTRL="/var/aegir/config/server_master/nginx/pre.d/nginx_speed_purge.conf"3324 3447 if [ -x "/usr/sbin/nginx" ] ; then 3325 3448 _NGINX_F_INSTALLED=`/usr/sbin/nginx -v 2>&1 | tr -d "\n" | cut -d" " -f4 | awk '{ print $1}'` 3326 3449 _NGINX_V_INSTALLED=`/usr/sbin/nginx -V 2>&1` … … install_upgrade_nginx () { 3328 3451 _NGINX_F_INSTALLED=`/usr/sbin/nginx -v 2>&1 | tr -d "\n" | cut -d" " -f3 | awk '{ print $1}'` 3329 3452 fi 3330 3453 _NGINX_F_VERSION="$_CUSTOM_NAME/$_NGINX_VERSION" 3331 if [ "$_NGINX_F_INSTALLED" = "$_NGINX_F_VERSION" ] && [ -e "$_NGINX_EXTRA_CTRL" ] && ["$_STATUS" = "UPGRADE" ] ; then3454 if [ "$_NGINX_F_INSTALLED" = "$_NGINX_F_VERSION" ] && [ "$_STATUS" = "UPGRADE" ] ; then 3332 3455 _NGINX_INSTALL_REQUIRED=NO 3333 3456 msg "INFO: Installed Nginx version $_NGINX_F_INSTALLED, no upgrade required" 3334 3457 elif [ "$_NGINX_F_INSTALLED" = "$_NGINX_F_VERSION" ] && [ "$_STATUS" = "INIT" ] ; then … … install_upgrade_nginx () { 3337 3460 elif [ "$_NGINX_F_INSTALLED" != "$_NGINX_F_VERSION" ] ; then 3338 3461 _NGINX_INSTALL_REQUIRED=YES 3339 3462 msg "INFO: Installed Nginx version $_NGINX_F_INSTALLED, upgrade required" 3340 elif [ "$_NGINX_F_INSTALLED" = "$_NGINX_F_VERSION" ] && [ ! -e "$_NGINX_EXTRA_CTRL" ] && [ "$_STATUS" = "UPGRADE" ] ; then3341 if [ "$_PURGE_MODE" = "ON" ] ; then3342 _NGINX_INSTALL_REQUIRED=YES3343 msg "INFO: Installed Nginx version $_NGINX_F_INSTALLED, forced rebuild to include purge module"3344 fi3345 3463 fi 3346 3464 if [ "$_NGINX_F_INSTALLED" = "$_NGINX_F_VERSION" ] ; then 3347 3465 if [[ "$_NGINX_V_INSTALLED" =~ "geoip" ]] ; then … … install_upgrade_nginx () { 3368 3486 msg "INFO: Installed Nginx version $_NGINX_F_INSTALLED, forced rebuild to include LDAP support" 3369 3487 fi 3370 3488 fi 3489 if [ "$_PURGE_MODE" = "ON" ] ; then 3490 if [[ "$_NGINX_V_INSTALLED" =~ "purge" ]] ; then 3491 true 3492 else 3493 _NGINX_INSTALL_REQUIRED=YES 3494 msg "INFO: Installed Nginx version $_NGINX_F_INSTALLED, forced rebuild to include purge module" 3495 fi 3496 fi 3371 3497 fi 3372 3498 mrun "sleep 1" 3373 3499 else … … install_upgrade_nginx () { 3379 3505 msg "INFO: Nginx rebuild required to avoid apt-get overwrite" 3380 3506 fi 3381 3507 fi 3508 detect_cdorked_malware 3509 if [ "$_C_DORKED" = "YES" ] ; then 3510 _NGINX_INSTALL_REQUIRED=YES 3511 msg "INFO: Nginx rebuild required to remove possible Linux/Cdorked.A malware" 3512 fi 3382 3513 if [ "$_NGINX_INSTALL_REQUIRED" = "YES" ] || [ "$_FULL_FORCE_REINSTALL" = "YES" ] || [ "$_NGX_FORCE_REINSTALL" = "YES" ] ; then 3383 3514 if [ "$_STATUS" = "UPGRADE" ] ; then 3384 3515 msg "INFO: Upgrading Nginx, please wait..." … … install_upgrade_nginx () { 3434 3565 st_runner "sh ./configure --prefix=/usr --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/lock/nginx.lock --user=www-data --group=www-data --with-http_realip_module --with-http_gzip_static_module --with-http_stub_status_module --with-http_ssl_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --without-mail_pop3_module --without-mail_imap_module --without-mail_smtp_module --without-http_scgi_module --without-http_uwsgi_module --with-ipv6 --with-http_geoip_module --with-debug $_NGINX_EXTRA" 2> /dev/null 3435 3566 st_runner "make --quiet" 2> /dev/null 3436 3567 st_runner "make --quiet install" 2> /dev/null 3437 if [ "$_LENNY_TO_SQUEEZE" = "YES" ] && [ "$_LOC_REL_VERSION" = "lenny" ] ; then 3568 if [ "$_SQUEEZE_TO_WHEEZY" = "YES" ] && [ "$_LOC_REL_VERSION" = "squeeze" ] ; then 3569 true 3570 elif [ "$_LENNY_TO_SQUEEZE" = "YES" ] && [ "$_LOC_REL_VERSION" = "lenny" ] ; then 3438 3571 true 3439 3572 else 3440 s ervice nginx stop&> /dev/null3573 st_runner "service nginx stop" &> /dev/null 3441 3574 killall -9 nginx &> /dev/null 3442 3575 mrun "sleep 1" 3443 s ervice nginx start&> /dev/null3576 st_runner "service nginx start" &> /dev/null 3444 3577 fi 3445 3578 _UP_NGX=NO 3446 3579 _NGINX_INSTALL_REQUIRED=NO … … get_drush_versions () { 3708 3841 3709 3842 ###--------------------### 3710 3843 if [ `whoami` = "root" ] ; then 3844 chmod a+w /dev/null 3711 3845 echo " " 3712 3846 msg "BOA Skynet welcomes you aboard!" 3713 3847 echo " " … … if [ "$_STATUS" = "UPGRADE" ] ; then 3870 4004 3871 4005 echo "[client]" > /root/.my.cnf 3872 4006 echo "user=root" >> /root/.my.cnf 3873 echo "password= 'your_SQL_ROOT_password'" >> /root/.my.cnf4007 echo "password=your_SQL_ROOT_password" >> /root/.my.cnf 3874 4008 chmod 0600 /root/.my.cnf 3875 4009 3876 4010 EOF … … if [ "$_AEGIR_VERSION" = "HEAD" ] ; then 4042 4176 fi 4043 4177 fi 4044 4178 else 4045 wget -q -U iCab http://files.aegir.cc/versions/nginx-for-drupal-$_ AEGIR_VERSION.tar.gz4046 gunzip -q -c nginx-for-drupal-$_ AEGIR_VERSION.tar.gz | tar -xf -4047 rm -f nginx-for-drupal-$_ AEGIR_VERSION.tar.gz4179 wget -q -U iCab http://files.aegir.cc/versions/nginx-for-drupal-$_INSTALLER_VERSION.tar.gz 4180 gunzip -q -c nginx-for-drupal-$_INSTALLER_VERSION.tar.gz | tar -xf - 4181 rm -f nginx-for-drupal-$_INSTALLER_VERSION.tar.gz 4048 4182 _BOA_REPO_NAME="nginx-for-drupal" 4049 4183 fi 4050 4184 # … … fi 4088 4222 ###--------------------### 4089 4223 msg "INFO: Checking BARRACUDA version..." 4090 4224 if [ "$_AEGIR_VERSION" = "HEAD" ] ; then 4091 _FILE_VERSION= release.txt4225 _FILE_VERSION=barracuda-release.txt 4092 4226 else 4093 _FILE_VERSION= version.txt4227 _FILE_VERSION=barracuda-version.txt 4094 4228 fi 4095 4229 if [ -e "/opt/tmp/$_BOA_REPO_NAME/aegir/conf/$_FILE_VERSION" ] ; then 4096 4230 _VERSIONS_TEST=`cat /opt/tmp/$_BOA_REPO_NAME/aegir/conf/$_FILE_VERSION` … … if [ "$_THIS_OS" = "Ubuntu" ] ; then 4164 4298 not_supported_os 4165 4299 fi 4166 4300 elif [ "$_THIS_OS" = "Debian" ] ; then 4167 if [ "$_THIS_RV" = "squeeze" ] ; then 4301 if [ "$_THIS_RV" = "wheezy" ] ; then 4302 _REL_VERSION="wheezy" 4303 _DB_SERVER=MariaDB 4304 elif [ "$_THIS_RV" = "squeeze" ] ; then 4168 4305 _REL_VERSION="squeeze" 4169 4306 elif [ "$_THIS_RV" = "lenny" ] ; then 4170 4307 _REL_VERSION="lenny" … … install_pdnsd_cache () { 4448 4585 mrun "sleep 1" 4449 4586 cp -af /etc/resolv.conf /var/backups/resolv.conf.pre-$_INSTALLER_VERSION-$_NOW 4450 4587 st_runner "aptitude remove pdnsd resolvconf -y" &> /dev/null 4588 rm -f /etc/resolv.conf 4451 4589 echo "nameserver 8.8.8.8" > /etc/resolv.conf 4452 4590 echo "nameserver 8.8.4.4" >> /etc/resolv.conf 4453 4591 st_runner "$_INSTALL pdnsd resolvconf" &> /dev/null 4454 4592 sed -i "s/START_DAEMON=no/START_DAEMON=yes/g" /etc/default/pdnsd &> /dev/null 4455 4593 cat /opt/tmp/$_BOA_REPO_NAME/aegir/conf/pdnsd.conf > /etc/pdnsd.conf 4456 if [ ! -L "/etc/resolvconf/run" ] && [ -e "/lib/init/rw/resolvconf" ] ; then 4457 rm -f /etc/resolvconf/run 4594 if [ ! -L "/etc/resolvconf/run" ] || [ ! -e "/lib/init/rw/resolvconf/interface" ] ; then 4595 if [ ! -e "/lib/init/rw/resolvconf/interface" ] ; then 4596 mkdir -p /lib/init/rw/resolvconf/interface 4597 fi 4598 rm -f -r /etc/resolvconf/run 4458 4599 ln -s /lib/init/rw/resolvconf /etc/resolvconf/run 4459 4600 rm -f /etc/resolvconf/run/postponed-update 4460 4601 touch /etc/resolvconf/run/enable-updates … … if [ ! -e "/usr/sbin/pdnsd" ] ; then 4526 4667 install_pdnsd_cache 4527 4668 fi 4528 4669 fi 4529 if [ ! -L "/etc/resolv.conf" ] && [ -e "/lib/init/rw/resolvconf" ] && [ -e "/usr/sbin/pdnsd" ] ; then 4530 _INSTALL_PDNSD=YES 4531 msg "INFO: DNS cache pdnsd server re-installation forced" 4532 install_pdnsd_cache 4670 if [ -e "/usr/sbin/pdnsd" ] ; then 4671 if [ ! -L "/etc/resolvconf/run" ] || [ ! -e "/lib/init/rw/resolvconf/interface" ] ; then 4672 _INSTALL_PDNSD=YES 4673 msg "INFO: DNS cache pdnsd server re-installation forced" 4674 install_pdnsd_cache 4675 fi 4533 4676 fi 4534 4677 4535 4678 … … if [ -e "/var/log/apt-fast-install-log.txt" ] ; then 4553 4696 sed -i "s/ftp.*debian.org/archive.debian.org/g" /etc/apt/sources.list &> /dev/null 4554 4697 sed -i "s/volatile.debian.org/archive.debian.org/g" /etc/apt/sources.list &> /dev/null 4555 4698 fi 4556 if [ "$_LENNY_TO_SQUEEZE" = "YES" ] && [ "$_REL_VERSION" = "lenny" ] ; then 4699 if [ "$_SQUEEZE_TO_WHEEZY" = "YES" ] && [ "$_REL_VERSION" = "squeeze" ] ; then 4700 run_apt_update_again 4701 _LOC_REL_VERSION=squeeze 4702 _REL_VERSION=wheezy 4703 _APT_SOURCES_REWRITE=YES 4704 elif [ "$_LENNY_TO_SQUEEZE" = "YES" ] && [ "$_REL_VERSION" = "lenny" ] ; then 4557 4705 run_apt_update_again 4558 4706 _LOC_REL_VERSION=lenny 4559 4707 _REL_VERSION=squeeze … … if [ -e "/var/log/apt-fast-install-log.txt" ] ; then 4566 4714 else 4567 4715 _APT_SOURCES_REWRITE=YES 4568 4716 fi 4569 if [ ! -e "/etc/apt/sources.list.d/dotdeb.list" ] ; then 4570 _APT_SOURCES_REWRITE=YES 4717 if [ "$_DB_SERVER" = "Percona" ] ; then 4718 if [ ! -e "/etc/apt/sources.list.d/percona.list" ]; then 4719 _APT_SOURCES_REWRITE=YES 4720 fi 4721 else 4722 if [ ! -e "/etc/apt/sources.list.d/mariadb.list" ]; then 4723 _APT_SOURCES_REWRITE=YES 4724 fi 4571 4725 fi 4572 4726 fi 4573 4727 else … … if [ "$_APT_SOURCES_REWRITE" = "YES" ] ; then 4667 4821 if [ "$_REL_VERSION" = "lenny" ] ; then 4668 4822 echo "deb http://archive.debian.org/debian-volatile $_REL_VERSION/volatile main contrib non-free" >> /etc/apt/sources.list 4669 4823 echo "deb-src http://archive.debian.org/debian-volatile $_REL_VERSION/volatile main contrib non-free" >> /etc/apt/sources.list 4670 fi 4671 if [ "$_REL_VERSION" = "squeeze" ] ; then 4824 else 4672 4825 echo "deb http://$_MIRROR/debian/ $_REL_VERSION-updates main" >> /etc/apt/sources.list 4673 4826 echo "deb-src http://$_MIRROR/debian/ $_REL_VERSION-updates main" >> /etc/apt/sources.list 4674 4827 echo "" >> /etc/apt/sources.list 4675 4828 echo "## DEBIAN SECURITY UPDATES" >> /etc/apt/sources.list 4676 4829 echo "deb http://security.debian.org/ $_REL_VERSION/updates main contrib non-free" >> /etc/apt/sources.list 4677 4830 echo "deb-src http://security.debian.org/ $_REL_VERSION/updates main contrib non-free" >> /etc/apt/sources.list 4678 echo "## Dotdeb APT Repository" > /etc/apt/sources.list.d/dotdeb.list 4679 echo "deb http://packages.dotdeb.org squeeze all" >> /etc/apt/sources.list.d/dotdeb.list 4680 echo "deb-src http://packages.dotdeb.org squeeze all" >> /etc/apt/sources.list.d/dotdeb.list 4681 cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/etc-apt-preferences-debian.txt /etc/apt/preferences 4682 _KEYS_SERVER_TEST=FALSE 4683 until [[ "$_KEYS_SERVER_TEST" =~ "GnuPG" ]] ; do 4684 rm -f dotdeb.gpg* 4685 wget -q -U iCab http://www.dotdeb.org/dotdeb.gpg 4686 _KEYS_SERVER_TEST=`grep GnuPG dotdeb.gpg 2> /dev/null` 4687 sleep 2 4688 done 4689 cat dotdeb.gpg | apt-key add - &> /dev/null 4690 rm -f dotdeb.gpg* 4831 if [ "$_REL_VERSION" = "wheezy" ] ; then 4832 cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/etc-apt-preferences-wheezy.txt /etc/apt/preferences 4833 fi 4834 if [ "$_REL_VERSION" = "squeeze" ] ; then 4835 cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/etc-apt-preferences-squeeze.txt /etc/apt/preferences 4836 if [ "$_FROM_SOURCES" = "NO" ] ; then 4837 echo "## Dotdeb APT Repository" > /etc/apt/sources.list.d/dotdeb.list 4838 echo "deb http://packages.dotdeb.org squeeze all" >> /etc/apt/sources.list.d/dotdeb.list 4839 echo "deb-src http://packages.dotdeb.org squeeze all" >> /etc/apt/sources.list.d/dotdeb.list 4840 _KEYS_SERVER_TEST=FALSE 4841 until [[ "$_KEYS_SERVER_TEST" =~ "GnuPG" ]] ; do 4842 rm -f dotdeb.gpg* 4843 wget -q -U iCab http://www.dotdeb.org/dotdeb.gpg 4844 _KEYS_SERVER_TEST=`grep GnuPG dotdeb.gpg 2> /dev/null` 4845 sleep 2 4846 done 4847 cat dotdeb.gpg | apt-key add - &> /dev/null 4848 rm -f dotdeb.gpg* 4849 fi 4850 fi 4691 4851 fi 4692 4852 fi 4693 4853 touch /var/log/apt-fast-install-log.txt … … if [ ! -e "/etc/apt/preferences" ] ; then 4702 4862 fi 4703 4863 4704 4864 4865 ###--------------------### 4866 if [ "$_SQUEEZE_TO_WHEEZY" = "YES" ] && [ "$_LOC_REL_VERSION" = "squeeze" ] ; then 4867 msg "WARN: Squeeze to Wheezy upgrade will start in 60 seconds..." 4868 msg "WARN: Now pray it will work... or hit ctrl-c to stop now!" 4869 service cron stop &> /dev/null 4870 mrun "sleep 60" 4871 mv -f /var/xdrago /var/xdrago_wait &> /dev/null 4872 msg "WARN: Too late! Squeeze to Wheezy upgrade in progress..." 4873 msg "HINT: Run tail -f $_LOG" 4874 msg "HINT: in another terminal window to watch details" 4875 mrun "sleep 1" 4876 _FULL_FORCE_REINSTALL=YES 4877 _BUILD_FROM_SRC=YES 4878 _FROM_SOURCES=YES 4879 _PURGE_MODE=OFF 4880 rm -f /var/aegir/config/server_master/nginx/pre.d/nginx_speed_purge.conf 4881 if [ -e "/etc/init.d/bind" ] ; then 4882 rm -f /etc/init.d/bind 4883 fi 4884 if [ -e "/etc/default/tomcat" ] && [ -e "/etc/init.d/tomcat" ] ; then 4885 service tomcat stop &> /dev/null 4886 mv /etc/init.d/tomcat /etc/init.d/offtomcat 4887 killall -9 java &> /dev/null 4888 fi 4889 if [ -d "/var/www/cgp" ] ; then 4890 st_runner "apt-get -y remove collectd" 2> /dev/null 4891 fi 4892 touch /etc/php5/conf.d/{apc.ini,imagick.ini,memcached.ini,redis.ini,suhosin.ini,newrelic.ini} &> /dev/null 4893 st_runner "aptitude remove php5 php5-cgi php5-curl php5-fpm php5-gd php5-geoip php5-gmp php5-imagick php5-imap php5-ldap php5-mcrypt php5-memcache php5-mysql php5-sqlite php5-xmlrpc php5-xsl -y" &> /dev/null 4894 st_runner "apt-get autoremove -y" &> /dev/null 4895 st_runner "aptitude remove phpunit php-pear php-benchmark -y" &> /dev/null 4896 st_runner "aptitude remove php5-cli php5-common -y" &> /dev/null 4897 st_runner "aptitude remove php5-apc -y" &> /dev/null 4898 st_runner "aptitude remove php-apc -y" &> /dev/null 4899 rm -f /etc/php5/conf.d/{apc.ini,imagick.ini,memcached.ini,redis.ini,suhosin.ini,newrelic.ini} &> /dev/null 4900 if [ "$_PHP_MODERN_ONLY" = "YES" ] ; then 4901 if [ -e "/opt/local/bin/php" ] && [ ! -L "/usr/local/bin/php" ] ; then 4902 mv -f /usr/local/bin/php /usr/local/bin/php52 &> /dev/null 4903 ln -s /opt/local/bin/php /usr/local/bin/php &> /dev/null 4904 fi 4905 fi 4906 st_runner "apt-get -y remove svscan" &> /dev/null 4907 st_runner "apt-get -y remove pound" &> /dev/null 4908 st_runner "apt-get update -y" &> /dev/null 4909 st_runner "apt-get -f -y -q --config-file /opt/tmp/apt.conf.noninteractive install apt dpkg aptitude" 2> /dev/null 4910 st_runner "apt-get -f -y -q --config-file /opt/tmp/apt.conf.noninteractive dist-upgrade" 2> /dev/null 4911 if [ "$_FROM_SOURCES" = "YES" ] || [ "$_NGINX_FROM_SOURCES" = "YES" ] ; then 4912 install_upgrade_nginx 4913 fi 4914 if [ -e "/etc/init.d/bind9" ] && [ ! -e "/etc/init.d/bind" ] ; then 4915 ln -s /etc/init.d/bind9 /etc/init.d/bind 4916 fi 4917 if [ -d "/var/www/cgp" ] ; then 4918 st_runner "apt-get -y install collectd" 2> /dev/null 4919 fi 4920 _L_VM_TEST=`uname -a 2>&1` 4921 if [[ "$_L_VM_TEST" =~ beng ]] ; then 4922 _REMOVE_LINKS="halt hwclock.sh hwclockfirst.sh ifupdown ifupdown-clean klogd mountall-bootclean.sh mountall.sh mountdevsubfs.sh mountkernfs.sh mountnfs-bootclean.sh mountnfs.sh mountoverflowtmp mountvirtfs mtab.sh networking reboot setserial umountfs umountnfs.sh umountroot urandom" 4923 for link in $_REMOVE_LINKS 4924 do 4925 update-rc.d -f $link remove &> /dev/null 4926 done 4927 fi 4928 echo rotate > /var/log/syslog &> /dev/null 4929 mv -f /var/xdrago_wait /var/xdrago &> /dev/null 4930 msg "INFO: No errors? Then Squeeze to Wheezy upgrade was successful - congrats!" 4931 msg "HINT: Please remember to reboot when Barracuda will complete all upgrades" 4932 fi 4933 4705 4934 4706 4935 ###--------------------### 4707 4936 if [ "$_LENNY_TO_SQUEEZE" = "YES" ] && [ "$_LOC_REL_VERSION" = "lenny" ] ; then … … if [ "$_LENNY_TO_SQUEEZE" = "YES" ] && [ "$_LOC_REL_VERSION" = "lenny" ] ; then 4726 4955 if [ -d "/var/www/cgp" ] ; then 4727 4956 st_runner "apt-get -y remove collectd" 2> /dev/null 4728 4957 fi 4729 if [ -e "/opt/local/bin/php" ] && [ ! -L "/usr/local/bin/php" ] ; then 4730 mv -f /usr/local/bin/php /usr/local/bin/php52 &> /dev/null 4731 ln -s /opt/local/bin/php /usr/local/bin/php &> /dev/null 4958 if [ "$_PHP_MODERN_ONLY" = "YES" ] ; then 4959 if [ -e "/opt/local/bin/php" ] && [ ! -L "/usr/local/bin/php" ] ; then 4960 mv -f /usr/local/bin/php /usr/local/bin/php52 &> /dev/null 4961 ln -s /opt/local/bin/php /usr/local/bin/php &> /dev/null 4962 fi 4732 4963 fi 4733 4964 st_runner "apt-get -y remove libc-client2007b-dev" 2> /dev/null 4734 4965 st_runner "apt-get -y remove svscan" 2> /dev/null … … else 4809 5040 touch /etc/php5/conf.d/{apc.ini,imagick.ini,memcached.ini,redis.ini,suhosin.ini,newrelic.ini} &> /dev/null 4810 5041 st_runner "aptitude remove php5 php5-cgi php5-curl php5-fpm php5-gd php5-geoip php5-gmp php5-imagick php5-imap php5-ldap php5-mcrypt php5-memcache php5-mysql php5-sqlite php5-xmlrpc php5-xsl -y" &> /dev/null 4811 5042 st_runner "apt-get autoremove -y" &> /dev/null 5043 st_runner "aptitude remove phpunit php-pear php-benchmark -y" &> /dev/null 5044 st_runner "aptitude remove php5-cli php5-common -y" &> /dev/null 5045 st_runner "aptitude remove php5-apc -y" &> /dev/null 5046 st_runner "aptitude remove php-apc -y" &> /dev/null 4812 5047 rm -f /etc/php5/conf.d/{apc.ini,imagick.ini,memcached.ini,redis.ini,suhosin.ini,newrelic.ini} &> /dev/null 5048 if [ "$_REL_VERSION" = "squeeze" ] ; then 5049 rm -f /etc/apt/sources.list.d/dotdeb.list 5050 fi 4813 5051 fi 4814 5052 rm -f /var/lib/mysql/debian-*.flag &> /dev/null 4815 5053 _KEYS_SERVER_TEST=FALSE … … else 4821 5059 _KEYS_SERVER_TEST=`apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 1BB943DB 2>&1` 4822 5060 sleep 2 4823 5061 done 5062 _UP_FPM=NO 5063 _UP_JDK=NO 4824 5064 _UP_LNX=NO 4825 _UP_PHP=NO4826 5065 _UP_NGX=NO 4827 _UP_ JDK=NO4828 _UP_ FPM=NO5066 _UP_NRC=NO 5067 _UP_PHP=NO 4829 5068 check_apt_updates 4830 5069 fi 4831 5070 … … fi 4848 5087 msg "NOTE! This step may take a few minutes, please wait..." 4849 5088 if [ "$_STATUS" = "INIT" ] ; then 4850 5089 if [ "$_FROM_SOURCES" = "NO" ] ; then 4851 if [ "$_REL_VERSION" = "precise" ] ; then5090 if [ "$_REL_VERSION" = "precise" ] || [ "$_REL_VERSION" = "wheezy" ] ; then 4852 5091 _APT_XTRA="openjdk-7-jdk openjdk-6-jdk nginx-extras" 4853 5092 else 4854 5093 _APT_XTRA="openjdk-6-jdk nginx-extras" 4855 5094 fi 4856 5095 _APT_ELSE="netcat nginx" 4857 5096 else 4858 if [ "$_REL_VERSION" = "precise" ] ; then5097 if [ "$_REL_VERSION" = "precise" ] || [ "$_REL_VERSION" = "wheezy" ] ; then 4859 5098 _APT_XTRA="openjdk-7-jdk openjdk-6-jdk nginx" 4860 5099 else 4861 5100 _APT_XTRA="openjdk-6-jdk nginx" … … if [ "$_STATUS" = "INIT" ] ; then 4863 5102 _APT_ELSE="netcat nginx" 4864 5103 fi 4865 5104 else 4866 if [ "$_REL_VERSION" = "precise" ] ; then5105 if [ "$_REL_VERSION" = "precise" ] || [ "$_REL_VERSION" = "wheezy" ] ; then 4867 5106 _APT_XTRA="openjdk-7-jdk openjdk-6-jdk" 4868 5107 else 4869 5108 _APT_XTRA="openjdk-6-jdk" … … if [ ! -z "$_EXTRA_PACKAGES" ] ; then 4891 5130 else 4892 5131 _EXTRA_PACKAGES="screen" 4893 5132 fi 4894 if [ "$_REL_VERSION" = "lenny" ] ; then 5133 if [ "$_REL_VERSION" = "wheezy" ] || [ "$_REL_VERSION" = "squeeze" ] || [ "$_REL_VERSION" = "precise" ] || [ "$_REL_VERSION" = "lucid" ] || [ "$_REL_VERSION" = "maverick" ] || [ "$_REL_VERSION" = "natty" ] || [ "$_REL_VERSION" = "oneiric" ] ; then 5134 _DEBDEPS="apticron aptitude auditd autoconf2.13 automake automake1.4 autotools-dev bc bison build-essential cron curl cvs defoma devscripts dnsutils dstat flex fontconfig-config ghostscript gnupg imagemagick htop ifstat iptables libapr1 lemon libaprutil1 libc-client-dev libc-client2007e libc-client2007e-dev libcurl4-openssl-dev libfilesys-diskspace-perl libfontconfig1 libfreetype6 libfreetype6-dev libfribidi0 libgd2-xpm libhtml-template-perl libjpeg-dev libjpeg62 $_EXTRA_LIB_APT libnet-daemon-perl libpcre3 libpcre3-dev libplrpc-perl libpng12-0 libpng12-dev libpq5 libsasl2-modules libssl-dev libt1-5 libt1-dev libtool libwww-perl libxml2-dev libxpm4 libxslt-dev libxslt1-dbg libxslt1-dev libxslt1.1 lftp m4 makepasswd mc mcrypt nano netcat ncurses-dev $_APT_XTRA postfix postfix-pcre pwgen python-dev cython re2c rsync shtool ssh ssl-cert subversion sudo sysstat sysvinit-utils t1lib-bin telnet time ttf-dejavu ttf-dejavu-core ttf-dejavu-extra unzip vim whois xml-core xml2 zip zlib1g-dev zlibc xpdf catdoc unrtf pdftk libterm-readkey-perl rrdtool libpam-umask ntpdate p7zip-full sipcalc rsyslog libgmp3-dev symlinks libgeoip1 libgeoip-dev geoip-database libmagickwand-dev gettext ncurses-term udev libpam-unix2 libxcrypt1 s3cmd python-software-properties $_EXTRA_PACKAGES" 5135 elif [ "$_REL_VERSION" = "lenny" ] ; then 4895 5136 _DEBDEPS="apticron aptitude auditd autoconf2.13 automake automake1.4 autotools-dev bc bison build-essential cron curl cvs defoma devscripts dnsutils dstat flex fontconfig-config ghostscript gnupg imagemagick htop ifstat iptables lemon libapr1 libaprutil1 libc-client-dev libc-client2007b libc-client2007b-dev libcurl4-openssl-dev libfilesys-diskspace-perl libfontconfig1 libfreetype6 libfreetype6-dev libfribidi0 libgd2-xpm libhtml-template-perl libjpeg-dev libjpeg62 $_EXTRA_LIB_APT libnet-daemon-perl libpcre3 libpcre3-dev libplrpc-perl libpng12-dev libpng12-0 libpq5 libsasl2-modules libssl-dev libt1-5 libt1-dev libtool libwww-perl libxml2-dev libxpm4 libxslt-dev libxslt1-dbg libxslt1-dev libxslt1.1 lftp m4 makepasswd mc mcrypt nano $_APT_ELSE ncurses-dev openjdk-6-jdk postfix postfix-pcre pwgen python-dev cython re2c rsync shtool ssh ssl-cert subversion sudo sysstat sysvconfig t1lib-bin telnet time ttf-dejavu ttf-dejavu-core ttf-dejavu-extra vim whois xml-core xml2 zlib1g-dev zlibc unzip zip xpdf catdoc unrtf pdftk libterm-readkey-perl rrdtool libpam-umask ntpdate p7zip-full sipcalc rsyslog libgmp3-dev symlinks libgeoip1 libgeoip-dev libmagick9-dev gettext ncurses-term udev $_EXTRA_PACKAGES" 4896 elif [ "$_REL_VERSION" = "squeeze" ] || [ "$_REL_VERSION" = "lucid" ] || [ "$_REL_VERSION" = "maverick" ] || [ "$_REL_VERSION" = "natty" ] || [ "$_REL_VERSION" = "oneiric" ] || [ "$_REL_VERSION" = "precise" ] ; then4897 _DEBDEPS="apticron aptitude auditd autoconf2.13 automake automake1.4 autotools-dev bc bison build-essential cron curl cvs defoma devscripts dnsutils dstat flex fontconfig-config ghostscript gnupg imagemagick htop ifstat iptables libapr1 lemon libaprutil1 libc-client-dev libc-client2007e libc-client2007e-dev libcurl4-openssl-dev libfilesys-diskspace-perl libfontconfig1 libfreetype6 libfreetype6-dev libfribidi0 libgd2-xpm libhtml-template-perl libjpeg-dev libjpeg62 $_EXTRA_LIB_APT libnet-daemon-perl libpcre3 libpcre3-dev libplrpc-perl libpng12-0 libpng12-dev libpq5 libsasl2-modules libssl-dev libt1-5 libt1-dev libtool libwww-perl libxml2-dev libxpm4 libxslt-dev libxslt1-dbg libxslt1-dev libxslt1.1 lftp m4 makepasswd mc mcrypt nano netcat ncurses-dev $_APT_XTRA postfix postfix-pcre pwgen python-dev cython re2c rsync shtool ssh ssl-cert subversion sudo sysstat sysvinit-utils t1lib-bin telnet time ttf-dejavu ttf-dejavu-core ttf-dejavu-extra unzip vim whois xml-core xml2 zip zlib1g-dev zlibc xpdf catdoc unrtf pdftk libterm-readkey-perl rrdtool libpam-umask ntpdate p7zip-full sipcalc rsyslog libgmp3-dev symlinks libgeoip1 libgeoip-dev geoip-database libmagickwand-dev gettext ncurses-term udev $_EXTRA_PACKAGES"4898 5137 else 4899 5138 _DEBDEPS="apticron aptitude auditd autoconf2.13 automake automake1.4 autotools-dev bc bison build-essential cron curl cvs defoma devscripts dnsutils dstat flex fontconfig-config ghostscript gnupg imagemagick htop ifstat iptables lemon libapr1 libaprutil1 libc-client-dev libc-client2007b libc-client2007b-dev libcurl4-openssl-dev libfilesys-diskspace-perl libfontconfig1 libfreetype6 libfreetype6-dev libfribidi0 libgd2-xpm libhtml-template-perl libjpeg-dev libjpeg62 $_EXTRA_LIB_APT libnet-daemon-perl libpcre3 libpcre3-dev libplrpc-perl libpng12-dev libpng12-0 libpq5 libsasl2-modules libssl-dev libt1-5 libt1-dev libtool libwww-perl libxml2-dev libxpm4 libxslt-dev libxslt1-dbg libxslt1-dev libxslt1.1 lftp m4 makepasswd mc mcrypt nano $_APT_ELSE ncurses-dev openjdk-6-jdk postfix postfix-pcre pwgen python-dev cython re2c rsync shtool ssh ssl-cert subversion sudo sysstat sysvinit-utils t1lib-bin telnet time ttf-dejavu ttf-dejavu-core ttf-dejavu-extra vim whois xml-core xml2 zlib1g-dev zlibc unzip zip xpdf catdoc unrtf pdftk libterm-readkey-perl rrdtool libpam-umask ntpdate p7zip-full sipcalc rsyslog libgmp3-dev symlinks libgeoip1 libgeoip-dev libmagick9-dev gettext ncurses-term udev $_EXTRA_PACKAGES" 4900 5139 fi … … install_mariadb_sql () { 4975 5214 SQLADD="libmariadbclient-dev libmariadbclient16 libmariadbd-dev libdbd-mysql-perl python-mysqldb libdbi-perl" 4976 5215 } 4977 5216 install_with_aptitude_sql () { 4978 if [ "$_REL_VERSION" = "squeeze" ] || [ "$_REL_VERSION" = "lucid" ] || [ "$_REL_VERSION" = " maverick" ] || [ "$_REL_VERSION" = "natty" ] || [ "$_REL_VERSION" = "oneiric" ] || [ "$_REL_VERSION" = "precise" ] ; then5217 if [ "$_REL_VERSION" = "squeeze" ] || [ "$_REL_VERSION" = "lucid" ] || [ "$_REL_VERSION" = "precise" ] ; then 4979 5218 _PERCONA_READY=YES 5219 msg "INFO: Installing $_DB_SERVER, please wait..." 4980 5220 else 4981 5221 _PERCONA_READY=NO 5222 msg "INFO: Installing MariaDB, please wait..." 4982 5223 fi 4983 msg "INFO: Installing $_DB_SERVER, please wait..."4984 5224 if [ "$_PERCONA_READY" = "YES" ] && [ "$_DB_SERVER" = "Percona" ] ; then 4985 5225 install_percona_sql 4986 5226 st_runner "$_INSTAPP mytop" 2> /dev/null 4987 5227 else 4988 5228 install_mariadb_sql 5229 st_runner "$_INSTAPP mytop" 2> /dev/null 4989 5230 echo "fixed-mytop-mariadb" > /var/log/fixed-mytop-mariadb.log 4990 5231 fi 4991 5232 st_runner "$_INSTAPP $SQLDEB" 2> /dev/null … … if [ "$_STATUS" = "INIT" ] ; then 5005 5246 fi 5006 5247 install_with_aptitude_deps 5007 5248 fix_locales 5249 if [ "$_LOCALE_TEST" = "BROKEN" ] ; then 5250 _STRONG_PASSWORDS=NO 5251 fi 5008 5252 if [ ! -e "/etc/aliases" ] ; then 5009 5253 echo "postmaster: root" > /etc/aliases 5010 5254 newaliases &> /dev/null … … if [ "$_STATUS" = "INIT" ] ; then 5027 5271 fi 5028 5272 install_with_aptitude_sql 5029 5273 else 5274 if [ "$_UP_NRC" = "YES" ] ; then 5275 update_newrelic 5276 fi 5030 5277 _SQL_UPGRADE=NO 5031 5278 if [[ "$_DB_SERVER_TEST" =~ "MariaDB" ]] ; then 5032 5279 _SQL_TEST_UPGRADE=NO … … else 5046 5293 elif [ "$_REL_VERSION" = "squeeze" ] && [[ "$_DB_SERVER_TEST" =~ "MariaDB" ]] && [[ "$_DB_SERVER_TEST" =~ " 5.3." ]] ; then 5047 5294 _SQL_UPGRADE=YES 5048 5295 fi 5049 if [ "$_LENNY_TO_SQUEEZE" = "YES" ] && [ "$_LOC_REL_VERSION" = "lenny" ] ; then 5296 if [ "$_SQUEEZE_TO_WHEEZY" = "YES" ] && [ "$_LOC_REL_VERSION" = "squeeze" ] ; then 5297 _SQL_UPGRADE=NO 5298 elif [ "$_LENNY_TO_SQUEEZE" = "YES" ] && [ "$_LOC_REL_VERSION" = "lenny" ] ; then 5050 5299 _SQL_UPGRADE=NO 5051 5300 fi 5052 5301 if [ "$_SQL_UPGRADE" = "YES" ] ; then … … install_with_aptitude_deps 5109 5358 st_runner "service php5-fpm stop" &> /dev/null 5110 5359 st_runner "update-rc.d -f php5-fpm remove" &> /dev/null 5111 5360 install_latest_git 5112 if [ "$_ LENNY_TO_SQUEEZE" = "NO" ] ; then5361 if [ "$_SQUEEZE_TO_WHEEZY" = "NO" ] && [ "$_LENNY_TO_SQUEEZE" = "NO" ] ; then 5113 5362 if [ "$_FROM_SOURCES" = "YES" ] && [ "$_USE_MEMCACHED" = "YES" ] ; then 5114 5363 install_upgrade_libevent 5115 5364 fi … … fi 5117 5366 if [ "$_FROM_SOURCES" = "YES" ] || [ "$_NGINX_FROM_SOURCES" = "YES" ] ; then 5118 5367 install_upgrade_nginx 5119 5368 fi 5120 set_xterm5121 5369 kill_nash 5122 5370 fix_ftps_modern 5123 5371 enable_purge_cruft_machine … … install_wkhtmltoimage 5126 5374 5127 5375 5128 5376 ###--------------------### 5129 if [ "$_REL_VERSION" = "natty" ] || [ "$_REL_VERSION" = "oneiric" ] || [ "$_REL_VERSION" = "precise" ] ; then5377 if [ "$_REL_VERSION" = "natty" ] || [ "$_REL_VERSION" = "oneiric" ] || [ "$_REL_VERSION" = "precise" ] || [ "$_REL_VERSION" = "wheezy" ] ; then 5130 5378 if [ ! -L "/usr/lib/libpng.so" ] ; then 5131 msg "INFO: Fix #1 for libs in Ubuntu$_REL_VERSION"5379 msg "INFO: Fix #1 for libs in $_THIS_OS $_REL_VERSION" 5132 5380 _X86_64_TEST=`uname -m` 5133 5381 if [ "$_X86_64_TEST" = "x86_64" ] ; then 5134 5382 ln -s /usr/lib/x86_64-linux-gnu/libpng.so /usr/lib/libpng.so … … fi 5144 5392 5145 5393 5146 5394 ###--------------------### 5147 if [ "$_REL_VERSION" = "oneiric" ] || [ "$_REL_VERSION" = "precise" ] ; then5395 if [ "$_REL_VERSION" = "oneiric" ] || [ "$_REL_VERSION" = "precise" ] || [ "$_REL_VERSION" = "wheezy" ] ; then 5148 5396 if [ ! -L "/usr/lib/libssl.so.1.0.0" ] ; then 5149 msg "INFO: Fix #2 for libs in Ubuntu$_REL_VERSION"5397 msg "INFO: Fix #2 for libs in $_THIS_OS $_REL_VERSION" 5150 5398 _X86_64_TEST=`uname -m` 5151 5399 if [ "$_X86_64_TEST" = "x86_64" ] ; then 5152 5400 if [ -e "/usr/lib/x86_64-linux-gnu/libssl.so.1.0.0" ] ; then … … if [ -d "/var/xdrago" ] && [ -e "/var/aegir/.drush/hostmaster.alias.drushrc.php" 5305 5553 _THISHTIP="$_LOC_IP" 5306 5554 fi 5307 5555 if [[ "$_THISHOST" =~ ".host8." ]] ; then 5308 _NGINX_DOS_LIMIT= 2595556 _NGINX_DOS_LIMIT=199 5309 5557 fi 5310 5558 sed -i "s/88.88.88.88/$_THISHTIP/g" /var/xdrago/monitor/check/scan_nginx &> /dev/null 5311 5559 sed -i "s/= 300/= $_NGINX_DOS_LIMIT/g" /var/xdrago/monitor/check/scan_nginx &> /dev/null … … if [ -d "/var/xdrago" ] && [ -e "/var/aegir/.drush/hostmaster.alias.drushrc.php" 5329 5577 if [ -e "/usr/share/man/man3/buagent.3.gz" ] ; then 5330 5578 chmod 644 /usr/share/man/man3/buagent.3.gz 5331 5579 fi 5332 sed -i "s/l10n_update/l10n_update update purge expire seckit background_process ultimate_cron httprl/g" /var/xdrago/usage.sh &> /dev/null 5580 sed -i "s/devel performance/devel performance update purge expire seckit background_process ultimate_cron/g" /var/xdrago/usage.sh &> /dev/null 5581 sed -i "s/performance devel/performance devel purge expire seckit background_process ultimate_cron/g" /var/xdrago/usage.sh &> /dev/null 5333 5582 else 5334 sed -i "s/ l10n_update/l10n_update purge expire/g" /var/xdrago/usage.sh &> /dev/null5583 sed -i "s/devel performance/devel performance purge expire/g" /var/xdrago/usage.sh &> /dev/null 5335 5584 sed -i "s/log\/lshell/log\/lsh/g" /etc/logrotate.d/lshell &> /dev/null 5336 5585 fi 5337 5586 fi … … if [ "$_STATUS" = "INIT" ] ; then 5349 5598 _THISHTIP="$_LOC_IP" 5350 5599 fi 5351 5600 if [[ "$_THISHOST" =~ ".host8." ]] ; then 5352 _NGINX_DOS_LIMIT= 2595601 _NGINX_DOS_LIMIT=199 5353 5602 fi 5354 5603 sed -i "s/88.88.88.88/$_THISHTIP/g" /var/xdrago/monitor/check/scan_nginx &> /dev/null 5355 5604 sed -i "s/= 300/= $_NGINX_DOS_LIMIT/g" /var/xdrago/monitor/check/scan_nginx &> /dev/null … … if [ "$_STATUS" = "INIT" ] ; then 5366 5615 if [ -e "/usr/share/man/man3/buagent.3.gz" ] ; then 5367 5616 chmod 644 /usr/share/man/man3/buagent.3.gz 5368 5617 fi 5369 sed -i "s/l10n_update/l10n_update update purge expire seckit background_process ultimate_cron httprl/g" /var/xdrago/usage.sh &> /dev/null 5618 sed -i "s/devel performance/devel performance update purge expire seckit background_process ultimate_cron/g" /var/xdrago/usage.sh &> /dev/null 5619 sed -i "s/performance devel/performance devel purge expire seckit background_process ultimate_cron/g" /var/xdrago/usage.sh &> /dev/null 5370 5620 else 5371 sed -i "s/ l10n_update/l10n_update purge expire/g" /var/xdrago/usage.sh &> /dev/null5621 sed -i "s/devel performance/devel performance purge expire/g" /var/xdrago/usage.sh &> /dev/null 5372 5622 fi 5373 5623 fi 5374 5624 if [ -d "/var/xdrago-pre-$_INSTALLER_VERSION-$_NOW" ] ; then … … fi 5404 5654 5405 5655 5406 5656 ###--------------------### 5407 if [ "$_LENNY_TO_SQUEEZE" = "YES" ] && [ "$_LOC_REL_VERSION" = "lenny" ] ; then 5408 service nginx stop &> /dev/null 5657 if [ "$_SQUEEZE_TO_WHEEZY" = "YES" ] && [ "$_LOC_REL_VERSION" = "squeeze" ] ; then 5658 st_runner "service nginx stop" &> /dev/null 5659 killall -9 nginx &> /dev/null 5660 5661 elif [ "$_LENNY_TO_SQUEEZE" = "YES" ] && [ "$_LOC_REL_VERSION" = "lenny" ] ; then 5662 st_runner "service nginx stop" &> /dev/null 5409 5663 killall -9 nginx &> /dev/null 5410 5664 fi 5411 5665 if [ "$_STATUS" = "UPGRADE" ] ; then … … if [ "$_STATUS" = "UPGRADE" ] ; then 5413 5667 mrun "sleep 1" 5414 5668 ###--------------------### 5415 5669 if [ -L "/usr/local/bin/php" ] ; then 5416 if [ -e "/usr/local/bin/php52" ] ; then5670 if [ -e "/usr/local/bin/php52" ] || [ "$_PHP_CLI_VERSION" = "5.2" ] ; then 5417 5671 rm -f /usr/local/bin/php 5418 mv -f /usr/local/bin/php52 /usr/local/bin/php 5672 if [ -e "/usr/local/bin/php52" ] ; then 5673 mv -f /usr/local/bin/php52 /usr/local/bin/php 5674 fi 5419 5675 fi 5420 5676 fi 5421 5677 ###--------------------### … … elif [ -x "/opt/local/bin/php" ] ; then 5436 5692 _PHP_NEW_BIN="/opt/local/bin/php" 5437 5693 fi 5438 5694 if [ -x "$_PHP_NEW_BIN" ] ; then 5439 _PHP_INSTALLED=`$_PHP_NEW_BIN -v | grep 'PHP 5' | cut -d: -f1 | awk '{ print $2}'` 5695 if [ "$_FULL_FORCE_REINSTALL" = "YES" ] ; then 5696 _PHP_INSTALLED=5.x 5697 else 5698 _PHP_INSTALLED=`$_PHP_NEW_BIN -v | grep 'PHP 5' | cut -d: -f1 | awk '{ print $2}'` 5699 fi 5440 5700 if [[ "$_PHP_INSTALLED" =~ "$_PHP_VERSION_NEW" ]] ; then 5441 5701 if [ "$_FROM_SOURCES" = "YES" ] ; then 5442 5702 if [[ "$_PHP_INSTALLED" =~ "~" ]] || [[ "$_PHP_INSTALLED" =~ "dotdeb" ]] || [[ "$_PHP_INSTALLED" =~ "ubuntu" ]] ; then … … else 5466 5726 fi 5467 5727 if [ "$_PHP_MODERN_ONLY" = "NO" ] ; then 5468 5728 if [ -x "/usr/local/bin/php" ] ; then 5469 _PHP_INSTALLED=`/usr/local/bin/php -v | grep 'PHP 5' | cut -d: -f1 | awk '{ print $2}'` 5729 if [ "$_FULL_FORCE_REINSTALL" = "YES" ] ; then 5730 _PHP_INSTALLED=5.x 5731 else 5732 _PHP_INSTALLED=`/usr/local/bin/php -v | grep 'PHP 5' | cut -d: -f1 | awk '{ print $2}'` 5733 fi 5470 5734 if [[ "$_PHP_INSTALLED" =~ "$_PHP_VERSION" ]] ; then 5471 5735 _PHP_INSTALL_REQUIRED=NO 5472 5736 msg "INFO: Installed PHP version $_PHP_INSTALLED, no upgrade required" … … if [ "$_UP_PHP" = "YES" ] && [ "$_FROM_SOURCES" = "YES" ] ; then 5542 5806 msg "INFO: PHP rebuild required to include upgraded libs" 5543 5807 fix_php_ext 5544 5808 fi 5545 if [ "$_REL_VERSION" = "oneiric" ] || [ "$_REL_VERSION" = "precise" ] ; then5809 if [ "$_REL_VERSION" = "oneiric" ] || [ "$_REL_VERSION" = "precise" ] || [ "$_REL_VERSION" = "wheezy" ] ; then 5546 5810 _PHP_EXTRA="" 5547 5811 else 5548 5812 _PHP_EXTRA="--with-ldap --with-gmp" … … if [ "$_REL_VERSION" = "precise" ] && [ ! -e "/var/log/precise-apc-fixed.log" ] 5579 5843 st_runner "$_INSTAPP php-apc" 2> /dev/null 5580 5844 touch /var/log/precise-apc-fixed.log 5581 5845 fi 5846 if [ "$_PHP_INSTALL_REQUIRED" = "YES" ] || [ "$_PHP_INSTALL_REQUIRED_NEW" = "YES" ] || [ "$_FULL_FORCE_REINSTALL" = "YES" ] ; then 5847 update_newrelic 5848 fi 5582 5849 st_runner "aptitude remove php5-sasl php5-suhosin -y" &> /dev/null 5583 5850 st_runner "apt-get purge php5-sasl php5-suhosin -y" &> /dev/null 5584 5851 if [ ! -L "/usr/bin/php-cli" ] ; then … … fi 5588 5855 5589 5856 5590 5857 ###--------------------### 5591 update_newrelic5592 5858 install_newrelic 5593 5859 5594 5860 … … fi 5830 6096 ###--------------------### 5831 6097 if [[ "$_XTRAS_LIST" =~ "SR4" ]] ; then 5832 6098 if [ ! -d "/opt/solr4" ] ; then 5833 if [ "$_REL_VERSION" = "precise" ] && [[ "$_APT_XTRA" =~ "openjdk-7-jdk" ]] ; then6099 if [[ "$_APT_XTRA" =~ "openjdk-7-jdk" ]] ; then 5834 6100 _REAL_JETTY=9 5835 6101 else 5836 6102 _REAL_JETTY=8 … … if [[ "$_XTRAS_LIST" =~ "SR4" ]] ; then 5845 6111 rm -f -r /opt/solr4 5846 6112 rm -f -r /opt/jetty9 5847 6113 rm -f /etc/jetty.conf 5848 if [ "$_REL_VERSION" = "precise" ] && [[ "$_APT_XTRA" =~ "openjdk-7-jdk" ]] ; then6114 if [[ "$_APT_XTRA" =~ "openjdk-7-jdk" ]] ; then 5849 6115 get_dev_arch "jetty-distribution-$_JETTY_9_VERSION.tar.gz" &> /dev/null 5850 6116 mv /var/opt/jetty-distribution-$_JETTY_9_VERSION /opt/jetty9 5851 6117 echo $_JETTY_9_VERSION > /opt/jetty9/jetty-$_JETTY_9_VERSION-version.txt … … if [[ "$_XTRAS_LIST" =~ "SR4" ]] ; then 5890 6156 chown -R jetty9:jetty9 /opt/solr4 5891 6157 chown -R jetty9:jetty9 /opt/jetty9 5892 6158 chown -R jetty9:jetty9 /var/log/jetty9 5893 if [ "$_REL_VERSION" = "precise" ] && [[ "$_APT_XTRA" =~ "openjdk-7-jdk" ]] ; then6159 if [[ "$_APT_XTRA" =~ "openjdk-7-jdk" ]] ; then 5894 6160 echo "JAVA=/usr/bin/java7 # Path to Java 1.7" > /etc/default/jetty9 5895 6161 echo "JAVA_HOME=/usr/lib/jvm/java-7-openjdk/jre # Path to Java 1.7" >> /etc/default/jetty9 5896 6162 else … … if [[ "$_XTRAS_LIST" =~ "SR4" ]] ; then 5906 6172 echo "JETTY_RUN=/var/run # Run directory" >> /etc/default/jetty9 5907 6173 echo "JETTY_PID=\$JETTY_RUN/jetty9.pid # Pid file" >> /etc/default/jetty9 5908 6174 echo "JAVA_OPTIONS=\"-Xms8m -Xmx128m -Djava.awt.headless=true -Dsolr.solr.home=/opt/solr4 \$JAVA_OPTIONS\" # Options" >> /etc/default/jetty9 5909 if [ "$_REL_VERSION" = "precise" ] && [[ "$_APT_XTRA" =~ "openjdk-7-jdk" ]] ; then6175 if [[ "$_APT_XTRA" =~ "openjdk-7-jdk" ]] ; then 5910 6176 true 5911 6177 else 5912 6178 sed -i "s/8/9/g" /opt/jetty9/bin/jetty.sh &> /dev/null … … if [ "$_STATUS" = "INIT" ] ; then 6265 6531 6266 6532 6267 6533 ###--------------------### 6268 mv -f /var/aegir/config/includes/global.inc /var/aegir/config/includes/global.inc-pre-$_INSTALLER_VERSION-$_NOW &> /dev/null 6534 if [ ! -L "/var/aegir/config/includes/global.inc" ] && [ -e "/var/aegir/config/includes/global.inc" ] ; then 6535 mv -f /var/aegir/config/includes/global.inc /var/aegir/config/includes/global.inc-pre-$_INSTALLER_VERSION-$_NOW &> /dev/null 6536 fi 6537 mkdir -p /data/conf 6269 6538 if [ -e "/var/aegir/config/server_master/nginx/pre.d/nginx_wild_ssl.conf" ] ; then 6270 cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/global.inc.ssl.aegir.txt / var/aegir/config/includes/global.inc6539 cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/global.inc.ssl.aegir.txt /data/conf/global.inc 6271 6540 else 6272 cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/global.inc.aegir.txt /var/aegir/config/includes/global.inc 6541 cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/global.inc.aegir.txt /data/conf/global.inc 6542 fi 6543 sed -i "s/3600/$_SPEED_VALID_MAX/g" /data/conf/global.inc &> /dev/null 6544 if [ -e "/var/aegir/config/includes" ] && [ ! -L "/var/aegir/config/includes/global.inc" ] && [ -e "/data/conf/global.inc" ] ; then 6545 rm -f /var/aegir/config/includes/global.inc 6546 ln -s /data/conf/global.inc /var/aegir/config/includes/global.inc 6273 6547 fi 6274 sed -i "s/3600/$_SPEED_VALID_MAX/g" /var/aegir/config/includes/global.inc &> /dev/null6275 6548 update_redis_password 6276 6549 force_advanced_nginx_config 6277 6550 if [ "$_DRUSH_VERSION" = "7.x-4.5" ] || [ "$_DRUSH_VERSION" = "4.6-dev" ] ; then … … if [ "$_STATUS" = "INIT" ] ; then 6295 6568 mv -f /etc/nginx/nginx.conf /etc/nginx/nginx.conf-old &> /dev/null 6296 6569 cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/nginx.conf /etc/nginx/nginx.conf 6297 6570 fi 6298 s ervice nginx reload&> /dev/null6571 st_runner "service nginx reload" &> /dev/null 6299 6572 mrun "sleep 1" 6300 6573 msg "INFO: Aegir Master Instance installation completed" 6301 6574 mrun "sleep 1" 6302 6575 else 6303 6576 echo " " 6304 if [ "$_ LENNY_TO_SQUEEZE" = "YES" ] && [ "$_LOC_REL_VERSION" = "lenny" ] ; then6577 if [ "$_SQUEEZE_TO_WHEEZY" = "YES" ] && [ "$_LOC_REL_VERSION" = "squeeze" ] ; then 6305 6578 msg "INFO: Aegir Master Instance upgrade skipped!" 6306 6579 echo " " 6307 msg "NOTE! You *must* reboot the server and then run Barracuda *again*" 6580 msg "NOTE! You *must* reboot the server and then run boa up-stable *again*" 6581 msg "NOTE! to complete all system upgrades and upgrade also" 6582 msg "NOTE! Aegir Master Instance securely" 6583 echo " " 6584 elif [ "$_LENNY_TO_SQUEEZE" = "YES" ] && [ "$_LOC_REL_VERSION" = "lenny" ] ; then 6585 msg "INFO: Aegir Master Instance upgrade skipped!" 6586 echo " " 6587 msg "NOTE! You *must* reboot the server and then run boa up-stable *again*" 6308 6588 msg "NOTE! to complete all system upgrades and upgrade also" 6309 6589 msg "NOTE! Aegir Master Instance securely" 6310 6590 echo " " … … EOF 6387 6667 sed -i "s/127.0.0.1:80/$_THISHTIP:80/g" /var/aegir/config/server_master/nginx/pre.d/nginx_wild_ssl.conf &> /dev/null 6388 6668 fi 6389 6669 sed -i "s/127.0.0.1:443/$_XTRAS_THISHTIP:443/g" /var/aegir/config/server_master/nginx/pre.d/nginx_wild_ssl.conf &> /dev/null 6670 mkdir -p /data/conf 6390 6671 if [ -e "/opt/tmp/$_BOA_REPO_NAME/aegir/conf/global.inc.ssl.aegir.txt" ] ; then 6391 mv -f /var/aegir/config/includes/global.inc /var/aegir/config/includes/global.inc-pre-$_INSTALLER_VERSION-$_NOW &> /dev/null 6392 cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/global.inc.ssl.aegir.txt /var/aegir/config/includes/global.inc 6672 cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/global.inc.ssl.aegir.txt /data/conf/global.inc 6393 6673 fi 6394 sed -i "s/3600/$_SPEED_VALID_MAX/g" /var/aegir/config/includes/global.inc &> /dev/null 6674 if [ -e "/var/aegir/config/includes" ] && [ ! -L "/var/aegir/config/includes/global.inc" ] && [ -e "/data/conf/global.inc" ] ; then 6675 rm -f /var/aegir/config/includes/global.inc 6676 ln -s /data/conf/global.inc /var/aegir/config/includes/global.inc 6677 fi 6678 sed -i "s/3600/$_SPEED_VALID_MAX/g" /data/conf/global.inc &> /dev/null 6395 6679 update_redis_password 6396 6680 killall -9 nginx &> /dev/null 6397 6681 mrun "sleep 1" 6398 s ervice nginx start&> /dev/null6682 st_runner "service nginx start" &> /dev/null 6399 6683 fi 6400 6684 fi 6401 6685 6402 6686 6403 6687 ###--------------------### 6404 6688 if [ -e "/var/aegir/config/server_master/nginx/pre.d" ] ; then 6405 if [ ! -e "/var/aegir/config/server_master/nginx/pre.d/nginx_speed_purge.conf" ] && [ "$_PURGE_MODE" = "ON" ] ; then 6406 cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/nginx_speed_purge.conf /var/aegir/config/server_master/nginx/pre.d/nginx_speed_purge.conf 6407 touch /var/log/nginx-speed-purge-$_INSTALLER_VERSION 6689 if [ "$_PURGE_MODE" = "ON" ] ; then 6690 if [ ! -e "/var/log/nginx-speed-purge-$_INSTALLER_VERSION" ] || [ ! -e "/var/aegir/config/server_master/nginx/pre.d/nginx_speed_purge.conf" ] ; then 6691 cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/nginx_speed_purge.conf /var/aegir/config/server_master/nginx/pre.d/nginx_speed_purge.conf 6692 touch /var/log/nginx-speed-purge-$_INSTALLER_VERSION 6693 fi 6408 6694 fi 6409 6695 fi 6410 6696 … … else 6786 7072 st_runner "update-rc.d -f php5-fpm remove" &> /dev/null 6787 7073 st_runner "service php53-fpm stop" &> /dev/null 6788 7074 killall -9 php-fpm &> /dev/null 7075 msg "INFO: Restarting $_DB_SERVER server" 7076 st_runner "service mysql restart" &> /dev/null 6789 7077 st_runner "service php53-fpm start" &> /dev/null 6790 7078 st_runner "service nginx reload" &> /dev/null 6791 7079 fi … … if [ ! -e "/root/.my.cnf" ] ; then 6812 7100 PXSWD="$_ESC_PASS" 6813 7101 fi 6814 7102 PASWD=`echo -n $PXSWD | tr -d "\n"` 7103 mysql -u root -e "FLUSH HOSTS;" &> /dev/null 6815 7104 mysql -u root -e "DELETE FROM mysql.user WHERE User='';" &> /dev/null 6816 7105 mysql -u root -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');" &> /dev/null 6817 7106 mysql -u root -e "DROP DATABASE test;" &> /dev/null … … if [ ! -e "/root/.my.cnf" ] ; then 6822 7111 mrun "sleep 1" 6823 7112 echo "[client]" > /root/.my.cnf 6824 7113 echo "user=root" >> /root/.my.cnf 6825 echo "password= '$PASWD'" >> /root/.my.cnf7114 echo "password=$PASWD" >> /root/.my.cnf 6826 7115 chmod 0600 /root/.my.cnf 7116 echo "db=mysql" > /root/.mytop 7117 chmod 0600 /root/.mytop 6827 7118 if [ "$_THIS_DB_HOST" = "localhost" ] ; then 6828 7119 echo "skip-name-resolve" > /etc/mysql/skip-name-resolve.txt 6829 7120 else … … else 6855 7146 if [ ! -z "$_ESC_PASS" ] ; then 6856 7147 cp -af /root/.my.cnf /root/.my.cnf-pre-$_INSTALLER_VERSION-$_NOW 6857 7148 cp -af /root/.my.pass.txt /root/.my.pass.txt-pre-$_INSTALLER_VERSION-$_NOW 7149 mysql -u root -e "FLUSH HOSTS;" &> /dev/null 6858 7150 mysql -u root -e "DELETE FROM mysql.user WHERE User='';" &> /dev/null 6859 7151 mysql -u root -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');" &> /dev/null 6860 7152 mysql -u root -e "DROP DATABASE test;" &> /dev/null … … else 6863 7155 mysql -u root -e "FLUSH PRIVILEGES;" &> /dev/null 6864 7156 echo "[client]" > /root/.my.cnf 6865 7157 echo "user=root" >> /root/.my.cnf 6866 echo "password= '$_ESC_PASS'" >> /root/.my.cnf7158 echo "password=$_ESC_PASS" >> /root/.my.cnf 6867 7159 chmod 0600 /root/.my.cnf 7160 echo "db=mysql" > /root/.mytop 7161 chmod 0600 /root/.mytop 6868 7162 echo "$_ESC_PASS" > /root/.my.pass.txt 6869 7163 echo " " 6870 7164 if [ "$_STRONG_PASSWORDS" = "YES" ] ; then … … msg "INFO: New entry added to /var/log/barracuda_log.txt" 6901 7195 6902 7196 6903 7197 ###--------------------### 6904 if [ ! -e "/var/log/sysctl.conf.vm.swap. tuned.log" ] ; then7198 if [ ! -e "/var/log/sysctl.conf.vm.swap.cache.tuned.log" ] ; then 6905 7199 cp -af /etc/sysctl.conf /etc/sysctl.conf-pre-$_INSTALLER_VERSION-$_NOW &> /dev/null 6906 7200 cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/sysctl.conf /etc/sysctl.conf 6907 /sbin/sysctl -p &> /dev/null6908 sysctl vm.swappiness=20 &> /dev/null6909 sysctl kernel.randomize_va_space=2 &> /dev/null6910 sysctl net.ipv4.tcp_syncookies=1 &> /dev/null6911 touch /var/log/sysctl.conf.vm.swap.tuned.log6912 7201 if [ -e "/boot/grub/menu.lst" ] ; then 6913 7202 msg "INFO: Cleaning up system swap, it may take a moment, please wait..." 6914 7203 mrun "sleep 1" 6915 echo "vm.overcommit_memory = 1" >> /etc/sysctl.conf6916 sysctl vm.overcommit_memory=1&> /dev/null7204 echo "vm.overcommit_memory = 0" >> /etc/sysctl.conf 7205 sysctl -p /etc/sysctl.conf &> /dev/null 6917 7206 st_runner "swapoff -a" &> /dev/null 6918 7207 st_runner "swapon -a" &> /dev/null 7208 else 7209 sysctl -p /etc/sysctl.conf &> /dev/null 6919 7210 fi 7211 touch /var/log/sysctl.conf.vm.swap.cache.tuned.log 6920 7212 fi 6921 7213 APTEMAIL=${_MY_EMAIL//\@/\\\@} 6922 7214 XPTEMAIL=${_MY_EMAIL//\@/\\\\\@} … … sed -i "s/root/$_MY_EMAIL/g" /etc/apticron/apticron.conf &> /dev/n 6926 7218 sed -i "s/notify\\\@omega8.cc/$XPTEMAIL/g" /var/xdrago/checksql.cgi &> /dev/null 6927 7219 sed -i "s/notify\\\@omega8.cc/$XPTEMAIL/g" /var/xdrago/usage.sh &> /dev/null 6928 7220 sed -i "s/notify\\\@omega8.cc/$XPTEMAIL/g" /var/xdrago/monitor/check/segfault_alert &> /dev/null 7221 sed -i "s/notify\\\@omega8.cc/$XPTEMAIL/g" /var/xdrago/monitor/check/escapecheck &> /dev/null 6929 7222 if [ -e "/usr/sbin/apticron" ] ; then 6930 7223 if [[ "$_INSTALLER_VERSION" =~ "dev" ]] && [ "$_AEGIR_VERSION" = "HEAD" ] ; then 6931 sed -i "s/aptitude full-upgrade/barracuda up-head/g" /usr/sbin/apticron &> /dev/null 6932 sed -i "s/apt-get dist-upgrade/barracuda up-head/g" /usr/sbin/apticron &> /dev/null 7224 sed -i "s/aptitude full-upgrade/barracuda up-head system/g" /usr/sbin/apticron &> /dev/null 7225 sed -i "s/apt-get dist-upgrade/barracuda up-head system/g" /usr/sbin/apticron &> /dev/null 7226 sed -i "s/barracuda up-head.*/barracuda up-head system/g" /usr/sbin/apticron &> /dev/null 6933 7227 else 6934 sed -i "s/aptitude full-upgrade/barracuda up-stable/g" /usr/sbin/apticron &> /dev/null 6935 sed -i "s/apt-get dist-upgrade/barracuda up-stable/g" /usr/sbin/apticron &> /dev/null 7228 sed -i "s/aptitude full-upgrade/barracuda up-stable system/g" /usr/sbin/apticron &> /dev/null 7229 sed -i "s/apt-get dist-upgrade/barracuda up-stable system/g" /usr/sbin/apticron &> /dev/null 7230 sed -i "s/barracuda up-stable.*/barracuda up-stable system/g" /usr/sbin/apticron &> /dev/null 6936 7231 fi 6937 7232 fi 6938 7233 if [ "$_STATUS" = "INIT" ] ; then … … if [ "$_STATUS" = "INIT" ] ; then 6976 7271 fi 6977 7272 force_advanced_nginx_config 6978 7273 mrun "sleep 8" 6979 s ervice nginx restart&> /dev/null7274 st_runner "service nginx restart" &> /dev/null 6980 7275 else 6981 7276 if [ -e "/var/aegir/config/server_master/nginx/pre.d/nginx_wild_ssl.conf" ] && [ ! -e "/var/log/nginx-ssl-fixed-$_INSTALLER_VERSION" ] ; then 6982 7277 sed -i "s/SSLv3 TLSv1;/SSLv3 TLSv1 TLSv1.1 TLSv1.2;/g" /var/aegir/config/server_master/nginx/pre.d/* &> /dev/null 6983 7278 sed -i "s/HIGH:\!ADH:\!MD5;/RC4:HIGH:\!aNULL:\!MD5;/g" /var/aegir/config/server_master/nginx/pre.d/* &> /dev/null 6984 7279 touch /var/log/nginx-ssl-fixed-$_INSTALLER_VERSION 6985 7280 fi 6986 s ervice nginx reload&> /dev/null7281 st_runner "service nginx reload" &> /dev/null 6987 7282 fi 6988 7283 6989 7284 … … if [ -e "/etc/csf/csf.deny" ] && [ -e "/usr/sbin/csf" ] && [ -e "/var/xdrago/gue 7134 7429 sed -i "s/.*fire.*//g" /etc/crontab &> /dev/null 7135 7430 sed -i "s/.*water.*//g" /etc/crontab &> /dev/null 7136 7431 if [[ "$_THISHOST" =~ ".host8." ]] ; then 7137 if [ -e "/opt/fire.sh" ] && [ -e "/opt/water.sh" ] ; then 7432 if [ "$_VMFAMILY" = "VS" ] ; then 7433 true 7434 else 7138 7435 echo "*/1 * * * * root bash /var/xdrago/guest-fire.sh >/dev/null 2>&1" >> /etc/crontab 7139 7436 echo "01 * * * * root bash /var/xdrago/guest-water.sh >/dev/null 2>&1" >> /etc/crontab 7140 7437 fi … … if [ -e "/etc/csf/csf.deny" ] && [ -e "/usr/sbin/csf" ] && [ -e "/var/xdrago/gue 7143 7440 echo "01 * * * * root bash /var/xdrago/guest-water.sh >/dev/null 2>&1" >> /etc/crontab 7144 7441 fi 7145 7442 sed -i "/^$/d" /etc/crontab &> /dev/null 7443 else 7444 sed -i "s/.*fire.*//g" /etc/crontab &> /dev/null 7445 sed -i "s/.*water.*//g" /etc/crontab &> /dev/null 7446 sed -i "/^$/d" /etc/crontab &> /dev/null 7146 7447 fi 7147 7448 killall -9 memcached &> /dev/null 7148 7449 chmod 0750 /sbin/audispd &> /dev/null -
BOA.sh.txt
diff --git a/BOA.sh.txt b/BOA.sh.txt index dd502f8..ff0d80c 100644
a b setup () 75 75 76 76 ###--------------------### 77 77 if [ `whoami` = "root" ] ; then 78 chmod a+w /dev/null 78 79 setup 79 80 exit 0 80 81 else -
CHANGELOG.txt
diff --git a/CHANGELOG.txt b/CHANGELOG.txt index 1e9cc21..d324f94 100644
a b 1 1 2 ### Stable BOA-2.0.9 Release - Barracuda Edition 3 ### Date: Thu May 9 11:25:59 EDT 2013 4 ### Includes Aegir from BOA-2.0.8 Edition 5 6 # This is the first Barracuda-only Edition, released to address important 7 security issue with Nginx server and provide system level upgrades. 8 9 This Edition will not upgrade Aegir Master nor Aegir Satellite Instances, 10 because there was no new Drupal core released since BOA-2.0.8 Edition and 11 there were not enough updates to built-in platforms or contrib accumulated. 12 13 Releasing Barracuda-only Edition separately from full Edition allows us 14 to address system/services security issues without any extra delay, 15 while releasing Octopus-only Edition will allow us to provide Drupal core 16 or Aegir version upgrades, without affecting system level services. 17 18 There is also another reason why separate releases will be useful. 19 BOA-2.0.9 is the last Edition where Aegir 2.x uses still old Drush 4.6 20 in the backend. We need to sync BOA specific Aegir 2.x with upstream 21 and finally switch to Drush 5, or even Drush 6, if possible. 22 23 This change, however, may cause issues if you still host legacy Drupal 5 24 or some old Drupal 6 sites, with either core or contrib not compatible 25 with PHP 5.3, which is now used by default. 26 27 That is why we plan to introduce ability to install older/previous 28 Barracuda and/or Octopus release, if you need more time to upgrade. 29 30 # New features and enhancements in this release: 31 32 * Debian 7.0 Wheezy support. 33 * Automated upgrade from Squeeze with _SQUEEZE_TO_WHEEZY=YES option. 34 * Added config template with inline how-to in docs/cnf/barracuda.cnf 35 * Added config template with inline how-to in docs/cnf/octopus.cnf 36 * Added passwords encryption how-to in docs/BLOWFISH.txt 37 * Added the list of symbols used on install in docs/PLATFORMS.txt 38 * Forced mysql restart if there are too many high CPU mysqld processes. 39 * Improved docs/NOTES.txt 40 * Improved docs/README.txt 41 * Install libpam-unix2 and libxcrypt1 by default. 42 * Install s3cmd by default. 43 * Issue #1974640 - Allow to use Midnight Commander for limited shell users. 44 * Limited Shell Logs Monitor enabled by default. 45 * Nginx: Check for Linux/Cdorked.A malware and delete if discovered. 46 * Re-generate and sync Aegir passwords before and after instance upgrade. 47 * The silent 'system' mode documented in docs/UPGRADE.txt 48 * Allow to exclude platform from otherwise forced `drush en entitycache -y` 49 if sites/all/modules/entitycache_dont_enable.info control file is present. 50 51 # Changes in this release: 52 53 * Nginx 1.5.0 - security upgrade for CVE-2013-2028 54 * PHP 5.3.25 55 * Redis 2.6.13 56 * Do not disable update module in platforms known to include it as required. 57 * Firewall: Open port 1129 for outgoing connections (some gateways need it). 58 * Force syslog module as disabled by default and save some disk I/O. 59 * Tune kernel to always use max RAM and not swap, if possible. 60 61 # Fixes in this release: 62 63 * Add outgoing port 25 SMTP to the list of requirements. 64 * Firewall: Add truly permanent block for heavy abusers. 65 * Fix for mytop support, available again on systems with MariaDB. 66 * Fix permissions in the /data/all tree if required. 67 * Fix the order of checks - they scan only the last (current) minute. 68 * Force _STRONG_PASSWORDS=NO if locales still look broken on second check. 69 * Improve detecting no longer running drush.php and/or cron PHP processes. 70 * Improve fix_locales logic. 71 * Improve global.inc symlinking on initial install and upgrade. 72 * Improve messages displayed when fix_locales discovers broken locales. 73 * Improve monitoring to avoid duplicate entries on low traffic systems. 74 * Improve sanitize_string() filtering to avoid issues with strong passwords. 75 * Improve syncpass tool - Update system user passwd and flush privileges. 76 * Issue #1961226 - Warning: Could not change permissions of sites/all to 751. 77 * Issue #1962458 - 403 for anonymous users on node/add. 78 * Issue #1963044 - Force UTF-8 locales if not present/configured properly. 79 * Issue #1974542 - Use /root/.home.no.wildcard.chmod.cnf control file. 80 * Issue #1987936 - Restore ability to install PHP 5.2 for FPM and CLI. 81 * Make sure that /dev/null is writable for everyone. 82 * Make sure that all drushrc.php files are owned by Aegir system user. 83 * Make sure that all expected sites/all/{modules,themes,libraries} dirs exist. 84 * Make sure that DB server is restarted on upgrade after config tuning. 85 * Make sure that pdnsd and resolvconf are properly installed. 86 * Nginx: Remove duplicate Vary: Accept-Encoding headers. 87 * Percona no longer supports older Ubuntu non-LTS releases. 88 * PHP: Do not reload FPM every hour - it may cause error 502. 89 * PHP: Fix paths depending on CLI version used. 90 * PHP: Fix the extensions installation and upgrade logic. 91 * PHP: Make sure that the FPM port is set correctly for D6 sites with 5.2 92 * PHP: Properly uninstall all related packages when using source build. 93 * PHP: Start more FPM workers on systems with enough RAM by default. 94 * Purge bin logs before disabling them. 95 * Run NewRelic re-install early enough to avoid locking full-upgrade. 96 * Sync the load limits for spiders and backend tasks. 97 * The Java/Jetty monitor should use higher allowed limits by default. 98 * Update apticron message to recommend system mode instead of full upgrade. 99 * Update docs for _BUILD_FROM_SRC option. 100 * Use aggressive enough Jetty restart procedure on nightly services reload. 101 * Use correct status messages on install and upgrade. 102 * Use installer and not Aegir version download on stable install/upgrade. 103 104 2 105 ### Stable Edition BOA-2.0.8 3 106 ### Date: Mon Apr 8 01:41:36 CEST 2013 4 107 ### Installs Aegir 2.x -
OCTOPUS.sh.txt
diff --git a/OCTOPUS.sh.txt b/OCTOPUS.sh.txt index f1271a6..85ac0d4 100755
a b _REMOTE_CACHE_IP=127.0.0.1 466 466 ### You should use this option only when you 467 467 ### already used it with initial Barracuda 468 468 ### install. It will override any defined 469 ### above _MY_OWNIP value ,disable DNS test470 ### a nd enable drush debug mode automatically.469 ### above _MY_OWNIP value and disable DNS test 470 ### automatically. 471 471 ### 472 472 _LOCAL_NETWORK_IP="" 473 473 … … _STRONG_PASSWORDS=NO 506 506 ### DON'T EDIT ANYTHING BELOW THIS LINE ### 507 507 ###----------------------------------------### 508 508 509 _INSTALLER_VERSION=BOA-2.0. 8509 _INSTALLER_VERSION=BOA-2.0.9 510 510 511 511 ### 512 512 ### Variables … … _CIVICRM_PN=boa-2.0.8-dev 542 542 _CIVICRM6=3.4.8 543 543 _COD=6.x-1.0-rc2 544 544 _COM_MERCE=7.x-2.6 545 _COMMERCE=7.x-1.1 6545 _COMMERCE=7.x-1.18 546 546 _D6COMMONS=6.x-2.12 547 547 _D7COMMONS=7.x-3.2 548 548 _DRUPAL5=5.23.50 … … _MARTPLUG=7.x-1.x-dev 556 556 _NODESTREAM6=6.x-1.5 557 557 _NODESTREAM7=7.x-2.0-rc5 558 558 _OCTOPUS_VIDEO=1.0-alpha6 559 _OPEN_DEALS=1. 19559 _OPEN_DEALS=1.20 560 560 _OPENACADEMY=7.x-1.0-beta3 561 561 _OPENATRIUM=6.x-1.7 562 562 _OPENCHURCH=7.x-1.11-beta9 563 _OPENDEALS=7.x-1. 19563 _OPENDEALS=7.x-1.20 564 564 _OPENENTERPRISE=7.x-1.0-rc3 565 _OPENOUTREACH=7.x-1.0-rc1 0565 _OPENOUTREACH=7.x-1.0-rc11 566 566 _OPENPUBLIC=beta3-build100 567 567 _OPENPUBLISH=7.x-1.0-beta7 568 568 _OPENSCHOLAR=2.0-rc1 … … sub_force_advanced_nginx_config_main () { 823 823 else 824 824 sed -i "s/127.0.0.1:9000/127.0.0.1:9090/g" $_THIS_NGX_PATH/nginx_advanced_include.conf &> /dev/null 825 825 fi 826 else 827 if [ "$_USE_STOCK" = "NO" ] ; then 828 sed -i "s/127.0.0.1:9090/127.0.0.1:9000/g" $_THIS_NGX_PATH/nginx_octopus_include.conf &> /dev/null 829 else 830 sed -i "s/127.0.0.1:9090/127.0.0.1:9000/g" $_THIS_NGX_PATH/nginx_advanced_include.conf &> /dev/null 831 fi 826 832 fi 827 833 fi 828 834 } … … _STATUS=INIT 1067 1073 # 1068 1074 # Make sure it is running as root 1069 1075 if [ `whoami` = "root" ] ; then 1070 true1076 chmod a+w /dev/null 1071 1077 else 1072 1078 msg "ERROR: This script should be ran as a root user - please `sudo -i` first" 1073 1079 msg "Bye" … … if [ "$_AEGIR_VERSION" = "HEAD" ] ; then 1233 1239 cd /opt/tmp 1234 1240 fi 1235 1241 else 1236 wget -q -U iCab http://files.aegir.cc/versions/nginx-for-drupal-$_ AEGIR_VERSION.tar.gz1237 gunzip -q -c nginx-for-drupal-$_ AEGIR_VERSION.tar.gz | tar -xf -1238 rm -f nginx-for-drupal-$_ AEGIR_VERSION.tar.gz1242 wget -q -U iCab http://files.aegir.cc/versions/nginx-for-drupal-$_INSTALLER_VERSION.tar.gz 1243 gunzip -q -c nginx-for-drupal-$_INSTALLER_VERSION.tar.gz | tar -xf - 1244 rm -f nginx-for-drupal-$_INSTALLER_VERSION.tar.gz 1239 1245 _BOA_REPO_NAME="nginx-for-drupal" 1240 1246 fi 1241 1247 if [ ! -e "/opt/tmp/$_BOA_REPO_NAME/aegir/helpers/apt.conf.noninteractive" ] ; then -
README.txt
diff --git a/README.txt b/README.txt index b08d4e1..57b072a 100644
a b to the standard production settings. 74 74 ### SUPPORTED LTS OS 32/64bit - minimal on server or desktop on localhost 75 75 76 76 * Debian 6.0 Squeeze (recommended) - 12 min install, 3 min upgrade 77 * Debian 7.0 Wheezy - 30 min install, 15 min upgrade 77 78 * Ubuntu Precise 12.04 - 12 min install, 3 min upgrade 78 79 * Ubuntu Lucid 10.04 - 30 min install, 15 min upgrade 79 80 … … NOTE: Average time to install and upgrade tested with PHP 5.3 option 95 96 ### OTHER REQUIREMENTS 96 97 97 98 * The Git standard port 9418 must be open. 99 * SMTP standard port 25 (or SMTP relay) must be open for outgoing connections. 98 100 * Minimum 512 MB of RAM. 101 * Locales with UTF-8 support, otherwise en_US.UTF-8 (default) is forced. 99 102 * Basic sysadmin skills and experience. 100 103 101 104 102 105 ### PROVIDES 103 106 107 === Included by default - see docs/NOTES.txt for details 108 104 109 * All libraries & tools required to install and run Nginx based Aegir system. 105 * Latest release of MariaDB 5.5 or Percona 5.5 database server. 106 * Latest version of Nginx web server with upload progress and Boost support. 107 * PHP-FPM 5.3.23 with APC, phpredis, uploadprogress and ionCube. 108 * PHP-FPM 5.2.17 with APC, phpredis, uploadprogress and ionCube. 109 * Redis cache server with standard DB auto-failover. 110 * New Relic Server and Apps Monitor with per Site/Instance/Server reporting. 110 * Latest release of MariaDB 5.5 database server with Chive manager. 111 * Latest version of Nginx web server. 112 * PHP-FPM 5.3.25 with APC, phpredis, uploadprogress and ionCube. 113 * Fast Redis Cache with DB auto-failover for all 6.x and 7.x platforms. 114 * Fast proxy DNS server (pdnsd) with permanent caching. 115 * Limited shell, SFTP and FTPS separate accounts per Octopus instance. 116 * Limited Shell and FTPS accounts per Aegir Client with per site access. 117 * Drush and Drush Make access - drush4, drush5 and drush6 on command line. 118 * HTTPS access with self-signed certificate for all hosted sites. 119 * Magic Speed Booster cache, working like a Boost + AuthCache, but per user. 111 120 * Entry level XSS built-in protection on the Nginx level. 121 * Firewall csf/lfd integrated with Nginx abuse guard. 122 * PHP errors debugging, including WSOD, enabled on the fly on dev. aliases. 123 * Boost, AdvAgg, Domain Access and Drupal for Facebook built-in support. 124 * Built-in collection of useful modules available in all platforms. 112 125 * Autonomous Maintenance & Auto-Healing scripts in /var/xdrago. 126 * Every 10 seconds uptime/self-healing local monitoring. 113 127 * Automated, rotated daily backups for all databases in /data/disk/arch/sql. 114 * MultiCore Apache Solr 1.4.1 with Jetty 7 (optional). 115 * MultiCore Apache Solr 3.6.2 with Jetty 8 (optional). 116 * MultiCore Apache Solr 4.2.0 with Jetty 8 or 9 on Precise (optional). 117 * Fast proxy DNS server (pdnsd) with permanent caching. 118 * Bind9 DNS server integrated with experimental Aegir DNS feature (optional). 119 * Webmin Control Panel (optional). 120 * Compass Tools (optional). 121 * Firewall csf/lfd integrated with Nginx abuse guard (optional). 122 * Chive database manager in "chive." subdomain (optional). 123 * SQL Buddy database manager in "sqlbuddy." subdomain (optional). 124 * Collectd server monitor in "cgp." subdomain (optional). 125 * Limited shell, SFTP and FTPS separate accounts per Octopus instance. 126 * Limited shell and FTPS separate accounts per Aegir Client/Developer. 128 129 === Optional add-ons - see docs/NOTES.txt for details 130 131 * MultiCore Apache Solr 1.4.1 with Jetty 7 - see docs/SOLR.txt for details. 132 * MultiCore Apache Solr 3.6.2 with Jetty 8 - see docs/SOLR.txt for details. 133 * MultiCore Apache Solr 4.2.0 with Jetty 8 or Jetty 9 on Precise and Wheezy. 134 * Fast Redis Lock support with DB auto-failover for all 6.x and 7.x platforms. 135 * Latest release of Percona 5.5 database server. 136 * New Relic Server and Apps Monitor with per Site/Instance/Server reporting. 137 * LDAP Nginx support via third-party module. 138 * MongoDB driver for PHP 5.3 139 * GEOS extension for PHP 5.3 (experimental). 140 * FFmpeg support. 141 * PHP-FPM 5.2.17 with APC, phpredis, uploadprogress and ionCube (deprecated). 142 * Bind9 DNS server. 143 * Webmin Control Panel. 144 * SQL Buddy database manager. 145 * Collectd server monitor. 146 * Compass Tools. 127 147 128 148 129 149 ### OCTOPUS PLATFORMS … … Octopus can install the platforms listed below: 133 153 ### Drupal 7.22.1 134 154 135 155 CiviCRM 4.2.8 ---------------- http://civicrm.org 136 Commerce 1.1 6---------------- http://drupal.org/project/commerce_kickstart156 Commerce 1.18 ---------------- http://drupal.org/project/commerce_kickstart 137 157 Commerce 2.6 ----------------- http://drupal.org/project/commerce_kickstart 138 158 Commons 3.2 ------------------ http://drupal.org/project/commons 139 159 Drupal 7.22.1 ---------------- http://drupal.org/drupal-7.22 140 160 NodeStream 2.0-rc5 ----------- http://drupal.org/project/nodestream 141 Open Deals 1. 19-------------- http://drupal.org/project/opendeals142 Open Outreach 1.0-rc1 0------- http://drupal.org/project/openoutreach161 Open Deals 1.20 -------------- http://drupal.org/project/opendeals 162 Open Outreach 1.0-rc11 ------- http://drupal.org/project/openoutreach 143 163 OpenChurch 1.11-beta9 -------- http://drupal.org/project/openchurch 144 164 OpenPublish 3.0-beta7 -------- http://drupal.org/project/openpublish 145 Panopoly 1.0-rc4 a------------ http://drupal.org/project/panopoly165 Panopoly 1.0-rc4 ------------- http://drupal.org/project/panopoly 146 166 Ubercart 3.4.1 --------------- http://drupal.org/project/ubercart 147 167 148 168 ### Pressflow 6.28.1 … … as [D6] and/or [D7]. 227 247 Contrib: 228 248 229 249 admin ---------------------- [D6,D7] --- [S] [B] [SE] 230 advagg --------------------- [D6 ] ------ [S]250 advagg --------------------- [D6,D7] --- [S] 231 251 ais ------------------------ [D7] ------ [S] 232 252 audio ---------------------- [D5,D6] --- [S] 233 253 backup_migrate ------------- [D6,D7] --- [S] [B] … … Contrib: 250 270 filefield_nginx_progress --- [D6,D7] --- [S] [B] 251 271 flood_control -------------- [D7] ------ [S] [B] 252 272 fpa ------------------------ [D6,D7] --- [S] [B] 273 httprl --------------------- [D6,D7] --- [S] [B] 253 274 imagecache ----------------- [D6,D7] --- [S] 254 275 imagecache_external -------- [D6,D7] --- [S] 255 276 javascript_aggregator ------ [D6] -------------- [FD] … … Contrib: 257 278 login_security ------------- [D6,D7] --- [S] [B] 258 279 nocurrent_pass ------------- [D7] ------ [S] [B] 259 280 performance ---------------- [D6,D7] ----------- [FD] 281 phpass --------------------- [D6] ------ [S] [B] 260 282 poormanscron --------------- [D6] -------------- [FD] 261 283 private_upload ------------- [D6] ------ [S] [B] 262 284 purge ---------------------- [D6,D7] ----------- [FD] … … Core: 285 307 cookie_cache_bypass -------- [D6] -------------- [FD] 286 308 dblog ---------------------- [D6,D7] ----------- [FD] 287 309 path_alias_cache ----------- [D6] -------------- [FE] 288 syslog --------------------- [D6,D7] ----------- [F E]310 syslog --------------------- [D6,D7] ----------- [FD] 289 311 290 312 Drush [E]xtensions [M]aster [S]atellite: 291 313 -
new file aegir/conf/barracuda-release.txt
diff --git a/aegir/conf/barracuda-release.txt b/aegir/conf/barracuda-release.txt new file mode 100644 index 0000000..e387105
- + 1 BOA-2.0.9 -
new file aegir/conf/barracuda-version.txt
diff --git a/aegir/conf/barracuda-version.txt b/aegir/conf/barracuda-version.txt new file mode 100644 index 0000000..e387105
- + 1 BOA-2.0.9 -
aegir/conf/boa.bashrc.txt
diff --git a/aegir/conf/boa.bashrc.txt b/aegir/conf/boa.bashrc.txt index 7fcc515..2cd0f69 100644
a b 1 1 #------------------------------------------------------------- 2 # BOA-2.0. 8default .bashrc2 # BOA-2.0.9 default .bashrc 3 3 #------------------------------------------------------------- 4 4 5 5 ulimit -S -c 0 -
aegir/conf/csf.conf
diff --git a/aegir/conf/csf.conf b/aegir/conf/csf.conf index cd83468..75cf7ff 100644
a b AUTO_UPDATES = "0" 40 40 TCP_IN = "20,21,22,25,53,80,443,2401,5280,9418,30000:50000" 41 41 42 42 # Allow outgoing TCP ports 43 TCP_OUT = "20,21,22,25,53,80,110,143,443,465,587,873,993,995, 2401,3306,5280,9418,11371,27017,30000:50000"43 TCP_OUT = "20,21,22,25,53,80,110,143,443,465,587,873,993,995,1129,2401,3306,5280,9418,11371,27017,30000:50000" 44 44 45 45 # Allow incoming UDP ports 46 46 UDP_IN = "20,21,53,123,161,33434:33523" -
aegir/conf/etc-apt-preferences-debian.txt
diff --git a/aegir/conf/etc-apt-preferences-debian.txt b/aegir/conf/etc-apt-preferences-debian.txt index e91047b..e8deaa8 100644
a b Pin-Priority: 1003 5 5 Package: * 6 6 Pin: origin ftp.osuosl.org 7 7 Pin-Priority: 1002 8 9 Package: nginx-extras redis-server php5-apc php5-cli php5-common php5-curl php5-dev php5-ffmpeg php5-fpm php5-gd php5-geoip php5-gmp php5-imagick php5-imap php5-json php5-ldap php5-mcrypt php5-mhash php5-mysql php-pear php5-sasl php5-sqlite php5-suhosin php5-xmlrpc php5-xsl10 Pin: origin packages.dotdeb.org11 Pin-Priority: 1001 -
new file aegir/conf/etc-apt-preferences-squeeze.txt
diff --git a/aegir/conf/etc-apt-preferences-squeeze.txt b/aegir/conf/etc-apt-preferences-squeeze.txt new file mode 100644 index 0000000..1396935
- + 1 Package: * 2 Pin: origin repo.percona.com 3 Pin-Priority: 1003 4 5 Package: * 6 Pin: origin ftp.osuosl.org 7 Pin-Priority: 1002 8 9 Package: nginx-extras php5-apc php5-cli php5-common php5-curl php5-dev php5-ffmpeg php5-fpm php5-gd php5-geoip php5-gmp php5-imagick php5-imap php5-json php5-ldap php5-mcrypt php5-mhash php5-mysql php-pear php5-sasl php5-sqlite php5-suhosin php5-xmlrpc php5-xsl 10 Pin: origin packages.dotdeb.org 11 Pin-Priority: 1001 -
new file aegir/conf/etc-apt-preferences-wheezy.txt
diff --git a/aegir/conf/etc-apt-preferences-wheezy.txt b/aegir/conf/etc-apt-preferences-wheezy.txt new file mode 100644 index 0000000..e8deaa8
- + 1 Package: * 2 Pin: origin repo.percona.com 3 Pin-Priority: 1003 4 5 Package: * 6 Pin: origin ftp.osuosl.org 7 Pin-Priority: 1002 -
aegir/conf/global.inc.aegir.txt
diff --git a/aegir/conf/global.inc.aegir.txt b/aegir/conf/global.inc.aegir.txt index c28e6bc..36b8c31 100644
a b if ($conf['install_profile'] == 'hostmaster' && isset($_SERVER['HTTP_USER_AGENT' 87 87 } 88 88 89 89 $da_inc = FALSE; 90 $deny_anon = FALSE; 90 91 $drupal_eight = FALSE; 91 92 $drupal_five = FALSE; 92 93 $drupal_seven = FALSE; … … if (isset($_SERVER['HTTP_HOST']) && isset($_SERVER['SERVER_NAME'])) { 374 375 } 375 376 } 376 377 377 if (empty($known_bot) && !$high_traffic) { 378 if (!isset($_COOKIE[$test_sess_name])) { 379 if (preg_match("/\/(?:node\/[0-9]+\/edit|node\/add)/", $_SERVER['REQUEST_URI'])) { 380 if (!file_exists('sites/'. $_SERVER['SERVER_NAME'] .'/modules/allow_anon_node_add.info')) { 381 $deny_anon = TRUE; 382 header("HTTP/1.1 301 Moved Permanently"); 383 header("Location: http://" . $_SERVER['SERVER_NAME'] . "/"); 384 } 385 } 386 if (preg_match("/^\/(?:[a-z]{2}\/)?(?:admin|logout|privatemsg|approve)/", $_SERVER['REQUEST_URI'])) { 387 $deny_anon = TRUE; 388 header("HTTP/1.1 301 Moved Permanently"); 389 header("Location: http://" . $_SERVER['SERVER_NAME'] . "/"); 390 } 391 } 392 393 if (empty($known_bot) && !$high_traffic && !$deny_anon) { 378 394 if (preg_match("/^\/(?:[a-z]{2}\/)?(?:user|admin|cart|checkout|logout|privatemsg)/", $_SERVER['REQUEST_URI']) || 379 395 preg_match("/\/(?:node\/[0-9]+\/edit|node\/add|comment\/reply|approve|users|ajax_comments)/", $_SERVER['REQUEST_URI']) || 380 396 preg_match("/(?:dev\.|devel\.)/", $_SERVER['HTTP_HOST'])) { -
aegir/conf/global.inc.ssl.aegir.txt
diff --git a/aegir/conf/global.inc.ssl.aegir.txt b/aegir/conf/global.inc.ssl.aegir.txt index bf42bbd..189682e 100644
a b if ($conf['install_profile'] == 'hostmaster' && isset($_SERVER['HTTP_USER_AGENT' 95 95 } 96 96 97 97 $da_inc = FALSE; 98 $deny_anon = FALSE; 98 99 $drupal_eight = FALSE; 99 100 $drupal_five = FALSE; 100 101 $drupal_seven = FALSE; … … if (isset($_SERVER['HTTP_HOST']) && isset($_SERVER['SERVER_NAME'])) { 382 383 } 383 384 } 384 385 385 if (empty($known_bot) && !$high_traffic) { 386 if (!isset($_COOKIE[$test_sess_name])) { 387 if (preg_match("/\/(?:node\/[0-9]+\/edit|node\/add)/", $_SERVER['REQUEST_URI'])) { 388 if (!file_exists('sites/'. $_SERVER['SERVER_NAME'] .'/modules/allow_anon_node_add.info')) { 389 $deny_anon = TRUE; 390 header("HTTP/1.1 301 Moved Permanently"); 391 header("Location: http://" . $_SERVER['SERVER_NAME'] . "/"); 392 } 393 } 394 if (preg_match("/^\/(?:[a-z]{2}\/)?(?:admin|logout|privatemsg|approve)/", $_SERVER['REQUEST_URI'])) { 395 $deny_anon = TRUE; 396 header("HTTP/1.1 301 Moved Permanently"); 397 header("Location: http://" . $_SERVER['SERVER_NAME'] . "/"); 398 } 399 } 400 401 if (empty($known_bot) && !$high_traffic && !$deny_anon) { 386 402 if (preg_match("/^\/(?:[a-z]{2}\/)?(?:user|admin|cart|checkout|logout|privatemsg)/", $_SERVER['REQUEST_URI']) || 387 403 preg_match("/\/(?:node\/[0-9]+\/edit|node\/add|comment\/reply|approve|users|ajax_comments)/", $_SERVER['REQUEST_URI']) || 388 404 preg_match("/(?:dev\.|devel\.)/", $_SERVER['HTTP_HOST'])) { -
new file aegir/conf/migration.html
diff --git a/aegir/conf/migration.html b/aegir/conf/migration.html new file mode 100644 index 0000000..1010ef8
- + 1 <html> 2 <head> 3 <title>Server Migration</title> 4 <style type="text/css"> 5 <!-- 6 body { 7 background-color: #ffffff; 8 } 9 --> 10 </style> 11 </head> 12 <body> 13 <table border="0" align="center" cellpadding="0" cellspacing="0"> 14 <tr> 15 <td width="800" height="600" align="center" valign="middle"><p class="style1"><img src="/migration.jpg" alt="Server Migration" width="347" height="346" /></p> 16 <h2>We are performing server migration and will be back shortly</h2> 17 </td> 18 </tr> 19 </table> 20 </body> 21 </html> -
aegir/conf/nginx_legacy_include.conf
diff --git a/aegir/conf/migration.jpg b/aegir/conf/migration.jpg new file mode 100644 index 0000000..a0c3b7c Binary files /dev/null and b/aegir/conf/migration.jpg differ diff --git a/aegir/conf/nginx_legacy_include.conf b/aegir/conf/nginx_legacy_include.conf index d7f8cfe..047db14 100644
a b location ~* /(?:ahah|ajax|batch|autocomplete|webform|done|progress/|x-progress-i 159 159 ### node at /node/2/edit, if you know what are you doing. 160 160 ### 161 161 location ^~ /hosting/c/server_master { 162 if ($cache_uid = '') { 163 return 403; 164 } 165 if ($is_bot) { 166 return 403; 167 } 162 168 access_log off; 163 169 rewrite ^ $scheme://$host/hosting/sites permanent; 164 170 } … … location ^~ /hosting/c/server_master { 169 175 ### node at /node/4/edit, if you know what are you doing. 170 176 ### 171 177 location ^~ /hosting/c/server_localhost { 178 if ($cache_uid = '') { 179 return 403; 180 } 181 if ($is_bot) { 182 return 403; 183 } 172 184 access_log off; 173 185 rewrite ^ $scheme://$host/hosting/sites permanent; 174 186 } … … location ^~ /hosting/c/server_localhost { 177 189 ### Fix for Aegir & .info .pl domain extensions. 178 190 ### 179 191 location ^~ /hosting { 192 if ($cache_uid = '') { 193 return 403; 194 } 195 if ($is_bot) { 196 return 403; 197 } 180 198 access_log off; 181 199 set $nocache_details "Skip"; 182 200 try_files $uri @drupal; … … location ^~ /admin/config/development/performance/redis { 202 220 ### Support for backup_migrate module download/restore/delete actions. 203 221 ### 204 222 location ^~ /admin { 223 if ($cache_uid = '') { 224 return 403; 225 } 205 226 if ($is_bot) { 206 227 return 403; 207 228 } … … location ~* /(?:modules|libraries)/(?:contrib/)?(?:ad|tinybrowser|f?ckeditor|tin 546 567 ### 547 568 ### Serve & no-log static helper files used in some wysiwyg editors. 548 569 ### 549 location ~* ^/sites/.*/(?:modules|libraries)/(?:contrib/)?(?:tinybrowser|f?ckeditor|tinymce )/.*\.(?:html?|xml)$ {570 location ~* ^/sites/.*/(?:modules|libraries)/(?:contrib/)?(?:tinybrowser|f?ckeditor|tinymce|videomanager)/.*\.(?:html?|xml)$ { 550 571 if ($is_bot) { 551 572 return 403; 552 573 } … … location ~* ^/(?:.*/)?(?:admin|user|cart|checkout|logout|flag|comment/reply) { 600 621 } 601 622 602 623 ### 603 ### Protect from DoS attempts and not logged in visitors on never cached uri. 624 ### Protect from DoS attempts on never cached uri. 625 ### 626 location ~* ^/(?:.*/)?(?:node/[0-9]+/edit|node/add) { 627 if ($is_bot) { 628 return 403; 629 } 630 access_log off; 631 set $nocache_details "Skip"; 632 try_files $uri @drupal; 633 } 634 635 ### 636 ### Protect from DoS attempts on never cached uri. 604 637 ### 605 location ~* ^/(?:.*/)?(?:node/[0-9]+/ edit|node/add|approve) {638 location ~* ^/(?:.*/)?(?:node/[0-9]+/delete|approve) { 606 639 if ($cache_uid = '') { 607 640 return 403; 608 641 } -
aegir/conf/nginx_modern_include.conf
diff --git a/aegir/conf/nginx_modern_include.conf b/aegir/conf/nginx_modern_include.conf index a6a61f3..7d1f59a 100644
a b location ~* /(?:ahah|ajax|batch|autocomplete|webform|done|progress/|x-progress-i 174 174 ### node at /node/2/edit, if you know what are you doing. 175 175 ### 176 176 location ^~ /hosting/c/server_master { 177 if ($cache_uid = '') { 178 return 403; 179 } 180 if ($is_bot) { 181 return 403; 182 } 177 183 access_log off; 178 184 rewrite ^ $scheme://$host/hosting/sites permanent; 179 185 } … … location ^~ /hosting/c/server_master { 184 190 ### node at /node/4/edit, if you know what are you doing. 185 191 ### 186 192 location ^~ /hosting/c/server_localhost { 193 if ($cache_uid = '') { 194 return 403; 195 } 196 if ($is_bot) { 197 return 403; 198 } 187 199 access_log off; 188 200 rewrite ^ $scheme://$host/hosting/sites permanent; 189 201 } … … location ^~ /hosting/c/server_localhost { 192 204 ### Fix for Aegir & .info .pl domain extensions. 193 205 ### 194 206 location ^~ /hosting { 207 if ($cache_uid = '') { 208 return 403; 209 } 210 if ($is_bot) { 211 return 403; 212 } 195 213 access_log off; 196 214 set $nocache_details "Skip"; 197 215 try_files $uri @drupal; … … location ^~ /admin/config/development/performance/redis { 217 235 ### Support for backup_migrate module download/restore/delete actions. 218 236 ### 219 237 location ^~ /admin { 238 if ($cache_uid = '') { 239 return 403; 240 } 220 241 if ($is_bot) { 221 242 return 403; 222 243 } … … location ~* /(?:modules|libraries)/(?:contrib/)?(?:ad|tinybrowser|f?ckeditor|tin 561 582 ### 562 583 ### Serve & no-log static helper files used in some wysiwyg editors. 563 584 ### 564 location ~* ^/sites/.*/(?:modules|libraries)/(?:contrib/)?(?:tinybrowser|f?ckeditor|tinymce )/.*\.(?:html?|xml)$ {585 location ~* ^/sites/.*/(?:modules|libraries)/(?:contrib/)?(?:tinybrowser|f?ckeditor|tinymce|videomanager)/.*\.(?:html?|xml)$ { 565 586 if ($is_bot) { 566 587 return 403; 567 588 } … … location ~* ^/(?:.*/)?(?:admin|user|cart|checkout|logout|flag|comment/reply) { 615 636 } 616 637 617 638 ### 618 ### Protect from DoS attempts and not logged in visitors on never cached uri. 639 ### Protect from DoS attempts on never cached uri. 640 ### 641 location ~* ^/(?:.*/)?(?:node/[0-9]+/edit|node/add) { 642 if ($is_bot) { 643 return 403; 644 } 645 access_log off; 646 set $nocache_details "Skip"; 647 try_files $uri @drupal; 648 } 649 650 ### 651 ### Protect from DoS attempts on never cached uri. 619 652 ### 620 location ~* ^/(?:.*/)?(?:node/[0-9]+/ edit|node/add|approve) {653 location ~* ^/(?:.*/)?(?:node/[0-9]+/delete|approve) { 621 654 if ($cache_uid = '') { 622 655 return 403; 623 656 } -
aegir/conf/nginx_octopus_include.conf
diff --git a/aegir/conf/nginx_octopus_include.conf b/aegir/conf/nginx_octopus_include.conf index a54142f..a9c62a8 100644
a b location = /cron.php { 98 98 allow 127.0.0.1; 99 99 deny all; 100 100 try_files $uri =404; 101 fastcgi_pass 127.0.0.1:90 90;101 fastcgi_pass 127.0.0.1:9000; 102 102 } 103 103 104 104 ### … … location = /core/cron.php { 112 112 allow 127.0.0.1; 113 113 deny all; 114 114 try_files $uri =404; 115 fastcgi_pass 127.0.0.1:90 90;115 fastcgi_pass 127.0.0.1:9000; 116 116 } 117 117 118 118 ### … … location ~* /(?:ahah|ajax|batch|autocomplete|webform|done|progress/|x-progress-i 174 174 ### node at /node/2/edit, if you know what are you doing. 175 175 ### 176 176 location ^~ /hosting/c/server_master { 177 if ($cache_uid = '') { 178 return 403; 179 } 180 if ($is_bot) { 181 return 403; 182 } 177 183 access_log off; 178 184 rewrite ^ $scheme://$host/hosting/sites permanent; 179 185 } … … location ^~ /hosting/c/server_master { 184 190 ### node at /node/4/edit, if you know what are you doing. 185 191 ### 186 192 location ^~ /hosting/c/server_localhost { 193 if ($cache_uid = '') { 194 return 403; 195 } 196 if ($is_bot) { 197 return 403; 198 } 187 199 access_log off; 188 200 rewrite ^ $scheme://$host/hosting/sites permanent; 189 201 } … … location ^~ /hosting/c/server_localhost { 192 204 ### Fix for Aegir & .info .pl domain extensions. 193 205 ### 194 206 location ^~ /hosting { 207 if ($cache_uid = '') { 208 return 403; 209 } 210 if ($is_bot) { 211 return 403; 212 } 195 213 access_log off; 196 214 set $nocache_details "Skip"; 197 215 try_files $uri @drupal; … … location ^~ /admin/config/development/performance/redis { 217 235 ### Support for backup_migrate module download/restore/delete actions. 218 236 ### 219 237 location ^~ /admin { 238 if ($cache_uid = '') { 239 return 403; 240 } 220 241 if ($is_bot) { 221 242 return 403; 222 243 } … … location ~* /(?:modules|libraries)/(?:contrib/)?(?:ad|tinybrowser|f?ckeditor|tin 555 576 return 403; 556 577 } 557 578 try_files $uri =404; 558 fastcgi_pass 127.0.0.1:90 90;579 fastcgi_pass 127.0.0.1:9000; 559 580 } 560 581 561 582 ### 562 583 ### Serve & no-log static helper files used in some wysiwyg editors. 563 584 ### 564 location ~* ^/sites/.*/(?:modules|libraries)/(?:contrib/)?(?:tinybrowser|f?ckeditor|tinymce )/.*\.(?:html?|xml)$ {585 location ~* ^/sites/.*/(?:modules|libraries)/(?:contrib/)?(?:tinybrowser|f?ckeditor|tinymce|videomanager)/.*\.(?:html?|xml)$ { 565 586 if ($is_bot) { 566 587 return 403; 567 588 } … … location ~* ^/(?:.*/)?(?:admin|user|cart|checkout|logout|flag|comment/reply) { 615 636 } 616 637 617 638 ### 618 ### Protect from DoS attempts and not logged in visitors on never cached uri. 639 ### Protect from DoS attempts on never cached uri. 640 ### 641 location ~* ^/(?:.*/)?(?:node/[0-9]+/edit|node/add) { 642 if ($is_bot) { 643 return 403; 644 } 645 access_log off; 646 set $nocache_details "Skip"; 647 try_files $uri @drupal; 648 } 649 650 ### 651 ### Protect from DoS attempts on never cached uri. 619 652 ### 620 location ~* ^/(?:.*/)?(?:node/[0-9]+/ edit|node/add|approve) {653 location ~* ^/(?:.*/)?(?:node/[0-9]+/delete|approve) { 621 654 if ($cache_uid = '') { 622 655 return 403; 623 656 } … … location ~ ^/(?<esi>esi/.*)$ { 663 696 ### 664 697 fastcgi_param QUERY_STRING q=$esi; 665 698 fastcgi_param SCRIPT_FILENAME $document_root/index.php; 666 fastcgi_pass 127.0.0.1:90 90;699 fastcgi_pass 127.0.0.1:9000; 667 700 ### 668 701 ### Use Nginx cache for all visitors. 669 702 ### … … location = /index.php { 769 802 tcp_nopush off; 770 803 keepalive_requests 0; 771 804 try_files $uri =404; ### check for existence of php file first 772 fastcgi_pass 127.0.0.1:90 90;805 fastcgi_pass 127.0.0.1:9000; 773 806 track_uploads uploads 60s; ### required for upload progress 774 807 ### 775 808 ### Use Nginx cache for all visitors. … … location ~* ^/(?:core/)?(?:boost_stats|update|authorize|rtoc|xmlrpc|js)\.php$ { 803 836 keepalive_requests 0; 804 837 access_log off; 805 838 try_files $uri =404; ### check for existence of php file first 806 fastcgi_pass 127.0.0.1:90 90;839 fastcgi_pass 127.0.0.1:9000; 807 840 } 808 841 809 842 ### -
new file aegir/conf/octopus-release.txt
diff --git a/aegir/conf/octopus-release.txt b/aegir/conf/octopus-release.txt new file mode 100644 index 0000000..e387105
- + 1 BOA-2.0.9 -
new file aegir/conf/octopus-version.txt
diff --git a/aegir/conf/octopus-version.txt b/aegir/conf/octopus-version.txt new file mode 100644 index 0000000..e387105
- + 1 BOA-2.0.9 -
aegir/conf/override.global.inc
diff --git a/aegir/conf/override.global.inc b/aegir/conf/override.global.inc index 1e4ca5f..435d0a2 100644
a b if (isset($_SERVER['HTTP_HOST']) && preg_match("/(?:domain\.com|another-domain\. 39 39 } 40 40 else { 41 41 $base_url = 'http://' . $_SERVER['HTTP_HOST']; 42 if ($request_type == "SSL" && !preg_match("/(?:x-progress-id|ahah|filefield_nginx_progress\/*|tinybrowser|f?ckeditor|tinymce| autocomplete|ajax|batch|js\/.*)/", $_SERVER['REQUEST_URI'])) {42 if ($request_type == "SSL" && !preg_match("/(?:x-progress-id|ahah|filefield_nginx_progress\/*|tinybrowser|f?ckeditor|tinymce|videomanager|autocomplete|ajax|batch|js\/.*)/", $_SERVER['REQUEST_URI'])) { 43 43 header('X-Accel-Expires: 1'); 44 44 // Note: never use header('X-Accel-Expires: 0'); to disable Speed Booster completely. 45 45 // You always want that one second or you will be vulnerable to DoS attacks. -
aegir/conf/php.ini
diff --git a/aegir/conf/php.ini b/aegir/conf/php.ini index 58b5291..78f0c43 100644
a b safe_mode_protected_env_vars = LD_LIBRARY_PATH 247 247 ; and below. This directive makes most sense if used in a per-directory 248 248 ; or per-virtualhost web server configuration file. This directive is 249 249 ; *NOT* affected by whether Safe Mode is turned On or Off. 250 open_basedir = ".:/data:/mnt:/opt:/srv:/tmp:/usr:/var/aegir:/var/lib/collectd:/var/lib/nginx:/var/run:/var/ second:/var/www:/bin:/usr/bin"250 open_basedir = ".:/data:/mnt:/opt:/srv:/tmp:/usr:/var/aegir:/var/lib/collectd:/var/lib/nginx:/var/run:/var/www:/var/second:/bin:/usr/bin" 251 251 252 252 ; This directive allows you to disable certain functions for security reasons. 253 253 ; It receives a comma-delimited list of function names. This directive is -
aegir/conf/php53.ini
diff --git a/aegir/conf/php53.ini b/aegir/conf/php53.ini index 93dd145..ba6edc5 100644
a b safe_mode_protected_env_vars = LD_LIBRARY_PATH 376 376 ; or per-virtualhost web server configuration file. This directive is 377 377 ; *NOT* affected by whether Safe Mode is turned On or Off. 378 378 ; http://php.net/open-basedir 379 open_basedir = ".:/data:/mnt:/opt:/srv:/tmp:/usr:/var/aegir:/var/lib/collectd:/var/lib/nginx:/var/run:/var/ second:/var/www:/bin:/usr/bin"379 open_basedir = ".:/data:/mnt:/opt:/srv:/tmp:/usr:/var/aegir:/var/lib/collectd:/var/lib/nginx:/var/run:/var/www:/var/second:/bin:/usr/bin" 380 380 381 381 ; This directive allows you to disable certain functions for security reasons. 382 382 ; It receives a comma-delimited list of function names. This directive is -
aegir/conf/release.txt
diff --git a/aegir/conf/release.txt b/aegir/conf/release.txt index 0519f8a..e387105 100644
a b 1 BOA-2.0. 81 BOA-2.0.9 -
aegir/conf/setupmail.txt
diff --git a/aegir/conf/setupmail.txt b/aegir/conf/setupmail.txt index 5539775..9168075 100644
a b Chive Manager URL: https://166.84.6.231 112 112 You can also use any desktop SQL manager you prefer, if it 113 113 supports tunneling over standard SSH port 22, since there is 114 114 no remote access over mysql port 3306 available, for security and 115 performance reasons .115 performance reasons - video tutorial: http://bit.ly/om8rsql 116 116 117 117 You can also manage your databases on command line, either 118 118 with supported Drush commands or directly with tools like -
aegir/conf/sysctl.conf
diff --git a/aegir/conf/sysctl.conf b/aegir/conf/sysctl.conf index 4440872..bbd9ccf 100644
a b net.core.netdev_max_backlog = 5000 70 70 net.ipv4.tcp_window_scaling = 1 71 71 72 72 # Use swap only if there is high memory usage 73 vm.swappiness = 20 73 vm.swappiness = 1 74 vm.vfs_cache_pressure=50 -
aegir/conf/upgrademail.txt
diff --git a/aegir/conf/upgrademail.txt b/aegir/conf/upgrademail.txt index 60c4aa9..6d1d627 100644
a b platforms and features to help you manage your Drupal sites. 25 25 === IMPORTANT CHANGES IN THIS UPGRADE 26 26 27 27 * We are changing default PHP-FPM version used by all Drupal 6 sites to the 28 new PHP-FPM 5.3.2 3and deprecate PHP-FPM 5.2.17, which is now used only28 new PHP-FPM 5.3.24 and deprecate PHP-FPM 5.2.17, which is now used only 29 29 for remaining Drupal 5 sites, if hosted. 30 30 31 31 We also no longer update/rebuild existing PHP 5.2.17 version. … … platforms and features to help you manage your Drupal sites. 163 163 ### Drupal 7.22.1 164 164 165 165 CiviCRM 4.2.8 ---------------- http://civicrm.org 166 Commerce 1.1 6---------------- http://drupal.org/project/commerce_kickstart166 Commerce 1.18 ---------------- http://drupal.org/project/commerce_kickstart 167 167 Commerce 2.6 ----------------- http://drupal.org/project/commerce_kickstart 168 168 Drupal 7.22.1 ---------------- http://drupal.org/drupal-7.22 169 169 NodeStream 2.0-rc5 ----------- http://drupal.org/project/nodestream 170 Open Deals 1. 19-------------- http://drupal.org/project/opendeals171 Open Outreach 1.0-rc1 0------- http://drupal.org/project/openoutreach170 Open Deals 1.20 -------------- http://drupal.org/project/opendeals 171 Open Outreach 1.0-rc11 ------- http://drupal.org/project/openoutreach 172 172 OpenChurch 1.11-beta9 -------- http://drupal.org/project/openchurch 173 Panopoly 1.0-rc4 a------------ http://drupal.org/project/panopoly173 Panopoly 1.0-rc4 ------------- http://drupal.org/project/panopoly 174 174 Ubercart 3.4.1 --------------- http://drupal.org/project/ubercart 175 175 176 176 ### Pressflow 6.28.1 -
aegir/conf/version.txt
diff --git a/aegir/conf/version.txt b/aegir/conf/version.txt index 0519f8a..e387105 100644
a b 1 BOA-2.0. 81 BOA-2.0.9 -
new file aegir/helpers/dump_cdorked_config.c
diff --git a/aegir/helpers/dump_cdorked_config.c b/aegir/helpers/dump_cdorked_config.c new file mode 100644 index 0000000..74b2b86
- + 1 // This program dumps the content of a shared memory block 2 // used by Linux/Cdorked.A into a file named httpd_cdorked_config.bin 3 // when the machine is infected. 4 // 5 // Some of the data is encrypted. If your server is infected and you 6 // would like to help, please send the httpd_cdorked_config.bin 7 // and your httpd executable to our lab for analysis. Thanks! 8 // 9 // Build with gcc -o dump_cdorked_config dump_cdorked_config.c 10 // 11 // Marc-Etienne M.Léveillé <leveille@eset.com> 12 // 13 14 #include <stdio.h> 15 #include <sys/shm.h> 16 17 #define CDORKED_SHM_SIZE (6118512) 18 #define CDORKED_OUTFILE "httpd_cdorked_config.bin" 19 20 int main (int argc, char *argv[]) { 21 int maxkey, id, shmid, infected = 0; 22 struct shm_info shm_info; 23 struct shmid_ds shmds; 24 void * cdorked_data; 25 FILE * outfile; 26 27 maxkey = shmctl(0, SHM_INFO, (void *) &shm_info); 28 for(id = 0; id <= maxkey; id++) { 29 shmid = shmctl(id, SHM_STAT, &shmds); 30 if (shmid < 0) 31 continue; 32 33 if(shmds.shm_segsz == CDORKED_SHM_SIZE) { 34 // We have a matching Cdorked memory segment 35 infected++; 36 printf("A shared memory matching Cdorked signature was found.\n"); 37 printf("You should check your HTTP server's executable file integrity.\n"); 38 39 cdorked_data = shmat(shmid, NULL, 0666); 40 if(cdorked_data != NULL) { 41 outfile = fopen(CDORKED_OUTFILE, "wb"); 42 if(outfile == NULL) { 43 printf("Could not open file %s for writing.", CDORKED_OUTFILE); 44 } 45 else { 46 fwrite(cdorked_data, CDORKED_SHM_SIZE, 1, outfile); 47 fclose(outfile); 48 49 printf("The Cdorked configuration was dumped in the %s file.\n\n", CDORKED_OUTFILE); 50 } 51 } 52 } 53 } 54 if(infected == 0) { 55 printf("No shared memory matching Cdorked signature was found.\n"); 56 printf("To further verify your server, run \"ipcs -m -p\" and look"); 57 printf(" for a memory segments created by your http server.\n"); 58 } 59 else { 60 printf("If you would like to help us in our research on Cdorked, "); 61 printf("please send the httpd_cdorked_config.bin and your httpd executable file "); 62 printf("to our lab for analysis at leveille@eset.com. Thanks!\n"); 63 } 64 return infected; 65 } -
aegir/makefiles/build-panopoly.make
diff --git a/aegir/makefiles/build-panopoly.make b/aegir/makefiles/build-panopoly.make index e62aa15..2230dc8 100644
a b projects[drupal][download][url] = "http://files.aegir.cc/dev/drupal-7.22.1.tar.g 10 10 projects[panopoly][type] = profile 11 11 projects[panopoly][download][type] = git 12 12 projects[panopoly][download][branch] = 7.x-1.x 13 projects[panopoly][download][tag] = 7.x-1.0-rc4 -
aegir/scripts/AegirSetupA.sh.txt
diff --git a/aegir/scripts/AegirSetupA.sh.txt b/aegir/scripts/AegirSetupA.sh.txt index bae4e70..63424c9 100644
a b else 138 138 _L_PHP_CLI=/usr/local/bin 139 139 fi 140 140 _DRUSHCMD="$_L_PHP_CLI/php $_ROOT/tools/drush/drush.php" 141 if [ "$_PHP_CLI_VERSION" = "5.2" ] && [ -x "/usr/local/bin/php52" ] ; then 142 _DRUSHCMD="/usr/local/bin/php52 $_ROOT/tools/drush/drush.php" 143 fi 141 144 # 142 145 SHELL=/bin/bash 143 146 PATH=$_L_PHP_CLI:/usr/local/sbin:/usr/sbin:/usr/bin:/sbin:/bin … … fi 228 231 # 229 232 # Remove dangerous stuff from the string. 230 233 sanitize_string () { 231 echo "$1" | sed 's/[\ `\#\"\{\(\$\@]//g' | sed 's/\(['"'"'\]\)//g'234 echo "$1" | sed 's/[\\\/\^\?\>\`\#\"\{\(\$\@]//g' | sed 's/\(['"'"'\]\)//g' 232 235 } 233 236 # 234 237 # Set or update Redis password. 235 238 update_redis_password () { 236 239 if [ ! -e "/root/.redis.pass.txt" ] && [ -e "/etc/redis/redis.conf" ] ; then 237 msg " INITA: Generate random password for Redis server"240 msg "$_STATUS A: Generate random password for Redis server" 238 241 touch /root/.redis.pass.txt 239 242 chmod 0600 /root/.redis.pass.txt &> /dev/null 240 243 _ESC_RPASS="" … … update_redis_password () { 250 253 _ESC_RPASS=`sanitize_string "$_ESC_RPASS"` 251 254 fi 252 255 echo "$_ESC_RPASS" > /root/.redis.pass.txt 256 sed -i "s/^requirepass.*/requirepass $_ESC_RPASS/g" /etc/redis/redis.conf &> /dev/null 257 chown redis:redis /etc/redis/redis.conf 258 chmod 0600 /etc/redis/redis.conf 259 service redis-server stop &> /dev/null 260 killall -9 redis-server &> /dev/null 261 service redis-server start &> /dev/null 253 262 fi 254 263 if [ -e "/root/.redis.pass.txt" ] && [ -e "/etc/redis/redis.conf" ] ; then 255 264 if [ -z "$_ESC_RPASS" ] ; then … … update_redis_password () { 258 267 else 259 268 RPASS="$_ESC_RPASS" 260 269 fi 261 sed -i "s/^requirepass.*/requirepass $RPASS/g" /etc/redis/redis.conf &> /dev/null 262 sed -i "s/isfoobared/$RPASS/g" /data/conf/global.inc &> /dev/null 263 sed -i "s/isfoobared/$RPASS/g" /var/aegir/config/includes/global.inc &> /dev/null 270 _REDIS_PWD_TEST=`grep "'$RPASS'" /data/conf/global.inc 2>&1` 271 if [[ "$_REDIS_PWD_TEST" =~ "'$RPASS'" ]] ; then 272 true 273 else 274 if [ ! -z "$RPASS" ] ; then 275 mkdir -p /data/conf 276 if [ -e "/var/aegir/config/server_master/nginx/pre.d/nginx_wild_ssl.conf" ] ; then 277 cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/global.inc.ssl.aegir.txt /data/conf/global.inc 278 else 279 cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/global.inc.aegir.txt /data/conf/global.inc 280 fi 281 sed -i "s/isfoobared/$RPASS/g" /data/conf/global.inc &> /dev/null 282 fi 283 fi 284 if [ -e "/var/aegir/config/includes" ] && [ ! -L "/var/aegir/config/includes/global.inc" ] && [ -e "/data/conf/global.inc" ] ; then 285 rm -f /var/aegir/config/includes/global.inc 286 ln -s /data/conf/global.inc /var/aegir/config/includes/global.inc 287 fi 264 288 fi 265 289 } 266 290 # … … create_shared_dirs () { 302 326 # 303 327 feature_server_fix_002 () { 304 328 if [ ! -e "/var/log/feature-server-fixed-002.log" ] ; then 305 msg " UPGRADEA: Adding missing strongarm module to old fserver platforms"329 msg "$_STATUS A: Adding missing strongarm module to old fserver platforms" 306 330 REVISIONS="001 002 003 004 005 006 007 008 009 010 011 012 013 014" 307 331 for i in $REVISIONS; do 308 332 if [ -d "/data/all/$i/fserver" ] ; then … … for i in $REVISIONS; do 316 340 if [ -e "$_ROOT/.drush/hostmaster.alias.drushrc.php" ] ; then 317 341 _THIS_HOSTMASTER=`cat $_ROOT/.drush/hostmaster.alias.drushrc.php | grep 'site_path' | cut -d: -f2 | awk '{ print $3}' | sed "s/[\,']//g"` 318 342 cd _THIS_HOSTMASTER &> /dev/null 319 su -s /bin/bash - $_USER -c "$_DRUSHCMD --root= /data/disk/$_USER/distro/$i/fserver provision-save @platform_FeatureServerPF$i &> /dev/null"343 su -s /bin/bash - $_USER -c "$_DRUSHCMD --root=$_ROOT/distro/$i/fserver provision-save @platform_FeatureServerPF$i &> /dev/null" 320 344 fi 321 msg " UPGRADEA: Missing strongarm added to /data/all/$i/fserver"345 msg "$_STATUS A: Missing strongarm added to /data/all/$i/fserver" 322 346 fi 323 347 fi 324 348 done … … fi 330 354 # update o_contrib 331 355 # 332 356 o_contrib_update_global () { 333 REVISIONS="001 002 003 004 005 006 007 008 009 010 011 012 013 014 015 016 017 018 019 020 021 022 023 024 025 026 027 "334 RMMODULES="drupal-nginx-fast-x-accel-redirect varnish bakery session443 cookie_cache_bypass_adv module_supports backup_migrate purge expire imageinfo_cache httprl boost "357 REVISIONS="001 002 003 004 005 006 007 008 009 010 011 012 013 014 015 016 017 018 019 020 021 022 023 024 025 026 027 028 029 030 031 032 033" 358 RMMODULES="drupal-nginx-fast-x-accel-redirect varnish bakery session443 cookie_cache_bypass_adv module_supports backup_migrate purge expire imageinfo_cache httprl boost phpass" 335 359 for i in $REVISIONS; do 336 if [ -d "/data/all/$i/o_contrib" ] && [ ! -e "/data/all/$i/o_contrib/update-01 8.info" ] ; then360 if [ -d "/data/all/$i/o_contrib" ] && [ ! -e "/data/all/$i/o_contrib/update-019.info" ] ; then 337 361 for m in $RMMODULES; do 338 362 if [ -d "/data/all/$i/o_contrib/$m" ] ; then 339 363 rm -f -r /data/all/$i/o_contrib/$m 340 msg " UPGRADE A: Removed /data/all/$i/o_contrib/$m"364 msg "$_STATUS A: Replaced /data/all/$i/o_contrib/$m with latest release" 341 365 fi 342 366 done 343 367 cd /data/all/$i/o_contrib 344 368 git clone --branch 6.x-1.x git://github.com/omega8cc/boost.git /data/all/$i/o_contrib/boost &> /dev/null 345 369 rm -f -r /data/all/$i/o_contrib/boost/.git 346 370 wget -q -U iCab http://ftp.drupal.org/files/projects/backup_migrate-6.x-2.6.tar.gz 371 wget -q -U iCab http://ftp.drupal.org/files/projects/httprl-6.x-1.11.tar.gz 372 wget -q -U iCab http://ftp.drupal.org/files/projects/phpass-6.x-2.0.tar.gz 347 373 if [ "$_PURGE_MODE" = "ON" ] ; then 348 374 wget -q -U iCab http://ftp.drupal.org/files/projects/purge-6.x-1.6.tar.gz 349 375 ### git clone --branch 6.x-1.x-revert git://github.com/omega8cc/purge.git /data/all/$i/o_contrib/purge &> /dev/null … … for i in $REVISIONS; do 367 393 if [ -e "/data/all/000/modules/redis" ] && [ ! -L "/data/all/$i/o_contrib/redis" ] ; then 368 394 ln -s /data/all/000/modules/redis /data/all/$i/o_contrib/redis 369 395 fi 370 touch /data/all/$i/o_contrib/update-018.info 371 msg "UPGRADE A: New modules in /data/all/$i/o_contrib: purge expire backup_migrate" 396 touch /data/all/$i/o_contrib/update-019.info 372 397 fi 373 398 if [ -d "/data/all/$i" ] ; then 374 399 for p in `find /data/all/$i/ -maxdepth 1 -mindepth 1 -type d | sort`; do … … cd 384 409 # update o_contrib_seven 385 410 # 386 411 o_contrib_seven_update_global () { 387 REVISIONS="001 002 003 004 005 006 007 008 009 010 011 012 013 014 015 016 017 018 019 020 021 022 023 024 025 026 027 "388 RMMODULES="session443 cookie_cache_bypass_adv purge expire agrcache httprl filefield_nginx_progress boost "412 REVISIONS="001 002 003 004 005 006 007 008 009 010 011 012 013 014 015 016 017 018 019 020 021 022 023 024 025 026 027 028 029 030 031 032 033" 413 RMMODULES="session443 cookie_cache_bypass_adv purge expire agrcache httprl filefield_nginx_progress boost speedy entitycache taxonomy_edge backup_migrate" 389 414 for i in $REVISIONS; do 390 if [ -d "/data/all/$i/o_contrib_seven" ] && [ ! -e "/data/all/$i/o_contrib_seven/update-01 8.info" ] ; then415 if [ -d "/data/all/$i/o_contrib_seven" ] && [ ! -e "/data/all/$i/o_contrib_seven/update-019.info" ] ; then 391 416 for m in $RMMODULES; do 392 417 if [ -d "/data/all/$i/o_contrib_seven/$m" ] ; then 393 418 rm -f -r /data/all/$i/o_contrib_seven/$m 394 msg " UPGRADE A: Removed /data/all/$i/o_contrib_seven/$m"419 msg "$_STATUS A: Replaced /data/all/$i/o_contrib_seven/$m with latest release" 395 420 fi 396 421 done 397 422 if [ "$_PURGE_MODE" = "ON" ] && [ "$_PURGE_FOR_SEVEN" = "YES" ] ; then … … for i in $REVISIONS; do 406 431 cd /data/all/$i/o_contrib_seven 407 432 git clone --branch 7.x-1.x git://github.com/omega8cc/boost.git /data/all/$i/o_contrib_seven/boost &> /dev/null 408 433 rm -f -r /data/all/$i/o_contrib_seven/boost/.git 434 wget -q -U iCab http://ftp.drupal.org/files/projects/backup_migrate-7.x-2.5.tar.gz 435 wget -q -U iCab http://ftp.drupal.org/files/projects/entitycache-7.x-1.x-dev.tar.gz 409 436 wget -q -U iCab http://ftp.drupal.org/files/projects/filefield_nginx_progress-7.x-2.3.tar.gz 437 wget -q -U iCab http://ftp.drupal.org/files/projects/httprl-7.x-1.11.tar.gz 438 wget -q -U iCab http://ftp.drupal.org/files/projects/speedy-7.x-1.7.tar.gz 439 wget -q -U iCab http://ftp.drupal.org/files/projects/taxonomy_edge-7.x-1.8.tar.gz 410 440 for archive in ./*.tar.gz; do 411 441 tar -xzf "$archive" &> /dev/null 412 442 done … … for i in $REVISIONS; do 417 447 if [ -e "/data/all/000/modules/redis" ] && [ ! -L "/data/all/$i/o_contrib_seven/redis" ] ; then 418 448 ln -s /data/all/000/modules/redis /data/all/$i/o_contrib_seven/redis 419 449 fi 420 touch /data/all/$i/o_contrib_seven/update-018.info 421 msg "UPGRADE A: New modules in /data/all/$i/o_contrib_seven: filefield_nginx_progress purge expire" 450 touch /data/all/$i/o_contrib_seven/update-019.info 422 451 fi 423 452 done 424 453 cd … … sub_force_advanced_nginx_config () { 433 462 else 434 463 sed -i "s/127.0.0.1:9000/127.0.0.1:9090/g" $_THIS_NGX_PATH/nginx_advanced_include.conf &> /dev/null 435 464 fi 465 else 466 if [ "$_USE_STOCK" = "NO" ] ; then 467 sed -i "s/127.0.0.1:9090/127.0.0.1:9000/g" $_THIS_NGX_PATH/nginx_octopus_include.conf &> /dev/null 468 else 469 sed -i "s/127.0.0.1:9090/127.0.0.1:9000/g" $_THIS_NGX_PATH/nginx_advanced_include.conf &> /dev/null 470 fi 436 471 fi 437 472 fi 438 473 } … … sub_force_advanced_nginx_config () { 440 475 # Force advanced Nginx configuration. 441 476 force_advanced_nginx_config () { 442 477 validate_local_ip &> /dev/null 443 _THIS_NGX_PATH= /data/disk/$_USER/.drush/provision/http/Provision/Service/http478 _THIS_NGX_PATH=$_ROOT/.drush/provision/http/Provision/Service/http 444 479 sub_force_advanced_nginx_config 445 _THIS_NGX_PATH= /data/disk/$_USER/config/includes480 _THIS_NGX_PATH=$_ROOT/config/includes 446 481 sub_force_advanced_nginx_config 447 if [ -e " /data/disk/$_USER/config/includes" ] && [ "$_USE_STOCK" = "NO" ] ; then448 if [ ! -L " /data/disk/$_USER/config/includes/nginx_advanced_include.conf" ] ; then449 rm -f /data/disk/$_USER/config/includes/nginx_advanced_include.conf450 ln -s /data/disk/$_USER/config/includes/nginx_octopus_include.conf /data/disk/$_USER/config/includes/nginx_advanced_include.conf482 if [ -e "$_ROOT/config/includes" ] && [ "$_USE_STOCK" = "NO" ] ; then 483 if [ ! -L "$_ROOT/config/includes/nginx_advanced_include.conf" ] ; then 484 rm -f $_ROOT/config/includes/nginx_advanced_include.conf 485 ln -s $_ROOT/config/includes/nginx_octopus_include.conf $_ROOT/config/includes/nginx_advanced_include.conf 451 486 fi 452 if [ ! -L " /data/disk/$_USER/config/includes/nginx_simple_include.conf" ] ; then453 rm -f /data/disk/$_USER/config/includes/nginx_simple_include.conf454 ln -s /data/disk/$_USER/config/includes/nginx_legacy_include.conf /data/disk/$_USER/config/includes/nginx_simple_include.conf487 if [ ! -L "$_ROOT/config/includes/nginx_simple_include.conf" ] ; then 488 rm -f $_ROOT/config/includes/nginx_simple_include.conf 489 ln -s $_ROOT/config/includes/nginx_legacy_include.conf $_ROOT/config/includes/nginx_simple_include.conf 455 490 fi 456 491 fi 457 492 } … … download_textile () { 467 502 # 468 503 # download_o_contrib_seven 469 504 download_o_contrib_seven () { 470 touch update-01 8.info505 touch update-019.info 471 506 #msg "$_STATUS A: Downloading o_contrib_seven modules, please wait..." 472 507 wget -q -U iCab http://ftp.drupal.org/files/projects/admin-7.x-2.0-beta3.tar.gz 473 wget -q -U iCab http://ftp.drupal.org/files/projects/backup_migrate-7.x-2. 4.tar.gz508 wget -q -U iCab http://ftp.drupal.org/files/projects/backup_migrate-7.x-2.5.tar.gz 474 509 wget -q -U iCab http://ftp.drupal.org/files/projects/blockcache_alter-7.x-1.x-dev.tar.gz 475 510 wget -q -U iCab http://ftp.drupal.org/files/projects/cdn-7.x-2.6.tar.gz 476 511 wget -q -U iCab http://ftp.drupal.org/files/projects/config_perms-7.x-2.x-dev.tar.gz 477 wget -q -U iCab http://ftp.drupal.org/files/projects/core_library-7.x- 1.0-beta12.tar.gz478 wget -q -U iCab http://ftp.drupal.org/files/projects/css_emimage-7.x-1. 2.tar.gz512 wget -q -U iCab http://ftp.drupal.org/files/projects/core_library-7.x-2.0-beta3.tar.gz 513 wget -q -U iCab http://ftp.drupal.org/files/projects/css_emimage-7.x-1.3.tar.gz 479 514 wget -q -U iCab http://ftp.drupal.org/files/projects/entitycache-7.x-1.x-dev.tar.gz 480 515 wget -q -U iCab http://ftp.drupal.org/files/projects/esi-7.x-3.0-alpha1.tar.gz 481 516 wget -q -U iCab http://ftp.drupal.org/files/projects/filefield_nginx_progress-7.x-2.3.tar.gz 482 517 wget -q -U iCab http://ftp.drupal.org/files/projects/flood_control-7.x-1.x-dev.tar.gz 483 518 wget -q -U iCab http://ftp.drupal.org/files/projects/fpa-7.x-2.2.tar.gz 519 wget -q -U iCab http://ftp.drupal.org/files/projects/httprl-7.x-1.11.tar.gz 484 520 wget -q -U iCab http://ftp.drupal.org/files/projects/login_security-7.x-1.2.tar.gz 485 521 wget -q -U iCab http://ftp.drupal.org/files/projects/nocurrent_pass-7.x-1.0.tar.gz 486 522 wget -q -U iCab http://ftp.drupal.org/files/projects/readonlymode-7.x-1.1.tar.gz 487 523 wget -q -U iCab http://ftp.drupal.org/files/projects/reroute_email-7.x-1.1.tar.gz 488 524 wget -q -U iCab http://ftp.drupal.org/files/projects/robotstxt-7.x-1.1.tar.gz 489 525 wget -q -U iCab http://ftp.drupal.org/files/projects/site_verify-7.x-1.0.tar.gz 490 wget -q -U iCab http://ftp.drupal.org/files/projects/speedy-7.x-1. 6.tar.gz526 wget -q -U iCab http://ftp.drupal.org/files/projects/speedy-7.x-1.7.tar.gz 491 527 wget -q -U iCab http://ftp.drupal.org/files/projects/taxonomy_edge-7.x-1.8.tar.gz 492 528 wget -q -U iCab http://ftp.drupal.org/files/projects/textile-7.x-2.0-rc11.tar.gz 493 529 wget -q -U iCab http://ftp.drupal.org/files/projects/variable_clean-7.x-1.x-dev.tar.gz … … download_o_contrib_seven () { 517 553 ln -s /data/all/000/modules/redis redis 518 554 fi 519 555 download_textile 520 if [ ! -e "/data/all/000/modules/redis/update-01 8.info" ] ; then556 if [ ! -e "/data/all/000/modules/redis/update-019.info" ] ; then 521 557 mkdir -p /data/all/000/modules 522 558 cd /data/all/000/modules 523 559 rm -f -r /data/all/000/modules/redis 524 560 git clone --branch 7.x-2.x-o8 git://github.com/omega8cc/redis.git &> /dev/null 525 561 rm -f -r redis/.git 526 562 rm -f redis/redis.info 527 echo update > redis/update-01 8.info563 echo update > redis/update-019.info 528 564 fi 529 565 } 530 566 # 531 567 # download_o_contrib_six 532 568 download_o_contrib_six () { 533 touch update-01 8.info569 touch update-019.info 534 570 #msg "$_STATUS A: Downloading o_contrib modules, please wait..." 535 571 wget -q -U iCab http://files.aegir.cc/dev/css_emimage-6.x-2.x-dev.tar.gz 536 572 wget -q -U iCab http://ftp.drupal.org/files/projects/admin-6.x-2.0.tar.gz … … download_o_contrib_six () { 542 578 wget -q -U iCab http://ftp.drupal.org/files/projects/esi-6.x-2.x-dev.tar.gz 543 579 wget -q -U iCab http://ftp.drupal.org/files/projects/filefield_nginx_progress-6.x-1.x-dev.tar.gz 544 580 wget -q -U iCab http://ftp.drupal.org/files/projects/fpa-6.x-2.4.tar.gz 581 wget -q -U iCab http://ftp.drupal.org/files/projects/httprl-6.x-1.11.tar.gz 545 582 wget -q -U iCab http://ftp.drupal.org/files/projects/image-6.x-1.2.tar.gz 546 583 wget -q -U iCab http://ftp.drupal.org/files/projects/login_security-6.x-1.2.tar.gz 584 wget -q -U iCab http://ftp.drupal.org/files/projects/phpass-6.x-2.0.tar.gz 547 585 wget -q -U iCab http://ftp.drupal.org/files/projects/private_upload-6.x-1.x-dev.tar.gz 548 586 wget -q -U iCab http://ftp.drupal.org/files/projects/readonlymode-6.x-1.2.tar.gz 549 587 wget -q -U iCab http://ftp.drupal.org/files/projects/reroute_email-6.x-1.2.tar.gz … … download_o_contrib_six () { 582 620 ln -s /data/all/000/modules/cache_backport cache_backport 583 621 fi 584 622 download_textile 585 if [ ! -e "/data/all/000/modules/cache_backport/update-01 8.info" ] ; then623 if [ ! -e "/data/all/000/modules/cache_backport/update-019.info" ] ; then 586 624 mkdir -p /data/all/000/modules 587 625 cd /data/all/000/modules 588 626 rm -f -r /data/all/000/modules/cache_backport … … download_o_contrib_six () { 592 630 done 593 631 rm -f *.tar.gz 594 632 sed -i "s/Cache Backand/D7 Cache Backport for D6/g" cache_backport/cache_backport.info &> /dev/null 595 echo update > cache_backport/update-01 8.info633 echo update > cache_backport/update-019.info 596 634 fi 597 if [ ! -e "/data/all/000/modules/redis/update-01 8.info" ] ; then635 if [ ! -e "/data/all/000/modules/redis/update-019.info" ] ; then 598 636 mkdir -p /data/all/000/modules 599 637 cd /data/all/000/modules 600 638 rm -f -r /data/all/000/modules/redis 601 639 git clone --branch 7.x-2.x-o8 git://github.com/omega8cc/redis.git &> /dev/null 602 640 rm -f -r redis/.git 603 641 rm -f redis/redis.info 604 echo update > redis/update-01 8.info642 echo update > redis/update-019.info 605 643 fi 606 644 } 607 645 # … … fi 636 674 if [ ! -e "$_THIS_CTRL" ] ; then 637 675 _O_CONTRIB_UP=YES 638 676 fi 639 if [ ! -e "/data/all/000/modules/redis/update-01 8.info" ] ; then677 if [ ! -e "/data/all/000/modules/redis/update-019.info" ] ; then 640 678 _O_CONTRIB_UP=YES 641 679 fi 642 680 if [ "$_PURGE_MODE" = "ON" ] ; then … … manage_o_contrib () { 736 774 } 737 775 738 776 739 msg "$_STATUS A: Aegir automated install script part A" 777 ###---### Checking status 778 # 779 if [ -d "$_ROOT" ] ; then 780 _STATUS=UPGRADE 781 cd $_ROOT 782 rm -f $_ROOT/AegirSetupC.sh.txt 783 rm -f $_ROOT/AegirSetupB.sh.txt 784 fi 785 786 787 ###---### User check 788 # 789 if [ `whoami` = "root" ] ; then 790 msg "$_STATUS A: Aegir automated install script part A" 791 else 792 msg "$_STATUS A: FATAL ERROR: This script should be ran as a root user" 793 msg "$_STATUS A: FATAL ERROR: Aborting AegirSetupA installer NOW!" 794 touch /opt/tmp/status-AegirSetupA-FAIL 795 exit 1 796 fi 740 797 741 798 742 ###---### Checking version ..799 ###---### Checking version 743 800 # 744 msg " INFOA: Checking OCTOPUS version, please wait..."801 msg "$_STATUS A: Checking OCTOPUS version, please wait..." 745 802 if [ "$_AEGIR_VERSION" = "HEAD" ] ; then 746 _FILE_VERSION= release.txt803 _FILE_VERSION=octopus-release.txt 747 804 else 748 _FILE_VERSION= version.txt805 _FILE_VERSION=octopus-version.txt 749 806 fi 750 807 if [ -e "/opt/tmp/$_BOA_REPO_NAME/aegir/conf/$_FILE_VERSION" ] ; then 751 808 _VERSIONS_TEST=`cat /opt/tmp/$_BOA_REPO_NAME/aegir/conf/$_FILE_VERSION` 752 809 if [[ "$_VERSIONS_TEST" =~ "-dev" ]] ; then 753 810 if [[ "$_VERSIONS_TEST" =~ "$_INSTALLER_VERSION" ]] && [ "$_AEGIR_VERSION" = "HEAD" ] ; then 754 811 _VERSIONS_TEST_RESULT=OK 755 msg " INFOA: Version test result: OK"812 msg "$_STATUS A: Version test result: OK" 756 813 else 757 814 _VERSIONS_TEST_RESULT=FAIL 758 815 fi 759 816 else 760 817 if [[ "$_VERSIONS_TEST" =~ "$_INSTALLER_VERSION" ]] && [[ "$_AEGIR_VERSION" =~ "BOA" ]] ; then 761 818 _VERSIONS_TEST_RESULT=OK 762 msg " INFO: Version test result: OK"819 msg "$_STATUS A: Version test result: OK" 763 820 else 764 821 _VERSIONS_TEST_RESULT=FAIL 765 822 fi … … if [ -e "/opt/tmp/$_BOA_REPO_NAME/aegir/conf/$_FILE_VERSION" ] ; then 777 834 fi 778 835 779 836 780 ###---### Checking status.. 781 # 782 if [ -d "$_ROOT" ] ; then 783 _STATUS=UPGRADE 784 cd $_ROOT 785 msg "$_STATUS A: $_STATUS" 786 mrun "sleep 1" 787 rm -f $_ROOT/AegirSetupC.sh.txt 788 rm -f $_ROOT/AegirSetupB.sh.txt 789 else 790 msg "$_STATUS A: $_STATUS" 791 fi 792 793 794 ###---### Hot Sauce check.. 837 ###---### Hot Sauce check 795 838 # 796 839 if [ "$_HOT_SAUCE" = "NO" ] ; then 797 840 _CORE="/data/all/$_LAST_ALL" … … chown $_USER:$_USRG $_ROOT/AegirSetupC.sh.txt &> /dev/null 845 888 846 889 ###---### Run standard pre-install 847 890 # 848 main_dbuser_reborn () { 891 # Generate provision backend db_passwd. 892 provision_backend_dbpass_generate () { 849 893 touch $_ROOT/.$_USER.pass.txt 850 894 chmod 0600 $_ROOT/.$_USER.pass.txt 851 895 _ESC_PASS="" … … main_dbuser_reborn () { 871 915 msg "$_STATUS A: FATAL ERROR: Aborting AegirSetupA installer NOW!" 872 916 touch /opt/tmp/status-AegirSetupA-FAIL 873 917 exit 1 874 else875 _AEGIR_HOST_IP="$_RESOLVEIP"876 918 fi 877 /usr/bin/mysql -h localhost --port=3306 -u root mysql<<EOFMYSQL 878 FLUSH PRIVILEGES; 879 GRANT ALL PRIVILEGES ON *.* TO '$_USER'@'$_DOMAIN' IDENTIFIED BY '$_ESC_PASS' WITH GRANT OPTION; 919 mysql -uroot mysql<<EOFMYSQL 880 920 GRANT ALL PRIVILEGES ON *.* TO '$_USER'@'$_AEGIR_HOST' IDENTIFIED BY '$_ESC_PASS' WITH GRANT OPTION; 881 GRANT ALL PRIVILEGES ON *.* TO '$_USER'@'$_ AEGIR_HOST_IP' IDENTIFIED BY '$_ESC_PASS' WITH GRANT OPTION;921 GRANT ALL PRIVILEGES ON *.* TO '$_USER'@'$_RESOLVEIP' IDENTIFIED BY '$_ESC_PASS' WITH GRANT OPTION; 882 922 GRANT ALL PRIVILEGES ON *.* TO '$_USER'@'localhost' IDENTIFIED BY '$_ESC_PASS' WITH GRANT OPTION; 883 FLUSH PRIVILEGES;884 923 EOFMYSQL 924 mysqladmin flush-privileges &> /dev/null 885 925 } 886 if [ ! -e "$_ROOT/.$_USER.pass.txt" ] ; then 887 main_dbuser_reborn 888 echo "$_USER ALL=NOPASSWD: /etc/init.d/nginx" >> /etc/sudoers 889 else 890 if [ ! -e "$_ROOT/.$_USER.pass.txt-pre-$_INSTALLER_VERSION-$_NOW" ] ; then 891 mv -f $_ROOT/.$_USER.pass.txt $_ROOT/.$_USER.pass.txt-pre-$_INSTALLER_VERSION-$_NOW &> /dev/null 892 main_dbuser_reborn 926 # 927 # Sync provision backend db_passwd. 928 provision_backend_dbpass_sync () { 929 msg "$_STATUS A: Syncing provision backend db_passwd, please wait..." 930 mrun "sleep 1" 931 _L_SYS="$_ROOT/.$_USER.pass.txt" 932 mv -f $_L_SYS $_L_SYS-pre-$_INSTALLER_VERSION-$_NOW &> /dev/null 933 provision_backend_dbpass_generate 934 if [ ! -z "$_ESC_PASS" ] && [ ! -z "$_ENC_PASS" ] ; then 893 935 su -s /bin/bash - $_USER -c "$_DRUSHCMD @hostmaster sqlq \"UPDATE hosting_db_server SET db_passwd='$_ESC_PASS' WHERE db_user='$_USER'\" &> /dev/null" 894 mysql -u root -e "FLUSH PRIVILEGES;" &> /dev/null895 936 mysql -u root -e "UPDATE mysql.user SET Password=PASSWORD('$_ESC_PASS') WHERE User='$_USER';" &> /dev/null 896 mysql -u root -e "FLUSH PRIVILEGES;" &> /dev/null 897 sed -i "s/mysql:\/\/$_USER:.*/mysql:\/\/$_USER:$_ENC_PASS@localhost',/g" /data/disk/$_USER/.drush/server_localhost.alias.drushrc.php &> /dev/null 898 sed -i "s/mysql:\/\/$_USER:.*/mysql:\/\/$_USER:$_ENC_PASS@localhost',/g" /data/disk/$_USER/.drush/server_master.alias.drushrc.php &> /dev/null 899 if [ "$_USE_STOCK" = "YES" ] || [ "$_DRUSH_CC_REQ" = "YES" ] ; then 900 $_DRUSHCMD cache-clear drush &> /dev/null 901 fi 902 if [ -e "$_ROOT/.drush/server_localhost.alias.drushrc.php" ] ; then 903 su -s /bin/bash $_USER -c "$_DRUSHCMD @hostmaster hosting-task @server_localhost verify --force &> /dev/null" 904 else 905 su -s /bin/bash $_USER -c "$_DRUSHCMD @hostmaster hosting-task @server_master verify --force &> /dev/null" 906 fi 907 msg "$_STATUS A: Running hosting-dispatch (1/3), please wait..." 908 $_DRUSHCMD '@hostmaster' hosting-dispatch &> /dev/null 909 mrun "sleep 5" 910 msg "$_STATUS A: Running hosting-dispatch (2/3), please wait..." 911 $_DRUSHCMD '@hostmaster' hosting-dispatch &> /dev/null 912 mrun "sleep 5" 913 msg "$_STATUS A: Running hosting-dispatch (3/3), please wait..." 914 $_DRUSHCMD '@hostmaster' hosting-dispatch &> /dev/null 937 sed -i "s/mysql:\/\/$_USER:.*/mysql:\/\/$_USER:$_ENC_PASS@localhost',/g" $_ROOT/.drush/server_localhost.alias.drushrc.php &> /dev/null 938 sed -i "s/mysql:\/\/$_USER:.*/mysql:\/\/$_USER:$_ENC_PASS@localhost',/g" $_ROOT/.drush/server_master.alias.drushrc.php &> /dev/null 915 939 fi 940 mysqladmin flush-privileges &> /dev/null 941 if [ "$_USE_STOCK" = "YES" ] || [ "$_DRUSH_CC_REQ" = "YES" ] ; then 942 su -s /bin/bash $_USER -c "$_DRUSHCMD cache-clear drush &> /dev/null" 943 fi 944 if [ -e "$_ROOT/.drush/server_localhost.alias.drushrc.php" ] ; then 945 su -s /bin/bash $_USER -c "$_DRUSHCMD @hostmaster hosting-task @server_localhost verify --force &> /dev/null" 946 else 947 su -s /bin/bash $_USER -c "$_DRUSHCMD @hostmaster hosting-task @server_master verify --force &> /dev/null" 948 fi 949 msg "$_STATUS A: Running hosting-dispatch (1/3), please wait..." 950 su -s /bin/bash $_USER -c "$_DRUSHCMD '@hostmaster' hosting-dispatch &> /dev/null" 951 mrun "sleep 5" 952 msg "$_STATUS A: Running hosting-dispatch (2/3), please wait..." 953 su -s /bin/bash $_USER -c "$_DRUSHCMD '@hostmaster' hosting-dispatch &> /dev/null" 954 mrun "sleep 5" 955 msg "$_STATUS A: Running hosting-dispatch (3/3), please wait..." 956 su -s /bin/bash $_USER -c "$_DRUSHCMD '@hostmaster' hosting-dispatch &> /dev/null" 957 } 958 # 959 # Sync hostmaster frontend db_passwd. 960 hostmaster_frontend_dbpass_sync () { 961 msg "$_STATUS A: Syncing hostmaster frontend db_passwd, please wait..." 962 mrun "sleep 1" 963 _THIS_HM_SPTH=`cat $_ROOT/.drush/hostmaster.alias.drushrc.php | grep "site_path'" | cut -d: -f2 | awk '{ print $3}' | sed "s/[\,']//g"` 964 _THIS_HM_DBUR=`cat $_THIS_HM_SPTH/drushrc.php | grep "options\['db_user'\] = " | cut -d: -f2 | awk '{ print $3}' | sed "s/[\,';]//g"` 965 _THIS_HM_DBPD=`cat $_THIS_HM_SPTH/drushrc.php | grep "options\['db_passwd'\] = " | cut -d: -f2 | awk '{ print $3}' | sed "s/[\,';]//g"` 966 if [ -e "$_THIS_HM_SPTH" ] && [ ! -z "$_THIS_HM_DBUR" ] && [ ! -z "$_THIS_HM_DBPD" ] ; then 967 mysql -u root -e "UPDATE mysql.user SET Password=PASSWORD('$_THIS_HM_DBPD') WHERE User='$_THIS_HM_DBUR';" &> /dev/null 968 fi 969 mysqladmin flush-privileges &> /dev/null 970 } 971 if [ "$_STATUS" = "INIT" ] ; then 972 mysqladmin flush-hosts &> /dev/null 973 provision_backend_dbpass_generate 974 echo "$_USER ALL=NOPASSWD: /etc/init.d/nginx" >> /etc/sudoers 975 else 976 mysqladmin flush-hosts &> /dev/null 977 provision_backend_dbpass_sync 916 978 fi 917 mrun "sleep 1"918 /usr/bin/mysqladmin -u root -h localhost --port=3306 reload919 979 cd $_ROOT 920 mrun "sleep 1"921 980 922 981 923 982 ###---### Install or upgrade Aegir Satellite Instance [Y/n] … … else 951 1010 msg "$_STATUS A: Aegir Satellite Instance upgrade skipped - platforms only" 952 1011 mrun "sleep 1" 953 1012 else 1013 hostmaster_frontend_dbpass_sync 954 1014 msg "$_STATUS A: Switching user and running AegirSetupB, please wait..." 955 1015 mrun "sleep 1" 956 1016 rm -f /opt/tmp/testecho* … … else 979 1039 chmod 700 $_ROOT/backups/system 980 1040 mv -f $_ROOT/backups/*host8* $_ROOT/backups/system/old_hostmaster/ &> /dev/null 981 1041 chmod 600 $_ROOT/backups/system/old_hostmaster/* &> /dev/null 1042 hostmaster_frontend_dbpass_sync 982 1043 fi 983 1044 chmod 0700 /data/u &> /dev/null 984 1045 chown root:root /data/u &> /dev/null … … if [ "$_LOCAL_STATUS" = "INIT" ] ; then 1024 1085 rm -f -r $_AEGIR_ROOT/scripts 1025 1086 rm -f $_AEGIR_ROOT/themes/README.txt 1026 1087 rm -f $_AEGIR_ROOT/*.txt 1027 s ervice nginx reload&> /dev/null1088 st_runner "service nginx reload" &> /dev/null 1028 1089 cd $_AEGIR_ROOT 1029 1090 cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/robots.txt ./ 1030 1091 cd $_ROOT … … fi 1034 1095 ###---### Force advanced Nginx config 1035 1096 # 1036 1097 force_advanced_nginx_config 1098 st_runner "service nginx reload" &> /dev/null 1037 1099 1038 1100 1039 1101 ###---### Force global.inc update … … fi 1050 1112 # 1051 1113 if [ -e "/var/aegir/config/server_master/nginx/pre.d/nginx_wild_ssl.conf" ] ; then 1052 1114 if [ -e "/opt/tmp/$_BOA_REPO_NAME/aegir/conf/global.inc.ssl.aegir.txt" ] ; then 1053 _SSL_TEST=` cat/data/conf/global.inc 2>&1`1054 if [[ "$_SSL_TEST" =~ " HTTP_X_FORWARDED_PROTO" ]] ; then1055 _SSL_TEST=OK1115 _SSL_TEST=`grep no-https-aegir /data/conf/global.inc 2>&1` 1116 if [[ "$_SSL_TEST" =~ "no-https-aegir" ]] ; then 1117 true 1056 1118 else 1057 msg "$_STATUS A: Installing forced SSL settings for this Hostmaster site, please wait..."1119 msg "$_STATUS A: Installing forced SSL settings for all Satellite Hostmasters" 1058 1120 mrun "sleep 1" 1059 1121 mv -f /data/conf/global.inc /data/conf/global.inc-pre-$_INSTALLER_VERSION-$_NOW &> /dev/null 1060 1122 cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/global.inc.ssl.aegir.txt /data/conf/global.inc 1061 service nginx reload &> /dev/null1062 1123 fi 1063 1124 fi 1064 1125 fi … … if [ ! -z "$_REMOTE_CACHE_IP" ] ; then 1079 1140 msg "$_STATUS A: Set/rewrite remote cache IP address and disable local caches" 1080 1141 mrun "sleep 1" 1081 1142 sed -i "s/'127.0.0.1'/'$_REMOTE_CACHE_IP'/g" /data/conf/global.inc &> /dev/null 1082 sed -i "s/'127.0.0.1'/'$_REMOTE_CACHE_IP'/g" /var/aegir/config/includes/global.inc &> /dev/null1083 1143 service redis-server stop &> /dev/null 1084 1144 update-rc.d -f redis-server remove &> /dev/null 1085 1145 service redis stop &> /dev/null … … if [ "$_LOCAL_STATUS" = "INIT" ] ; then 1250 1310 fi 1251 1311 echo "$_ESC_LUPASS" > $_ROOT/log/pass.txt 1252 1312 # get the password hash 1253 ph=$(m akepasswd --clearfrom=$_ROOT/log/pass.txt --crypt-md5 --verbose | grep "=" | cut -d= -f3 | awk '{ print $1}')1313 ph=$(mkpasswd -m sha-512 $_ESC_LUPASS $(openssl rand -base64 16 | tr -d '+=' | head -c 16)) 1254 1314 # Set the password 1255 1315 usermod -p $ph $_USERFTP &> /dev/null 1256 1316 passwd -w 7 -x 90 $_USERFTP &> /dev/null … … if [ "$_LOCAL_STATUS" = "INIT" ] ; then 1259 1319 chsh -s $_PATH_LSHELL $_USERFTP &> /dev/null 1260 1320 echo >> /etc/lshell.conf 1261 1321 echo "[$_USERFTP]" >> /etc/lshell.conf 1262 echo "path : [' /data/disk/$_USER/distro', '/data/disk/$_USER/static', '/data/disk/$_USER/backups', '/data/disk/$_USER/clients']" >> /etc/lshell.conf1322 echo "path : ['$_ROOT/distro', '$_ROOT/static', '$_ROOT/backups', '$_ROOT/clients']" >> /etc/lshell.conf 1263 1323 fi 1264 1324 1265 1325 … … _USER_HD="/home/$_USERFTP" 1270 1330 if [ ! -L "$_USER_HD/backups" ] ; then 1271 1331 msg "$_STATUS A: Adding symlink to the sites backups" 1272 1332 mrun "sleep 1" 1273 ln -s /data/disk/$_USER/backups $_USER_HD/backups1333 ln -s $_ROOT/backups $_USER_HD/backups 1274 1334 fi 1275 1335 1276 1336 … … _USER_HD="/home/$_USERFTP" 1353 1413 if [ ! -L "$_USER_HD/clients" ] ; then 1354 1414 msg "$_STATUS A: Adding symlink to the clients directory" 1355 1415 mrun "sleep 1" 1356 ln -s /data/disk/$_USER/clients $_USER_HD/clients1416 ln -s $_ROOT/clients $_USER_HD/clients 1357 1417 fi 1358 rm -f -r /data/disk/$_USER/clients/admin &> /dev/null1359 rm -f -r /data/disk/$_USER/clients/omega8ccgmailcom &> /dev/null1360 rm -f -r /data/disk/$_USER/clients/nocomega8cc &> /dev/null1361 rm -f -r /data/disk/$_USER/clients/*/backups &> /dev/null1362 symlinks -dr /data/disk/$_USER/clients &> /dev/null1418 rm -f -r $_ROOT/clients/admin &> /dev/null 1419 rm -f -r $_ROOT/clients/omega8ccgmailcom &> /dev/null 1420 rm -f -r $_ROOT/clients/nocomega8cc &> /dev/null 1421 rm -f -r $_ROOT/clients/*/backups &> /dev/null 1422 symlinks -dr $_ROOT/clients &> /dev/null 1363 1423 1364 1424 1365 1425 ###---### Remove not used dot files … … else 1397 1457 _ESC_LUPASS=`sanitize_string "$_ESC_LUPASS"` 1398 1458 fi 1399 1459 echo "$_ESC_LUPASS" > $_ROOT/log/pass.txt 1400 ph=$(m akepasswd --clearfrom=$_ROOT/log/pass.txt --crypt-md5 --verbose | grep "=" | cut -d= -f3 | awk '{ print $1}')1460 ph=$(mkpasswd -m sha-512 $_ESC_LUPASS $(openssl rand -base64 16 | tr -d '+=' | head -c 16)) 1401 1461 usermod -p $ph $_USERFTP &> /dev/null 1402 1462 _PASWD=`cat $_ROOT/log/pass.txt` 1403 1463 _PASWD=`echo -n $_PASWD | tr -d "\n"` … … mrun "sleep 1" 1802 1862 cd / 1803 1863 chmod 711 bin boot data dev emul etc home lib media mnt opt sbin selinux srv sys usr var &> /dev/null 1804 1864 chmod 700 root &> /dev/null 1865 if [ ! -f "/data/all/permissions-fix-$_INSTALLER_VERSION.info" ] ; then 1866 st_runner "chmod 02775 /data/all/*/*/sites/all/{modules,libraries,themes}" &> /dev/null 1867 st_runner "chown -R root:root /data/all" &> /dev/null 1868 st_runner "chown -R root:users /data/all/*/*/sites" &> /dev/null 1869 echo fixed > /data/all/permissions-fix-$_INSTALLER_VERSION.info 1870 fi 1805 1871 chown root:root /data/all &> /dev/null 1806 chown -R root:root /data/src &> /dev/null1807 chown -R root:root /data/conf &> /dev/null1808 1872 chown root:root $_CORE &> /dev/null 1809 chown -R root:root $_CORE/o_contrib &> /dev/null 1810 chown -R root:root $_CORE/o_contrib_seven &> /dev/null 1811 chown -R root:root /data/all/$_LAST_ALL/o_contrib &> /dev/null 1812 chown -R root:root /data/all/$_LAST_ALL/o_contrib_seven &> /dev/null 1813 chown -R root:root /data/all/000 &> /dev/null 1873 st_runner "chown -R root:root /data/src" &> /dev/null 1874 st_runner "chown -R root:root /data/conf" &> /dev/null 1875 st_runner "chown -R root:root $_CORE/o_contrib" &> /dev/null 1876 st_runner "chown -R root:root $_CORE/o_contrib_seven" &> /dev/null 1877 st_runner "chown -R root:root /data/all/$_LAST_ALL/o_contrib" &> /dev/null 1878 st_runner "chown -R root:root /data/all/$_LAST_ALL/o_contrib_seven" &> /dev/null 1879 st_runner "chown -R root:root /data/all/000" &> /dev/null 1814 1880 chown root:root /opt/tmp &> /dev/null 1815 1881 chmod 0711 $_CORE /data/all /data/all/000 /data/src /data /data/disk /data/conf &> /dev/null 1816 1882 chmod 0700 /data/u &> /dev/null -
aegir/scripts/AegirSetupB.sh.txt
diff --git a/aegir/scripts/AegirSetupB.sh.txt b/aegir/scripts/AegirSetupB.sh.txt index 97d8262..a25baf0 100644
a b else 124 124 _L_PHP_CLI=/usr/local/bin 125 125 fi 126 126 _DRUSHCMD="$_L_PHP_CLI/php $_ROOT/tools/drush/drush.php" 127 if [ "$_PHP_CLI_VERSION" = "5.2" ] && [ -x "/usr/local/bin/php52" ] ; then 128 _DRUSHCMD="/usr/local/bin/php52 $_ROOT/tools/drush/drush.php" 129 fi 127 130 # 128 131 SHELL=/bin/bash 129 132 PATH=$_L_PHP_CLI:/usr/local/sbin:/usr/sbin:/usr/bin:/sbin:/bin … … get_dev_ext () { 203 206 update_php_cli_drush () { 204 207 if [ "$_PHP_CLI_VERSION" = "5.3" ] && [ -x "/opt/local/bin/php" ] ; then 205 208 sed -i "s/^#\!\/.*/#\!\/opt\/local\/bin\/php/g" $_ROOT/tools/drush/drush.php &> /dev/null 206 elif [ "$_PHP_CLI_VERSION" = "5.2" ] && [ -x "/usr/local/bin/php" ] ; then 209 elif [ "$_PHP_CLI_VERSION" = "5.2" ] && [ -x "/usr/local/bin/php52" ] ; then 210 sed -i "s/^#\!\/.*/#\!\/usr\/local\/bin\/php52/g" $_ROOT/tools/drush/drush.php &> /dev/null 211 else 207 212 sed -i "s/^#\!\/.*/#\!\/usr\/local\/bin\/php/g" $_ROOT/tools/drush/drush.php &> /dev/null 208 213 fi 209 214 } … … update_php_cli_drush () { 211 216 _SRCDIR=/opt/tmp/files 212 217 _LOG=/var/backups/octopus-$_USER-$_NOW.log 213 218 # 219 220 ###---### Checking status 221 # 222 if [ -e "$_ROOT/aegir.sh" ] ; then 223 _STATUS=UPGRADE 224 cd $_ROOT 225 fi 226 227 228 ###---### User check 229 # 214 230 msg "$_STATUS B: Aegir automated install script part B" 215 231 if [ `whoami` = "root" ] ; then 216 232 msg "$_STATUS B: FATAL ERROR: This script should be ran as a non-root user" … … if [ `whoami` = "root" ] ; then 220 236 fi 221 237 222 238 223 ###---### Checking status..224 #225 if [ -e "$_ROOT/aegir.sh" ] ; then226 _STATUS=UPGRADE227 cd $_ROOT228 fi229 230 231 239 ###---### Add required users and create directories 232 240 # 233 241 msg "$_STATUS B: Creating directories with correct permissions" -
aegir/scripts/AegirSetupC.sh.txt
diff --git a/aegir/scripts/AegirSetupC.sh.txt b/aegir/scripts/AegirSetupC.sh.txt index 5101c08..fe65f3a 100644
a b else 143 143 fi 144 144 _DRUSHCMD="$_L_PHP_CLI/php $_ROOT/tools/drush/drush.php" 145 145 _DRUSH5CMD="$_L_PHP_CLI/php /opt/tools/drush/5/drush/drush.php" 146 if [ "$_PHP_CLI_VERSION" = "5.2" ] && [ -x "/usr/local/bin/php52" ] ; then 147 _DRUSHCMD="/usr/local/bin/php52 $_ROOT/tools/drush/drush.php" 148 fi 146 149 # 147 150 SHELL=/bin/bash 148 151 PATH=$_L_PHP_CLI:/usr/local/sbin:/usr/sbin:/usr/bin:/sbin:/bin … … upgrade_contrib_less () { 483 486 rm -f -r {ctools,rules,views} 484 487 wget -q -U iCab http://ftp.drupal.org/files/projects/ctools-7.x-1.3.tar.gz 485 488 wget -q -U iCab http://ftp.drupal.org/files/projects/rules-7.x-2.3.tar.gz 486 wget -q -U iCab http://ftp.drupal.org/files/projects/views-7.x-3. 6.tar.gz489 wget -q -U iCab http://ftp.drupal.org/files/projects/views-7.x-3.7.tar.gz 487 490 for archive in ./*.tar.gz; do 488 491 tar -xzf "$archive" &> /dev/null 489 492 done … … upgrade_contrib_more () { 508 511 wget -q -U iCab http://ftp.drupal.org/files/projects/ctools-7.x-1.3.tar.gz 509 512 wget -q -U iCab http://ftp.drupal.org/files/projects/date-7.x-2.6.tar.gz 510 513 wget -q -U iCab http://ftp.drupal.org/files/projects/email-7.x-1.2.tar.gz 511 wget -q -U iCab http://ftp.drupal.org/files/projects/entity-7.x-1. x-dev.tar.gz514 wget -q -U iCab http://ftp.drupal.org/files/projects/entity-7.x-1.1.tar.gz 512 515 wget -q -U iCab http://ftp.drupal.org/files/projects/facetapi-7.x-1.2.tar.gz 513 516 wget -q -U iCab http://ftp.drupal.org/files/projects/features-7.x-2.0-beta1.tar.gz 514 517 wget -q -U iCab http://ftp.drupal.org/files/projects/fontyourface-7.x-2.7.tar.gz … … upgrade_contrib_more () { 522 525 wget -q -U iCab http://ftp.drupal.org/files/projects/taxonomy_menu-7.x-1.4.tar.gz 523 526 wget -q -U iCab http://ftp.drupal.org/files/projects/token-7.x-1.5.tar.gz 524 527 wget -q -U iCab http://ftp.drupal.org/files/projects/views_bulk_operations-7.x-3.1.tar.gz 525 wget -q -U iCab http://ftp.drupal.org/files/projects/views-7.x-3. 6.tar.gz528 wget -q -U iCab http://ftp.drupal.org/files/projects/views-7.x-3.7.tar.gz 526 529 for archive in ./*.tar.gz; do 527 530 tar -xzf "$archive" &> /dev/null 528 531 done … … upgrade_contrib_some () { 547 550 wget -q -U iCab http://ftp.drupal.org/files/projects/navbar-7.x-1.0-alpha5.tar.gz 548 551 wget -q -U iCab http://ftp.drupal.org/files/projects/rules-7.x-2.3.tar.gz 549 552 wget -q -U iCab http://ftp.drupal.org/files/projects/token-7.x-1.5.tar.gz 550 wget -q -U iCab http://ftp.drupal.org/files/projects/views-7.x-3. 6.tar.gz553 wget -q -U iCab http://ftp.drupal.org/files/projects/views-7.x-3.7.tar.gz 551 554 for archive in ./*.tar.gz; do 552 555 tar -xzf "$archive" &> /dev/null 553 556 done … … create_civicrm_symlinks () { 651 654 } 652 655 653 656 657 ###---### Checking status 658 # 659 if [ -e "$_ROOT/log/setupmail.txt" ] ; then 660 _STATUS=UPGRADE 661 cd $_ROOT 662 fi 663 664 654 665 ###---### User check 655 666 # 656 667 msg "$_STATUS C: Aegir automated install script part C" … … if [ `whoami` = "root" ] ; then 662 673 fi 663 674 664 675 665 ###---### Checking status.. 666 # 667 if [ -e "$_ROOT/log/setupmail.txt" ] ; then 668 _STATUS=UPGRADE 669 cd $_ROOT 670 fi 671 672 673 ###---### Hot Sauce check.. 676 ###---### Hot Sauce check 674 677 # 675 678 if [ "$_HOT_SAUCE" = "NO" ] ; then 676 679 _CORE="/data/all/$_LAST_ALL" … … _F_CIVICRM_M7="CiviCRM $_CIVICRM_M7 $_SMALLCORE7 P.$_THIS_CORE" 700 703 _F_CIVICRM6="CiviCRM $_CIVICRM6 $_SMALLCORE6 P.$_THIS_CORE" 701 704 _F_COD="Conference 1.0-rc2 $_SMALLCORE6 P.$_THIS_CORE" 702 705 _F_COM_MERCE="Commerce 2.6 $_SMALLCORE7 P.$_THIS_CORE" 703 _F_COMMERCE="Commerce 1.1 6$_SMALLCORE7 P.$_THIS_CORE"706 _F_COMMERCE="Commerce 1.18 $_SMALLCORE7 P.$_THIS_CORE" 704 707 _F_D6COMMONS="Commons 2.12 $_SMALLCORE6 P.$_THIS_CORE" 705 708 _F_D7COMMONS="Commons 3.2 $_SMALLCORE7 P.$_THIS_CORE" 706 709 _F_DRUPAL_EDGE_8="Drupal $_DRUPAL_EDGE_8" … … _F_OPENATRIUM="Open Atrium 1.7.1 $_SMALLCORE6 P.$_THIS_CORE" 720 723 _F_OPENCHURCH="OpenChurch 1.11-b9 $_SMALLCORE7 P.$_THIS_CORE" 721 724 _F_OPENDEALS="Open Deals $_OPEN_DEALS $_SMALLCORE7 P.$_THIS_CORE" 722 725 _F_OPENENTERPRISE="Open Enterprise 1.0-rc3 $_SMALLCORE7 P.$_THIS_CORE" 723 _F_OPENOUTREACH="Open Outreach 1.0-rc1 0$_SMALLCORE7 P.$_THIS_CORE"726 _F_OPENOUTREACH="Open Outreach 1.0-rc11 $_SMALLCORE7 P.$_THIS_CORE" 724 727 _F_OPENPUBLIC="OpenPublic 1.0-b3 $_SMALLCORE7 P.$_THIS_CORE" 725 728 _F_OPENPUBLISH="OpenPublish 3.0-b7 $_SMALLCORE7 P.$_THIS_CORE" 726 729 _F_OPENSCHOLAR="OpenScholar 2.0-rc1 $_SMALLCORE6 P.$_THIS_CORE" 727 _F_PANOPOLY="Panopoly 1.0-rc4 a$_SMALLCORE7 P.$_THIS_CORE"730 _F_PANOPOLY="Panopoly 1.0-rc4 $_SMALLCORE7 P.$_THIS_CORE" 728 731 _F_PROSEPOINT="Prosepoint $_PROSEPOINT $_SMALLCORE6 P.$_THIS_CORE" 729 732 _F_UBER_CART_SEVEN="Ubercart $_UBER_CART_SEVEN $_SMALLCORE7 P.$_THIS_CORE" 730 733 _F_UBERCART="Ubercart $_UBERCART $_SMALLCORE6 P.$_THIS_CORE" … … if [ ! -d "$_CORE_DISTRO" ] ; then 1063 1066 cd $_THIS_PRPATH 1064 1067 cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/patches/$_THIS_PRNAME.patch ./ 1065 1068 patch -p1 < $_THIS_PRNAME.patch &> /dev/null 1066 if [ $_COMMERCE = "7.x-1.1 6" ] ; then1069 if [ $_COMMERCE = "7.x-1.18" ] ; then 1067 1070 cd $_THIS_PRPATH/modules 1068 upgrade_contrib_less 1071 rm -f -r {addressfield,entity} 1072 wget -q -U iCab http://ftp.drupal.org/files/projects/entity-7.x-1.1.tar.gz 1073 wget -q -U iCab http://ftp.drupal.org/files/projects/addressfield-7.x-1.0-beta4.tar.gz 1074 for archive in ./*.tar.gz; do 1075 tar -xzf "$archive" &> /dev/null 1076 done 1077 rm -f *.tar.gz 1069 1078 fi 1070 1079 create_dirs 1071 1080 themes_for_d7 … … if [ ! -d "$_CORE_DISTRO" ] ; then 2245 2254 fi 2246 2255 replace_drupal7_core 2247 2256 remove_default_core_seven_profiles 2248 if [ $_OPENDEALS = "7.x-1. 19" ] ; then2257 if [ $_OPENDEALS = "7.x-1.20" ] ; then 2249 2258 cd $_THIS_PRPATH/modules 2250 2259 rm -f -r {diff} 2251 2260 wget -q -U iCab http://ftp.drupal.org/files/projects/diff-7.x-3.2.tar.gz … … build_openpublic () { 2405 2414 rm -f -r $_THIS_PRPATH/modules/{panels,password_policy,views,webform} 2406 2415 wget -q -U iCab http://ftp.drupal.org/files/projects/panels-7.x-3.2.tar.gz 2407 2416 wget -q -U iCab http://ftp.drupal.org/files/projects/password_policy-7.x-1.0-rc3.tar.gz 2408 wget -q -U iCab http://ftp.drupal.org/files/projects/views-7.x-3. 6.tar.gz2417 wget -q -U iCab http://ftp.drupal.org/files/projects/views-7.x-3.7.tar.gz 2409 2418 wget -q -U iCab http://ftp.drupal.org/files/projects/webform-7.x-3.17.tar.gz 2410 2419 for archive in ./*.tar.gz; do 2411 2420 tar -xzf "$archive" &> /dev/null … … if [ ! -d "$_CORE_DISTRO" ] ; then 2853 2862 cd $_THIS_PRPATH/modules 2854 2863 wget -q -U iCab http://ftp.drupal.org/files/projects/colorbox-7.x-2.3.tar.gz 2855 2864 wget -q -U iCab http://ftp.drupal.org/files/projects/ctools-7.x-1.3.tar.gz 2856 wget -q -U iCab http://ftp.drupal.org/files/projects/entity-7.x-1. x-dev.tar.gz2865 wget -q -U iCab http://ftp.drupal.org/files/projects/entity-7.x-1.1.tar.gz 2857 2866 wget -q -U iCab http://ftp.drupal.org/files/projects/google_analytics-7.x-1.3.tar.gz 2858 2867 wget -q -U iCab http://ftp.drupal.org/files/projects/libraries-7.x-2.x-dev.tar.gz 2859 2868 wget -q -U iCab http://ftp.drupal.org/files/projects/pathauto-7.x-1.2.tar.gz 2860 2869 wget -q -U iCab http://ftp.drupal.org/files/projects/rules-7.x-2.3.tar.gz 2861 2870 wget -q -U iCab http://ftp.drupal.org/files/projects/token-7.x-1.5.tar.gz 2862 2871 wget -q -U iCab http://ftp.drupal.org/files/projects/ubercart-7.x-3.4.tar.gz 2863 wget -q -U iCab http://ftp.drupal.org/files/projects/views-7.x-3. 6.tar.gz2872 wget -q -U iCab http://ftp.drupal.org/files/projects/views-7.x-3.7.tar.gz 2864 2873 for archive in ./*.tar.gz; do 2865 2874 tar -xzf "$archive" &> /dev/null 2866 2875 done -
aegir/scripts/AegirSetupM.sh.txt
diff --git a/aegir/scripts/AegirSetupM.sh.txt b/aegir/scripts/AegirSetupM.sh.txt index bf2985d..f4b96ab 100644
a b msg() { 60 60 update_php_cli_drush () { 61 61 if [ "$_PHP_CLI_VERSION" = "5.3" ] && [ -x "/opt/local/bin/php" ] ; then 62 62 sed -i "s/^#\!\/.*/#\!\/opt\/local\/bin\/php/g" /var/aegir/drush/drush.php &> /dev/null 63 elif [ "$_PHP_CLI_VERSION" = "5.2" ] && [ -x "/usr/local/bin/php" ] ; then 63 elif [ "$_PHP_CLI_VERSION" = "5.2" ] && [ -x "/usr/local/bin/php52" ] ; then 64 sed -i "s/^#\!\/.*/#\!\/usr\/local\/bin\/php52/g" /var/aegir/drush/drush.php &> /dev/null 65 else 64 66 sed -i "s/^#\!\/.*/#\!\/usr\/local\/bin\/php/g" /var/aegir/drush/drush.php &> /dev/null 65 67 fi 66 68 } … … get_dev_ext () { 76 78 # 77 79 # Remove dangerous stuff from the string. 78 80 sanitize_string () { 79 echo "$1" | sed 's/[\ `\#\"\{\(\$\@]//g' | sed 's/\(['"'"'\]\)//g'81 echo "$1" | sed 's/[\\\/\^\?\>\`\#\"\{\(\$\@]//g' | sed 's/\(['"'"'\]\)//g' 80 82 } 81 83 # 82 84 ######################################################################## -
aegir/scripts/AegirUpgrade.sh.txt
diff --git a/aegir/scripts/AegirUpgrade.sh.txt b/aegir/scripts/AegirUpgrade.sh.txt index 40f7f23..0a08d1c 100644
a b else 57 57 _L_PHP_CLI=/usr/local/bin 58 58 fi 59 59 _DRUSHCMD="$_L_PHP_CLI/php /var/aegir/drush/drush.php" 60 60 if [ "$_PHP_CLI_VERSION" = "5.2" ] && [ -x "/usr/local/bin/php52" ] ; then 61 _DRUSHCMD="/usr/local/bin/php52 /var/aegir/drush/drush.php" 62 fi 61 63 SHELL=/bin/bash 62 64 PATH=$_L_PHP_CLI:/usr/local/sbin:/usr/sbin:/usr/bin:/sbin:/bin 63 65 … … export DEBIAN_FRONTEND=noninteractive 77 79 update_php_cli_drush () { 78 80 if [ "$_PHP_CLI_VERSION" = "5.3" ] && [ -x "/opt/local/bin/php" ] ; then 79 81 sed -i "s/^#\!\/.*/#\!\/opt\/local\/bin\/php/g" /var/aegir/drush/drush.php &> /dev/null 80 elif [ "$_PHP_CLI_VERSION" = "5.2" ] && [ -x "/usr/local/bin/php" ] ; then 82 elif [ "$_PHP_CLI_VERSION" = "5.2" ] && [ -x "/usr/local/bin/php52" ] ; then 83 sed -i "s/^#\!\/.*/#\!\/usr\/local\/bin\/php52/g" /var/aegir/drush/drush.php &> /dev/null 84 else 81 85 sed -i "s/^#\!\/.*/#\!\/usr\/local\/bin\/php/g" /var/aegir/drush/drush.php &> /dev/null 82 86 fi 83 87 } -
aegir/tools/BOND.sh.txt
diff --git a/aegir/tools/BOND.sh.txt b/aegir/tools/BOND.sh.txt index 70de940..48d0f93 100755
a b _AEGIR_VERSION=BOA-2.0.8 146 146 ### DON'T EDIT ANYTHING BELOW THIS LINE ### 147 147 ###----------------------------------------### 148 148 149 _INSTALLER_VERSION=BOA-2.0. 8149 _INSTALLER_VERSION=BOA-2.0.9 150 150 _NOW=`date +%y%m%d-%H%M` 151 151 _RAM=`free -mto | grep Mem: | awk '{ print $2 }'` 152 152 _THISHOST=`uname -n` … … restart_services () { 612 612 # 613 613 tune_web_server_config () { 614 614 _LIM_FPM="$_L_PHP_FPM_WORKERS" 615 if [ "$_LIM_FPM" -lt "6" ] ; then 616 _LIM_FPM=6 615 if [ "$_LIM_FPM" -lt "3" ] ; then 616 _LIM_FPM=3 617 fi 618 let "_PROCESS_MAX_FPM = (($_LIM_FPM * 2))" 619 let "_CHILD_MAX_FPM = (($_PROCESS_MAX_FPM - 2))" 620 let "_START_FPM = (($_CHILD_MAX_FPM - 4))" 621 if [ "$_START_FPM" -lt "2" ] ; then 622 _START_FPM=2 623 fi 624 let "_START_LEGACY_FPM = (($_LIM_FPM / 3))" 625 if [ "$_START_LEGACY_FPM" -lt "2" ] ; then 626 _START_LEGACY_FPM=2 617 627 fi 618 let "_START_FPM = (($_LIM_FPM / 2))"619 628 if [ ! -z "$_START_FPM" ] ; then 620 let "_PROCESS_MAX_FPM = (($_LIM_FPM * 2))" 621 sed -i "s/max_children\">.*</max_children\">$_START_FPM</g" /opt/etc/php-fpm.conf &> /dev/null 622 sed -i "s/pm.max_children =.*/pm.max_children = $_LIM_FPM/g" /opt/local/etc/php53-fpm.conf &> /dev/null 629 sed -i "s/max_children\">.*</max_children\">$_START_LEGACY_FPM</g" /opt/etc/php-fpm.conf &> /dev/null 630 sed -i "s/pm.max_children =.*/pm.max_children = $_CHILD_MAX_FPM/g" /opt/local/etc/php53-fpm.conf &> /dev/null 623 631 sed -i "s/pm.start_servers =.*/pm.start_servers = $_START_FPM/g" /opt/local/etc/php53-fpm.conf &> /dev/null 624 632 sed -i "s/pm.max_spare_servers =.*/pm.max_spare_servers = $_START_FPM/g" /opt/local/etc/php53-fpm.conf &> /dev/null 625 633 sed -i "s/process.max =.*/process.max = $_PROCESS_MAX_FPM/g" /opt/local/etc/php53-fpm.conf &> /dev/null … … tune_memory_limits () { 736 744 _USE_PHP=512 737 745 _USE_APC=256 738 746 if [ "$_PHP_FPM_WORKERS" = "AUTO" ] ; then 739 _L_PHP_FPM_WORKERS= 6747 _L_PHP_FPM_WORKERS=3 740 748 else 741 749 _L_PHP_FPM_WORKERS=$_PHP_FPM_WORKERS 742 750 fi … … tune_memory_limits () { 764 772 _USE_PHP="$_USE" 765 773 _USE_APC="$_USE" 766 774 if [ "$_PHP_FPM_WORKERS" = "AUTO" ] ; then 767 _L_PHP_FPM_WORKERS= 6775 _L_PHP_FPM_WORKERS=3 768 776 else 769 777 _L_PHP_FPM_WORKERS=$_PHP_FPM_WORKERS 770 778 fi … … tune_memory_limits () { 796 804 sed -i "s/88/$_USE_SQL/g" /etc/mysql/my.cnf &> /dev/null 797 805 sed -i "s/88/$_USE_APC/g" /etc/redis/redis.conf &> /dev/null 798 806 if [ -e "/etc/default/jetty9" ] && [ -e "/opt/solr4" ] ; then 799 sed -i "s/^JAVA_OPTIONS.*/JAVA_OPTIONS=\"-Xms8m $_USE_JETTY -Djava.awt.headless=true -Dsolr.solr.home= /opt/solr4 \$JAVA_OPTIONS\" # Options/g" /etc/default/jetty9 &> /dev/null807 sed -i "s/^JAVA_OPTIONS.*/JAVA_OPTIONS=\"-Xms8m $_USE_JETTY -Djava.awt.headless=true -Dsolr.solr.home=\/opt\/solr4 \$JAVA_OPTIONS\" # Options/g" /etc/default/jetty9 &> /dev/null 800 808 fi 801 809 if [ -e "/etc/default/jetty8" ] && [ -e "/opt/solr3" ] ; then 802 sed -i "s/^JAVA_OPTIONS.*/JAVA_OPTIONS=\"-Xms8m $_USE_JETTY -Djava.awt.headless=true -Dsolr.solr.home= /opt/solr3 \$JAVA_OPTIONS\" # Options/g" /etc/default/jetty8 &> /dev/null810 sed -i "s/^JAVA_OPTIONS.*/JAVA_OPTIONS=\"-Xms8m $_USE_JETTY -Djava.awt.headless=true -Dsolr.solr.home=\/opt\/solr3 \$JAVA_OPTIONS\" # Options/g" /etc/default/jetty8 &> /dev/null 803 811 fi 804 812 if [ -e "/etc/default/jetty7" ] && [ -e "/opt/solr1" ] ; then 805 sed -i "s/^JAVA_OPTIONS.*/JAVA_OPTIONS=\"-Xms8m $_USE_JETTY -Djava.awt.headless=true -Dsolr.solr.home= /opt/solr1 \$JAVA_OPTIONS\" # Options/g" /etc/default/jetty7 &> /dev/null813 sed -i "s/^JAVA_OPTIONS.*/JAVA_OPTIONS=\"-Xms8m $_USE_JETTY -Djava.awt.headless=true -Dsolr.solr.home=\/opt\/solr1 \$JAVA_OPTIONS\" # Options/g" /etc/default/jetty7 &> /dev/null 806 814 fi 807 815 if [[ "$_THISHOST" =~ ".host8." ]] ; then 808 816 if [[ "$_THISHOST" =~ "ocean.ams.host8.biz" ]] || [[ "$_THISHOST" =~ "ocean.nyc.host8.biz" ]] ; then … … tune_memory_limits () { 821 829 fi 822 830 if [ "$_CUSTOM_CONFIG_SQL" = "NO" ] ; then 823 831 if [ "$_DB_BINARY_LOG" = "NO" ] ; then 832 bash /var/xdrago/purge_binlogs.sh &> /dev/null 824 833 sed -i "s/.*purge_binlogs.*//g" /var/spool/cron/crontabs/root &> /dev/null 825 834 sed -i "/^$/d" /var/spool/cron/crontabs/root &> /dev/null 826 835 sed -i "s/^log_bin/#log_bin/g" /etc/mysql/my.cnf &> /dev/null … … _BOA_REPO_GIT_URLX=${_BOA_REPO_GIT_URL//\//\\\/} 910 919 # 911 920 # 912 921 if [ `whoami` = "root" ] ; then 922 chmod a+w /dev/null 913 923 msg "INFO: This script is ran as a root user" 914 924 else 915 925 msg "ERROR: This script should be ran as a root user - please `sudo -i` first" … … if [ "$_AEGIR_VERSION" = "HEAD" ] ; then 951 961 cd /opt/tmp 952 962 fi 953 963 else 954 wget -q -U iCab http://files.aegir.cc/versions/nginx-for-drupal-$_ AEGIR_VERSION.tar.gz955 gunzip -q -c nginx-for-drupal-$_ AEGIR_VERSION.tar.gz | tar -xf -956 rm -f nginx-for-drupal-$_ AEGIR_VERSION.tar.gz964 wget -q -U iCab http://files.aegir.cc/versions/nginx-for-drupal-$_INSTALLER_VERSION.tar.gz 965 gunzip -q -c nginx-for-drupal-$_INSTALLER_VERSION.tar.gz | tar -xf - 966 rm -f nginx-for-drupal-$_INSTALLER_VERSION.tar.gz 957 967 _BOA_REPO_NAME="nginx-for-drupal" 958 968 fi 959 969 # -
aegir/tools/bin/barracuda
diff --git a/aegir/tools/bin/barracuda b/aegir/tools/bin/barracuda index 63a44c8..b8f64a9 100755
a b up_start () 149 149 touch /var/run/boa_wait.pid 150 150 mkdir -p $_LOG_DIR 151 151 cd /var/backups 152 rm -f /var/backups/BARRACUDA.sh .*152 rm -f /var/backups/BARRACUDA.sh* 153 153 fi 154 154 } 155 155 … … up_finish () 157 157 { 158 158 rm -f /var/run/boa_run.pid 159 159 rm -f /var/run/boa_wait.pid 160 rm -f /var/backups/BARRACUDA.sh.* 161 rm -f /root/BOA.sh.* 160 rm -f /var/backups/BARRACUDA.sh* 161 rm -f /root/BOA.sh* 162 rm -f /root/.bashrc.bak* 162 163 echo 163 164 echo BARRACUDA upgrade completed 164 165 echo Bye … … set_pin_priority () 225 226 check_root () 226 227 { 227 228 if [ `whoami` = "root" ] ; then 228 true229 chmod a+w /dev/null 229 230 sed -i "s/.*173.231.133.190.*//g" /etc/hosts &> /dev/null 230 231 sed -i "/^$/d" /etc/hosts &> /dev/null 231 232 else -
aegir/tools/bin/boa
diff --git a/aegir/tools/bin/boa b/aegir/tools/bin/boa index 9b3c307..1c87703 100755
a b init_start () 99 99 touch /var/run/boa_wait.pid 100 100 mkdir -p /var/backups 101 101 cd /var/backups 102 rm -f /var/backups/BARRACUDA.sh .*103 rm -f /var/backups/OCTOPUS.sh .*102 rm -f /var/backups/BARRACUDA.sh* 103 rm -f /var/backups/OCTOPUS.sh* 104 104 fi 105 105 } 106 106 … … init_finish () 108 108 { 109 109 rm -f /var/run/boa_run.pid 110 110 rm -f /var/run/boa_wait.pid 111 rm -f /var/backups/BARRACUDA.sh .*112 rm -f /var/backups/OCTOPUS.sh .*113 rm -f /root/BOA.sh .*111 rm -f /var/backups/BARRACUDA.sh* 112 rm -f /var/backups/OCTOPUS.sh* 113 rm -f /root/BOA.sh* 114 114 echo 115 115 echo BOA $version completed 116 116 echo Bye … … set_pin_priority () 194 194 check_root () 195 195 { 196 196 if [ `whoami` = "root" ] ; then 197 true197 chmod a+w /dev/null 198 198 sed -i "s/.*173.231.133.190.*//g" /etc/hosts &> /dev/null 199 199 sed -i "/^$/d" /etc/hosts &> /dev/null 200 200 else -
aegir/tools/bin/octopus
diff --git a/aegir/tools/bin/octopus b/aegir/tools/bin/octopus index 4bb6419..2100a7b 100755
a b up_start () 221 221 touch /var/run/boa_wait.pid 222 222 mkdir -p $_LOG_DIR 223 223 cd /var/backups 224 rm -f /var/backups/OCTOPUS.sh .*224 rm -f /var/backups/OCTOPUS.sh* 225 225 fi 226 226 if [ "$cmmode" = "log" ] ; then 227 227 silent="$cmmode" … … up_finish () 235 235 { 236 236 rm -f /var/run/boa_run.pid 237 237 rm -f /var/run/boa_wait.pid 238 rm -f /var/backups/OCTOPUS.sh .*239 rm -f /root/BOA.sh .*238 rm -f /var/backups/OCTOPUS.sh* 239 rm -f /root/BOA.sh* 240 240 echo 241 241 echo OCTOPUS upgrade completed 242 242 echo Bye … … EOF 290 290 check_root () 291 291 { 292 292 if [ `whoami` = "root" ] ; then 293 true293 chmod a+w /dev/null 294 294 sed -i "s/.*173.231.133.190.*//g" /etc/hosts &> /dev/null 295 295 sed -i "/^$/d" /etc/hosts &> /dev/null 296 296 else -
aegir/tools/bin/randpass
diff --git a/aegir/tools/bin/randpass b/aegir/tools/bin/randpass index af0610c..c386175 100755
a b randpass() { 15 15 cat /dev/urandom | tr -cd "$CHAR" | head -c ${1:-$rkey} | tr -d "\n" 16 16 elif [ "$kind" = "esc" ] ; then 17 17 CHAR="[:graph:]" 18 cat /dev/urandom | tr -cd "$CHAR" | head -c ${1:-$rkey} | tr -d "\n" | sed 's/[\ `\#\"\{\(\$\@]//g' | sed 's/\(['"'"'\]\)//g'18 cat /dev/urandom | tr -cd "$CHAR" | head -c ${1:-$rkey} | tr -d "\n" | sed 's/[\\\/\^\?\>\`\#\"\{\(\$\@]//g' | sed 's/\(['"'"'\]\)//g' 19 19 elif [ "$kind" = "hash" ] ; then 20 20 CHAR="[:alnum:]" 21 21 if [ "$_REL_VERSION" = "oneiric" ] || [ "$_REL_VERSION" = "precise" ] ; then -
aegir/tools/bin/syncpass
diff --git a/aegir/tools/bin/syncpass b/aegir/tools/bin/syncpass index 3f1882d..707f8cf 100755
a b _NOW=`date +%y%m%d-%H%M` 6 6 7 7 # Remove dangerous stuff from the string. 8 8 sanitize_string () { 9 echo "$1" | sed 's/[\ `\#\"\{\(\$\@]//g' | sed 's/\(['"'"'\]\)//g'9 echo "$1" | sed 's/[\\\/\^\?\>\`\#\"\{\(\$\@]//g' | sed 's/\(['"'"'\]\)//g' 10 10 } 11 11 12 12 check_generate () { … … do_syncpass () { 52 52 cp /var/aegir/.drush/server_master.alias.drushrc.php /var/backups/server_master.alias.drushrc.php.$uname-bak-$_NOW &> /dev/null 53 53 check_generate 54 54 chown $uname:$uname $_L_SYS &> /dev/null 55 su -s /bin/bash - $uname -c "drush @hostmaster sqlq \"UPDATE hosting_db_server SET db_passwd='$_ESC_APASS' WHERE db_user='aegir_root'\" &> /dev/null" 56 mysql -u root -e "FLUSH PRIVILEGES;" &> /dev/null 57 mysql -u root -e "UPDATE mysql.user SET Password=PASSWORD('$_ESC_APASS') WHERE User='$uname';" &> /dev/null 58 mysql -u root -e "FLUSH PRIVILEGES;" &> /dev/null 59 sed -i "s/mysql:\/\/aegir_root:.*/mysql:\/\/aegir_root:$_ENC_APASS@localhost',/g" /var/aegir/.drush/server_localhost.alias.drushrc.php &> /dev/null 60 sed -i "s/mysql:\/\/aegir_root:.*/mysql:\/\/aegir_root:$_ENC_APASS@localhost',/g" /var/aegir/.drush/server_master.alias.drushrc.php &> /dev/null 55 if [ ! -z "$_ESC_APASS" ] && [ ! -z "$_ENC_APASS" ] ; then 56 mysqladmin flush-hosts &> /dev/null 57 su -s /bin/bash - $uname -c "drush @hostmaster sqlq \"UPDATE hosting_db_server SET db_passwd='$_ESC_APASS' WHERE db_user='aegir_root'\" &> /dev/null" 58 mysql -u root -e "UPDATE mysql.user SET Password=PASSWORD('$_ESC_APASS') WHERE User='$uname';" &> /dev/null 59 sed -i "s/mysql:\/\/aegir_root:.*/mysql:\/\/aegir_root:$_ENC_APASS@localhost',/g" /var/aegir/.drush/server_localhost.alias.drushrc.php &> /dev/null 60 sed -i "s/mysql:\/\/aegir_root:.*/mysql:\/\/aegir_root:$_ENC_APASS@localhost',/g" /var/aegir/.drush/server_master.alias.drushrc.php &> /dev/null 61 mysqladmin flush-privileges &> /dev/null 62 else 63 echo "ERROR: Auto-generated password for $uname system user did not work as expected, please try again." 64 exit 1 65 fi 61 66 echo "INFO: Fixed Aegir Master Instance system user=aegir_root" 62 67 echo "INFO: New system password=$_ESC_APASS encoded=$_ENC_APASS" 63 68 echo "BYE!" … … do_syncpass () { 68 73 cp /data/disk/$uname/.drush/server_master.alias.drushrc.php /var/backups/server_master.alias.drushrc.php.$uname-bak-$_NOW &> /dev/null 69 74 check_generate 70 75 chown $uname:users $_L_SYS &> /dev/null 71 su -s /bin/bash - $uname -c "drush @hostmaster sqlq \"UPDATE hosting_db_server SET db_passwd='$_ESC_APASS' WHERE db_user='$uname'\" &> /dev/null" 72 mysql -u root -e "FLUSH PRIVILEGES;" &> /dev/null 73 mysql -u root -e "UPDATE mysql.user SET Password=PASSWORD('$_ESC_APASS') WHERE User='$uname';" &> /dev/null 74 mysql -u root -e "FLUSH PRIVILEGES;" &> /dev/null 75 sed -i "s/mysql:\/\/$uname:.*/mysql:\/\/$uname:$_ENC_APASS@localhost',/g" /data/disk/$uname/.drush/server_localhost.alias.drushrc.php &> /dev/null 76 sed -i "s/mysql:\/\/$uname:.*/mysql:\/\/$uname:$_ENC_APASS@localhost',/g" /data/disk/$uname/.drush/server_master.alias.drushrc.php &> /dev/null 76 if [ ! -z "$_ESC_APASS" ] && [ ! -z "$_ENC_APASS" ] ; then 77 mysqladmin flush-hosts &> /dev/null 78 su -s /bin/bash - $uname -c "drush @hostmaster sqlq \"UPDATE hosting_db_server SET db_passwd='$_ESC_APASS' WHERE db_user='$uname'\" &> /dev/null" 79 mysql -u root -e "UPDATE mysql.user SET Password=PASSWORD('$_ESC_APASS') WHERE User='$uname';" &> /dev/null 80 sed -i "s/mysql:\/\/$uname:.*/mysql:\/\/$uname:$_ENC_APASS@localhost',/g" /data/disk/$uname/.drush/server_localhost.alias.drushrc.php &> /dev/null 81 sed -i "s/mysql:\/\/$uname:.*/mysql:\/\/$uname:$_ENC_APASS@localhost',/g" /data/disk/$uname/.drush/server_master.alias.drushrc.php &> /dev/null 82 mysqladmin flush-privileges &> /dev/null 83 else 84 echo "ERROR: Auto-generated password for $uname system user did not work as expected, please try again." 85 exit 1 86 fi 77 87 echo "INFO: Fixed Aegir Satellite Instance system user=$uname" 78 88 echo "INFO: New system password=$_ESC_APASS encoded=$_ENC_APASS" 79 89 echo "BYE!" … … do_syncpass () { 92 102 check_root () 93 103 { 94 104 if [ `whoami` = "root" ] ; then 95 true105 chmod a+w /dev/null 96 106 sed -i "s/.*173.231.133.190.*//g" /etc/hosts &> /dev/null 97 107 sed -i "/^$/d" /etc/hosts &> /dev/null 98 108 else -
aegir/tools/host/host-water.sh
diff --git a/aegir/tools/host/host-water.sh b/aegir/tools/host/host-water.sh index 00cccf5..4cfd724 100755
a b for i in `dir -d /vservers/*` ; do 21 21 if [[ "$_FW_TEST" =~ "$_IP" ]] ; then 22 22 echo "$_IP already denied or allowed on port 22" 23 23 else 24 echo "Deny $_IP permanently $_NR_TEST" 25 csf -d $_IP Brute force SSH Server $_NR_TEST attacks 24 if [ $_NR_TEST -ge "24" ] ; then 25 echo "Deny $_IP permanently $_NR_TEST" 26 csf -d $_IP do not delete Brute force SSH Server $_NR_TEST attacks 27 else 28 echo "Deny $_IP until limits rotation $_NR_TEST" 29 csf -d $_IP Brute force SSH Server $_NR_TEST attacks 30 fi 26 31 fi 27 32 sleep 1 28 33 fi … … for i in `dir -d /vservers/*` ; do 39 44 if [[ "$_FW_TEST" =~ "$_IP" ]] ; then 40 45 echo "$_IP already denied or allowed on port 80" 41 46 else 42 echo "Deny $_IP permanently $_NR_TEST" 43 csf -d $_IP Brute force Web Server $_NR_TEST attacks 47 if [ $_NR_TEST -ge "24" ] ; then 48 echo "Deny $_IP permanently $_NR_TEST" 49 csf -d $_IP do not delete Brute force Web Server $_NR_TEST attacks 50 else 51 echo "Deny $_IP until limits rotation $_NR_TEST" 52 csf -d $_IP Brute force Web Server $_NR_TEST attacks 53 fi 44 54 fi 45 55 sleep 1 46 56 fi … … for i in `dir -d /vservers/*` ; do 57 67 if [[ "$_FW_TEST" =~ "$_IP" ]] ; then 58 68 echo "$_IP already denied or allowed on port 21" 59 69 else 60 echo "Deny $_IP permanently $_NR_TEST" 61 csf -d $_IP Brute force FTP Server $_NR_TEST attacks 70 if [ $_NR_TEST -ge "24" ] ; then 71 echo "Deny $_IP permanently $_NR_TEST" 72 csf -d $_IP do not delete Brute force FTP Server $_NR_TEST attacks 73 else 74 echo "Deny $_IP until limits rotation $_NR_TEST" 75 csf -d $_IP Brute force FTP Server $_NR_TEST attacks 76 fi 62 77 fi 63 78 sleep 1 64 79 fi … … for i in `dir -d /vservers/*` ; do 75 90 if [[ "$_FW_TEST" =~ "$_IP" ]] ; then 76 91 echo "$_IP already denied or allowed on port 25" 77 92 else 78 echo "Deny $_IP permanently $_NR_TEST" 79 csf -d $_IP Brute force SMTP Server $_NR_TEST attacks 93 if [ $_NR_TEST -ge "24" ] ; then 94 echo "Deny $_IP permanently $_NR_TEST" 95 csf -d $_IP do not delete Brute force SMTP Server $_NR_TEST attacks 96 else 97 echo "Deny $_IP until limits rotation $_NR_TEST" 98 csf -d $_IP Brute force SMTP Server $_NR_TEST attacks 99 fi 80 100 fi 81 101 sleep 1 82 102 fi -
aegir/tools/system/clear.sh
diff --git a/aegir/tools/system/clear.sh b/aegir/tools/system/clear.sh index f9aa09f..295fe7f 100755
a b 3 3 SHELL=/bin/bash 4 4 PATH=/usr/local/sbin:/usr/local/bin:/opt/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 5 5 6 touch /var/run/fmp_wait.pid7 6 if [ -e "/etc/cron.daily/logrotate" ] ; then 8 7 _SYSLOG_SIZE_TEST=$(du -s -h /var/log/syslog) 9 8 if [[ "$_SYSLOG_SIZE_TEST" =~ "G" ]] ; then … … echo rotate > /var/log/redis/redis-server.log 24 23 echo rotate > /var/log/mysql/sql-slow-query.log 25 24 if test -f /root/.high_traffic.cnf ; then 26 25 echo rotate > /var/log/nginx/access.log 27 else28 /etc/init.d/php53-fpm reload29 if test -f /etc/init.d/php-fpm ; then30 /etc/init.d/php-fpm reload31 fi32 sleep 833 26 fi 34 27 if test -f /var/run/boa_run.pid ; then 35 28 sleep 1 36 29 else 37 30 rm -f /tmp/*error* 38 31 fi 39 rm -f /var/run/fmp_wait.pid40 32 touch /var/xdrago/log/clear.done 41 33 ###EOF2013### -
aegir/tools/system/conf/lshell.conf
diff --git a/aegir/tools/system/conf/lshell.conf b/aegir/tools/system/conf/lshell.conf index cd59fd0..ed2cda2 100644
a b loglevel : 4 11 11 12 12 [default] 13 13 ## a list of the allowed commands or 'all' to allow all commands in user's PATH 14 allowed : ['bzr', 'cat', 'cd', 'chmod', 'compass', 'cp', 'curl', 'cvs', 'diff', 'drush', 'drush4', 'drush5', 'drush6', 'echo', 'find', 'git', 'git-receive-pack', 'git-upload-pack', 'git-upload-archive', 'grep', 'gzip', 'less', 'lftp', 'll', 'ls', 'm kdir', 'mv', 'mysql', 'mysqldump', 'nano', 'openssl', 'passwd', 'patch', 'ping', 'pwd', 'rm', 'rsync', 'sass', 'sass-convert', 'scp', 'scss', 'sed', 'ssh-keygen', 'svn', 'tar', 'touch', 'unzip', 'vi', 'vim', 'wget', 'sqlmagic']14 allowed : ['bzr', 'cat', 'cd', 'chmod', 'compass', 'cp', 'curl', 'cvs', 'diff', 'drush', 'drush4', 'drush5', 'drush6', 'echo', 'find', 'git', 'git-receive-pack', 'git-upload-pack', 'git-upload-archive', 'grep', 'gzip', 'less', 'lftp', 'll', 'ls', 'mc', 'mkdir', 'mv', 'mysql', 'mysqldump', 'nano', 'openssl', 'passwd', 'patch', 'ping', 'pwd', 'rm', 'rsync', 's3cmd', 'sass', 'sass-convert', 'scp', 'scss', 'sed', 'sqlmagic', 'ssh-keygen', 'svn', 'tar', 'touch', 'unzip', 'vi', 'vim', 'wget'] 15 15 16 16 ## a list of forbidden character or commands 17 17 forbidden : [';', '&', '|', '`', '$(', '${', 'drush cli', 'drush4 cli', 'drush5 cli', 'drush6 cli', 'core-cli', 'php-eval', 'php-script', 'pm-update', 'drush scr', 'drush4 scr', 'drush5 scr', 'drush6 scr', 'self-update', 'selfupdate', 'drush si', 'drush4 si', 'drush5 si', 'drush6 si', 'site-install', 'site-upgrade', 'drush sup', 'drush4 sup', 'drush5 sup', 'drush6 sup', 'drush up', 'drush4 up', 'drush5 up', 'drush6 up', 'updatedb', 'drush upc', 'drush4 upc', 'drush5 upc', 'drush6 upc', 'drush ev', 'drush4 ev', 'drush5 ev', 'drush6 ev', 'hostmaster', 'server_master', 'server_localhost', 'db_server', 'db_passwd', 'master_db', 'hosting_db_server', 'php-cli', 'localhost', '127.0.0.1', '8.8.8.8'] -
aegir/tools/system/graceful.sh
diff --git a/aegir/tools/system/graceful.sh b/aegir/tools/system/graceful.sh index 98e1866..67ef720 100755
a b action() 32 32 rm -f -r /tmp/{drush*,mapshape*} 33 33 rm -f /opt/tomcat6/logs/* 34 34 rm -f /var/log/jetty{7,8,9}/* 35 `killall -9 java`; 36 sleep 2 35 37 if [ -e "/etc/default/tomcat" ] && [ -e "/etc/init.d/tomcat" ] ; then 36 /etc/init.d/tomcat stop37 sleep 338 38 /etc/init.d/tomcat start 39 39 fi 40 40 if [ -e "/etc/default/jetty9" ] && [ -e "/etc/init.d/jetty9" ] ; then 41 /etc/init.d/jetty9 restart41 /etc/init.d/jetty9 start 42 42 fi 43 43 if [ -e "/etc/default/jetty8" ] && [ -e "/etc/init.d/jetty8" ] ; then 44 /etc/init.d/jetty8 restart44 /etc/init.d/jetty8 start 45 45 fi 46 46 if [ -e "/etc/default/jetty7" ] && [ -e "/etc/init.d/jetty7" ] ; then 47 /etc/init.d/jetty7 restart47 /etc/init.d/jetty7 start 48 48 fi 49 49 if test -f /root/.high_traffic.cnf ; then 50 50 true … … action() 53 53 fi 54 54 /etc/init.d/nginx reload 55 55 touch /var/run/fmp_wait.pid 56 /etc/init.d/php-fpm reload 56 if [ -e "/etc/init.d/php-fpm" ] ; then 57 /etc/init.d/php-fpm reload 58 fi 57 59 /etc/init.d/php53-fpm reload 58 60 sleep 8 59 61 rm -f /var/run/fmp_wait.pid -
aegir/tools/system/guest-water.sh
diff --git a/aegir/tools/system/guest-water.sh b/aegir/tools/system/guest-water.sh index ded2ef9..db0c453 100755
a b guard_stats() 20 20 if [[ "$_FW_TEST" =~ "$_IP" ]] ; then 21 21 echo "$_IP already denied or allowed on port 22" 22 22 else 23 echo "Deny $_IP permanently $_NR_TEST" 24 csf -d $_IP Brute force SSH Server $_NR_TEST attacks 23 if [ $_NR_TEST -ge "24" ] ; then 24 echo "Deny $_IP permanently $_NR_TEST" 25 csf -d $_IP do not delete Brute force SSH Server $_NR_TEST attacks 26 else 27 echo "Deny $_IP until limits rotation $_NR_TEST" 28 csf -d $_IP Brute force SSH Server $_NR_TEST attacks 29 fi 25 30 fi 26 31 sleep 1 27 32 fi … … guard_stats() 38 43 if [[ "$_FW_TEST" =~ "$_IP" ]] ; then 39 44 echo "$_IP already denied or allowed on port 80" 40 45 else 41 echo "Deny $_IP permanently $_NR_TEST" 42 csf -d $_IP Brute force Web Server $_NR_TEST attacks 46 if [ $_NR_TEST -ge "24" ] ; then 47 echo "Deny $_IP permanently $_NR_TEST" 48 csf -d $_IP do not delete Brute force Web Server $_NR_TEST attacks 49 else 50 echo "Deny $_IP until limits rotation $_NR_TEST" 51 csf -d $_IP Brute force Web Server $_NR_TEST attacks 52 fi 43 53 fi 44 54 sleep 1 45 55 fi … … guard_stats() 56 66 if [[ "$_FW_TEST" =~ "$_IP" ]] ; then 57 67 echo "$_IP already denied or allowed on port 21" 58 68 else 59 echo "Deny $_IP permanently $_NR_TEST" 60 csf -d $_IP Brute force FTP Server $_NR_TEST attacks 69 if [ $_NR_TEST -ge "24" ] ; then 70 echo "Deny $_IP permanently $_NR_TEST" 71 csf -d $_IP do not delete Brute force FTP Server $_NR_TEST attacks 72 else 73 echo "Deny $_IP until limits rotation $_NR_TEST" 74 csf -d $_IP Brute force FTP Server $_NR_TEST attacks 75 fi 61 76 fi 62 77 sleep 1 63 78 fi … … guard_stats() 74 89 if [[ "$_FW_TEST" =~ "$_IP" ]] ; then 75 90 echo "$_IP already denied or allowed on port 25" 76 91 else 77 echo "Deny $_IP permanently $_NR_TEST" 78 csf -d $_IP Brute force SMTP Server $_NR_TEST attacks 92 if [ $_NR_TEST -ge "24" ] ; then 93 echo "Deny $_IP permanently $_NR_TEST" 94 csf -d $_IP do not delete Brute force SMTP Server $_NR_TEST attacks 95 else 96 echo "Deny $_IP until limits rotation $_NR_TEST" 97 csf -d $_IP Brute force SMTP Server $_NR_TEST attacks 98 fi 79 99 fi 80 100 sleep 1 81 101 fi -
aegir/tools/system/manage_ltd_users.sh
diff --git a/aegir/tools/system/manage_ltd_users.sh b/aegir/tools/system/manage_ltd_users.sh index bf0ff23..5961404 100755
a b _STRONG_PASSWORDS=EDIT_STRONG_PASSWORDS 10 10 # 11 11 # Remove dangerous stuff from the string. 12 12 sanitize_string () { 13 echo "$1" | sed 's/[\ `\#\"\{\(\$\@]//g' | sed 's/\(['"'"'\]\)//g'13 echo "$1" | sed 's/[\\\/\^\?\>\`\#\"\{\(\$\@]//g' | sed 's/\(['"'"'\]\)//g' 14 14 } 15 15 # 16 16 # Add ltd-shell group if not exists. … … ok_create_user() 94 94 if [ ! -d "$_USER_LTD_ROOT" ] ; then 95 95 useradd -d $_USER_LTD_ROOT -s /usr/bin/lshell -m -N -r $_USER_LTD 96 96 adduser $_USER_LTD $_WEBG 97 touch $_TMP/$_USER_LTD.txt98 chmod 0600 $_TMP/$_USER_LTD.txt99 97 _ESC_LUPASS="" 100 98 _LEN_LUPASS=0 101 99 if [ "$_STRONG_PASSWORDS" = "YES" ] ; then … … ok_create_user() 108 106 _ESC_LUPASS=`echo -n $_ESC_LUPASS | tr -d "\n"` 109 107 _ESC_LUPASS=`sanitize_string "$_ESC_LUPASS"` 110 108 fi 111 echo "$_ESC_LUPASS" > $_TMP/$_USER_LTD.txt 112 ph=$(makepasswd --clearfrom=$_TMP/$_USER_LTD.txt --crypt-md5 --verbose | grep "=" | cut -d= -f3 | awk '{ print $1}') 109 ph=$(mkpasswd -m sha-512 $_ESC_LUPASS $(openssl rand -base64 16 | tr -d '+=' | head -c 16)) 113 110 usermod -p $ph $_USER_LTD 114 111 passwd -w 7 -x 90 $_USER_LTD 115 112 usermod -aG lshellg $_USER_LTD 116 113 usermod -aG ltd-shell $_USER_LTD 117 114 fi 118 if [ ! -e "/home/$_ADMIN/users/$_USER_LTD" ] ; then 119 PXSWD=`cat $_TMP/$_USER_LTD.txt` 120 PASWD=`echo -n $PXSWD | tr -d "\n"` 115 if [ ! -e "/home/$_ADMIN/users/$_USER_LTD" ] && [ ! -z "$_ESC_LUPASS" ] ; then 121 116 chsh -s /usr/bin/lshell $_USER_LTD 122 117 echo >> $_THIS_LTD_CONF 123 118 echo "[$_USER_LTD]" >> $_THIS_LTD_CONF … … ok_create_user() 125 120 ln -s $Client $_USER_LTD_ROOT/sites 126 121 chmod 700 $_USER_LTD_ROOT 127 122 mkdir -p /home/$_ADMIN/users 128 echo "$ PASWD" > /home/$_ADMIN/users/$_USER_LTD123 echo "$_ESC_LUPASS" > /home/$_ADMIN/users/$_USER_LTD 129 124 fi 130 125 fix_dot_dirs 131 126 rm -f $_USER_LTD_ROOT/{.profile,.bash_logout,.bashrc} … … else 271 266 sleep 1 272 267 find /var/backups/ltd/*/* -mtime +1 -type f -exec rm -rf {} \; 273 268 rm -f $_TMP/*.txt 274 chmod 700 /home/* &> /dev/null 269 if [ ! -e "/root/.home.no.wildcard.chmod.cnf" ] ; then 270 chmod 700 /home/* &> /dev/null 271 fi 275 272 fi 276 273 ###EOF2013### -
aegir/tools/system/minute.sh
diff --git a/aegir/tools/system/minute.sh b/aegir/tools/system/minute.sh index a7ebb8a..0546ff0 100755
a b 3 3 SHELL=/bin/bash 4 4 PATH=/usr/local/sbin:/usr/local/bin:/opt/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 5 5 6 perl /var/xdrago/monitor/check/hackcheck7 perl /var/xdrago/monitor/check/scan_nginx8 perl /var/xdrago/monitor/check/locked9 perl /var/xdrago/monitor/check/hackftp10 perl /var/xdrago/monitor/check/hackmail11 12 6 if test -f /root/.high_traffic.cnf ; then 13 7 true 14 8 else … … sleep 10 67 61 68 62 action 69 63 echo watcher 6 64 sleep 5 65 perl /var/xdrago/monitor/check/escapecheck 66 perl /var/xdrago/monitor/check/hackcheck 67 perl /var/xdrago/monitor/check/hackftp 68 perl /var/xdrago/monitor/check/hackmail 69 perl /var/xdrago/monitor/check/scan_nginx 70 perl /var/xdrago/monitor/check/locked 70 71 perl /var/xdrago/monitor/check/sqlcheck 71 72 echo DONE! 72 73 ###EOF2013### -
new file aegir/tools/system/monitor/check/escapecheck
diff --git a/aegir/tools/system/monitor/check/escapecheck b/aegir/tools/system/monitor/check/escapecheck new file mode 100755 index 0000000..833baae
- + 1 #!/usr/bin/perl 2 3 $| = 1; 4 $status="CLEAN"; 5 $server=`uname -n`; 6 chomp($server); 7 $date_is=`date +%Y-%m-%d`; 8 chomp($date_is); 9 $time_is=`date +%H:%M`; 10 chomp($time_is); 11 $now_is="$date_is $time_is"; 12 chomp($now_is); 13 $logfile="/var/xdrago/log/last-shell-escape-log"; 14 `rm -f $logfile`; 15 &makeactions; 16 if ($status ne "CLEAN") { 17 $mailx_test = `mail -V 2>&1`; 18 if ($mailx_test =~ /(invalid)/i) { 19 if ($status ne "CLEAN") { 20 `cat $logfile | mail -a "From: notify\@omega8.cc" -e -s "Shell Escape Alert [$server] $now_is" notify\@omega8.cc`; 21 } 22 } 23 else { 24 if ($status ne "CLEAN") { 25 `cat $logfile | mail -r notify\@omega8.cc -e -s "Shell Escape Alert [$server] $now_is" notify\@omega8.cc`; 26 } 27 } 28 } 29 exit; 30 31 ############################################################################# 32 sub makeactions 33 { 34 local(@MYARR) = `grep -i forbidden /var/log/lsh/* | tail --lines=999 2>&1`; 35 foreach $line (@MYARR) { 36 if ($line =~ /(Forbidden path)/i || ($line =~ /(forbidden shell escape)/i && $line !~ /exit/i)) { 37 local($DATEQ, $TIMEQ, $rest) = split(/\s+/,$line); 38 chomp($line); 39 local($TIMEX, $rest) = split(/\,/,$TIMEQ); 40 chomp($DATEQ); 41 chomp($TIMEX); 42 $TIMEX =~ s/[^0-9\:]//g; 43 if ($TIMEX =~ /^[0-9]/) { 44 local($HOUR, $MIN, $SEC) = split(/:/,$TIMEX); 45 $log_is="$DATEQ $HOUR:$MIN"; 46 if ($now_is eq $log_is) { 47 $status="ERROR"; 48 `echo "$line" >> $logfile`; 49 print "===[$now_is]\t[$log_is]\t[$line]===\n"; 50 `echo "[$now_is]:[$log_is]:[$line]" >> /var/xdrago/log/last-shell-escape-y-problem`; 51 } 52 # else { 53 # `echo "[$now_is]:[$log_is]" >> /var/xdrago/log/last-shell-escape-n-problem`; 54 # } 55 } 56 } 57 } 58 } 59 ###EOF2013### -
aegir/tools/system/monitor/check/hackcheck
diff --git a/aegir/tools/system/monitor/check/hackcheck b/aegir/tools/system/monitor/check/hackcheck index 120da6a..fec4fc9 100755
a b $| = 1; 8 8 $this_filename = "hackcheck"; 9 9 $times = `date +%y%m%d-%H%M%S`; 10 10 chomp($times); 11 $now_is=`date +%b:%d:%H:%M`; 12 chomp($now_is); 13 $timestamp="OLD"; 11 14 &makeactions; 12 15 print "CONTROL complete\n"; 13 16 exit; … … sub makeactions 25 28 local($sumar,$maxnumber); 26 29 foreach $line (@MYARR) { 27 30 if ($line =~ /(Failed password for root)/i) { 28 local($a, $b, $c, $d, $e, $f, $g, $h, $i, $j, $VISITOR, $rest) = split(/\s+/,$line); 29 $VISITOR =~ s/[^0-9\.]//g; 30 if ($VISITOR =~ /^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$/) { 31 chomp($line); 32 $li_cnt{$VISITOR}++; 31 &verify_timestamp; 32 if ($timestamp eq "NEW") { 33 local($a, $b, $c, $d, $e, $f, $g, $h, $i, $j, $VISITOR, $rest) = split(/\s+/,$line); 34 $VISITOR =~ s/[^0-9\.]//g; 35 if ($VISITOR =~ /^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$/) { 36 chomp($line); 37 $li_cnt{$VISITOR}++; 38 } 33 39 } 34 40 } 35 41 elsif ($line =~ /(Failed password for invalid user)/i) { 36 local($a, $b, $c, $d, $e, $f, $g, $h, $i, $j, $k, $l, $VISITOR, $rest) = split(/\s+/,$line); 37 $VISITOR =~ s/[^0-9\.]//g; 38 if ($VISITOR =~ /^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$/) { 39 chomp($line); 40 $li_cnt{$VISITOR}++; 42 &verify_timestamp; 43 if ($timestamp eq "NEW") { 44 local($a, $b, $c, $d, $e, $f, $g, $h, $i, $j, $k, $l, $VISITOR, $rest) = split(/\s+/,$line); 45 $VISITOR =~ s/[^0-9\.]//g; 46 if ($VISITOR =~ /^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$/) { 47 chomp($line); 48 $li_cnt{$VISITOR}++; 49 } 41 50 } 42 51 } 43 52 elsif ($line =~ /(Failed password for)/i && $line !~ /(invalid user)/i) { 44 local($a, $b, $c, $d, $e, $f, $g, $h, $i, $j, $VISITOR, $rest) = split(/\s+/,$line); 45 $VISITOR =~ s/[^0-9\.]//g; 46 if ($VISITOR =~ /^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$/) { 47 chomp($line); 48 $li_cnt{$VISITOR}++; 53 &verify_timestamp; 54 if ($timestamp eq "NEW") { 55 local($a, $b, $c, $d, $e, $f, $g, $h, $i, $j, $VISITOR, $rest) = split(/\s+/,$line); 56 $VISITOR =~ s/[^0-9\.]//g; 57 if ($VISITOR =~ /^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$/) { 58 chomp($line); 59 $li_cnt{$VISITOR}++; 60 } 49 61 } 50 62 } 51 63 } … … sub makeactions 70 82 } 71 83 72 84 ############################################################################# 85 sub verify_timestamp 86 { 87 local($MONTX, $DAYX, $TIMEX, $rest) = split(/\s+/,$line); 88 if ($DAYX =~ /^\s+/) { 89 $DAYX =~ s/[^0-9]//g; 90 } 91 if ($DAYX !~ /^0/ && $DAYX !~ /[0-9]{2}/) { 92 $DAYX = "0$DAYX"; 93 } 94 chomp($TIMEX); 95 $TIMEX =~ s/[^0-9\:]//g; 96 if ($TIMEX =~ /^[0-9]/) { 97 local($HOUR, $MIN, $SEC) = split(/:/,$TIMEX); 98 $log_is="$MONTX:$DAYX:$HOUR:$MIN"; 99 if ($now_is eq $log_is) { 100 $timestamp="NEW"; 101 chomp($line); 102 print "===NEW\t[$now_is]\t[$log_is]\t[$line]===\n"; 103 } 104 else { 105 chomp($line); 106 print "===OLD\t[$now_is]\t[$log_is]\t[$line]===\n"; 107 } 108 } 109 } 110 111 ############################################################################# 73 112 sub check_ip 74 113 { 75 114 local($IP) = @_; -
aegir/tools/system/monitor/check/hackftp
diff --git a/aegir/tools/system/monitor/check/hackftp b/aegir/tools/system/monitor/check/hackftp index 0676ab5..53fade0 100755
a b $| = 1; 8 8 $this_filename = "hackftp"; 9 9 $times = `date +%y%m%d-%H%M%S`; 10 10 chomp($times); 11 $now_is=`date +%b:%d:%H:%M`; 12 chomp($now_is); 13 $timestamp="OLD"; 11 14 &makeactions; 12 15 print "CONTROL complete\n"; 13 16 exit; … … sub makeactions 25 28 local($sumar,$maxnumber); 26 29 foreach $line (@MYARR) { 27 30 if ($line =~ /(Authentication failed for user)/i || $line =~ /(Sorry, cleartext sessions are not accepted)/i) { 28 local($a, $b, $c, $d, $e, $VISITORX, $rest) = split(/\s+/,$line); 29 chomp($VISITORX); 30 local($a, $VISITOR) = split(/\@/,$VISITORX); 31 $VISITOR =~ s/[^0-9\.]//g; 32 if ($VISITOR =~ /^[0-9]/) { 33 chomp($line); 34 $li_cnt{$VISITOR}++; 31 &verify_timestamp; 32 if ($timestamp eq "NEW") { 33 local($a, $b, $c, $d, $e, $VISITORX, $rest) = split(/\s+/,$line); 34 chomp($VISITORX); 35 local($a, $VISITOR) = split(/\@/,$VISITORX); 36 $VISITOR =~ s/[^0-9\.]//g; 37 if ($VISITOR =~ /^[0-9]/) { 38 chomp($line); 39 $li_cnt{$VISITOR}++; 40 } 35 41 } 36 42 } 37 43 } … … sub makeactions 56 62 } 57 63 58 64 ############################################################################# 65 sub verify_timestamp 66 { 67 local($MONTX, $DAYX, $TIMEX, $rest) = split(/\s+/,$line); 68 if ($DAYX =~ /^\s+/) { 69 $DAYX =~ s/[^0-9]//g; 70 } 71 if ($DAYX !~ /^0/ && $DAYX !~ /[0-9]{2}/) { 72 $DAYX = "0$DAYX"; 73 } 74 chomp($TIMEX); 75 $TIMEX =~ s/[^0-9\:]//g; 76 if ($TIMEX =~ /^[0-9]/) { 77 local($HOUR, $MIN, $SEC) = split(/:/,$TIMEX); 78 $log_is="$MONTX:$DAYX:$HOUR:$MIN"; 79 if ($now_is eq $log_is) { 80 $timestamp="NEW"; 81 chomp($line); 82 print "===NEW\t[$now_is]\t[$log_is]\t[$line]===\n"; 83 } 84 else { 85 chomp($line); 86 print "===OLD\t[$now_is]\t[$log_is]\t[$line]===\n"; 87 } 88 } 89 } 90 91 ############################################################################# 59 92 sub check_ip 60 93 { 61 94 local($IP) = @_; -
aegir/tools/system/monitor/check/hackmail
diff --git a/aegir/tools/system/monitor/check/hackmail b/aegir/tools/system/monitor/check/hackmail index b900aa0..05ebf33 100755
a b $| = 1; 8 8 $this_filename = "hackmail"; 9 9 $times = `date +%y%m%d-%H%M%S`; 10 10 chomp($times); 11 $now_is=`date +%b:%d:%H:%M`; 12 chomp($now_is); 13 $timestamp="OLD"; 11 14 &makeactions; 12 15 print "CONTROL complete\n"; 13 16 exit; … … sub makeactions 25 28 local($sumar,$maxnumber); 26 29 foreach $line (@MYARR) { 27 30 if ($line =~ /(Failed)|(identification)|(authentication)/i) { 28 local($a, $b, $c, $d, $e, $f, $VISITORX, $rest) = split(/\s+/,$line) if ($line =~ /(failure)/i); 29 chomp($VISITORX); 30 local($a, $VISITOR) = split(/\[/,$VISITORX); 31 $VISITOR =~ s/[^0-9\.]//g; 32 if ($VISITOR =~ /^[0-9]/) { 33 chomp($line); 34 $li_cnt{$VISITOR}++; 31 &verify_timestamp; 32 if ($timestamp eq "NEW") { 33 local($a, $b, $c, $d, $e, $f, $VISITORX, $rest) = split(/\s+/,$line) if ($line =~ /(failure)/i); 34 chomp($VISITORX); 35 local($a, $VISITOR) = split(/\[/,$VISITORX); 36 $VISITOR =~ s/[^0-9\.]//g; 37 if ($VISITOR =~ /^[0-9]/) { 38 chomp($line); 39 $li_cnt{$VISITOR}++; 40 } 35 41 } 36 42 } 37 43 } … … sub makeactions 56 62 } 57 63 58 64 ############################################################################# 65 sub verify_timestamp 66 { 67 local($MONTX, $DAYX, $TIMEX, $rest) = split(/\s+/,$line); 68 if ($DAYX =~ /^\s+/) { 69 $DAYX =~ s/[^0-9]//g; 70 } 71 if ($DAYX !~ /^0/ && $DAYX !~ /[0-9]{2}/) { 72 $DAYX = "0$DAYX"; 73 } 74 chomp($TIMEX); 75 $TIMEX =~ s/[^0-9\:]//g; 76 if ($TIMEX =~ /^[0-9]/) { 77 local($HOUR, $MIN, $SEC) = split(/:/,$TIMEX); 78 $log_is="$MONTX:$DAYX:$HOUR:$MIN"; 79 if ($now_is eq $log_is) { 80 $timestamp="NEW"; 81 chomp($line); 82 print "===NEW\t[$now_is]\t[$log_is]\t[$line]===\n"; 83 } 84 else { 85 chomp($line); 86 print "===OLD\t[$now_is]\t[$log_is]\t[$line]===\n"; 87 } 88 } 89 } 90 91 ############################################################################# 59 92 sub check_ip 60 93 { 61 94 local($IP) = @_; -
aegir/tools/system/monitor/check/locked
diff --git a/aegir/tools/system/monitor/check/locked b/aegir/tools/system/monitor/check/locked index 9f446d9..a587433 100755
a b if ($fpm_status ne "CLEAN") { 15 15 sleep(2); 16 16 } 17 17 if ($java_status ne "CLEAN") { 18 `killall -9 java`; 19 sleep(2); 18 20 if (-f "/etc/default/jetty9" && -f "/etc/init.d/jetty9") { 19 `/etc/init.d/jetty9 restart`;21 `/etc/init.d/jetty9 start`; 20 22 } 21 23 if (-f "/etc/default/jetty8" && -f "/etc/init.d/jetty8") { 22 `/etc/init.d/jetty8 restart`;24 `/etc/init.d/jetty8 start`; 23 25 } 24 26 if (-f "/etc/default/jetty7" && -f "/etc/init.d/jetty7") { 25 `/etc/init.d/jetty7 restart`;27 `/etc/init.d/jetty7 start`; 26 28 } 27 29 if (-f "/etc/default/tomcat" && -f "/etc/init.d/tomcat") { 28 `killall -9 java`;29 sleep(2);30 30 `/etc/init.d/tomcat start`; 31 31 } 32 32 } … … local(@MYARR) = `grep " 499 0 " /var/log/nginx/access.log | tail --lines=999 2>& 59 59 $log_is="$MONTX:$DAYX:$HOUR:$MIN"; 60 60 if ($now_is eq $log_is) { 61 61 $fpm_status="ERROR"; 62 print " \n===[$now_is]\t[$log_is]===";62 print "===[$now_is]\t[$log_is]===\n"; 63 63 `echo "[$now_is]:[$log_is]" >> /var/xdrago/log/last-fpmcheck-y-problem`; 64 64 } 65 65 # else { … … local(@MYARR) = `grep "Apache Solr" /var/log/syslog | tail --lines=999 2>&1`; 89 89 $log_is="$MONTX:$DAYX:$HOUR:$MIN"; 90 90 if ($now_is eq $log_is) { 91 91 $java_status="ERROR"; 92 print " \n===[$now_is]\t[$log_is]===";92 print "===[$now_is]\t[$log_is]===\n"; 93 93 `echo "[$now_is]:[$log_is]" >> /var/xdrago/log/last-javacheck-y-problem`; 94 94 } 95 95 # else { -
aegir/tools/system/monitor/check/scan_nginx
diff --git a/aegir/tools/system/monitor/check/scan_nginx b/aegir/tools/system/monitor/check/scan_nginx index 635c316..a795cc7 100755
a b sub makeactions 118 118 &check_who($VISITOR); 119 119 $critnumber = 399 if ($isloggedin); ### don't block logged in users 120 120 $critnumber = 888 if ($VISITOR =~ /^($myip)$/); ### don't block own IP 121 print " \n===[$isloggedin] $VISITOR is logged in===" if ($isloggedin);122 print " \n===[$critnumber] critnumber for $VISITOR===" if ($VISITOR);121 print "===[$isloggedin] $VISITOR is logged in===\n" if ($isloggedin); 122 print "===[$critnumber] critnumber for $VISITOR===\n" if ($VISITOR); 123 123 local($blocked) = 0; 124 124 &check_ip($VISITOR); 125 125 if ($thissumar > $critnumber) { … … sub makeactions 141 141 &check_who($PROXY); 142 142 $critnumber = 399 if ($isloggedin); ### don't block logged in users 143 143 $critnumber = 888 if ($PROXY =~ /^($myip)$/); ### don't block own IP 144 print " \n===[$isloggedin] $PROXY is logged in===" if ($isloggedin);145 print " \n===[$critnumber] critnumber for $PROXY===" if ($PROXY);144 print "===[$isloggedin] $PROXY is logged in===\n" if ($isloggedin); 145 print "===[$critnumber] critnumber for $PROXY===\n" if ($PROXY); 146 146 local($blocked) = 0; 147 147 &check_ip($PROXY); 148 148 if ($thissumarpx > $critnumber) { … … sub makeactions 165 165 $critnumber = $critnumber - 50 if ($critnumber > 250); 166 166 $critnumber = 399 if ($isloggedin); ### don't block logged in users 167 167 $critnumber = 888 if ($VISITOR =~ /^($myip)$/); ### don't block own IP 168 print " \n===[$isloggedin] $VISITOR is logged in===" if ($isloggedin);169 print " \n===[$critnumber] critnumber for $VISITOR===" if ($VISITOR);168 print "===[$isloggedin] $VISITOR is logged in===\n" if ($isloggedin); 169 print "===[$critnumber] critnumber for $VISITOR===\n" if ($VISITOR); 170 170 local($blocked) = 0; 171 171 &check_ip($VISITOR); 172 172 if ($thisim_sumar > $critnumber) { … … sub makeactions 189 189 $critnumber = $critnumber - 50 if ($critnumber > 250); 190 190 $critnumber = 399 if ($isloggedin); ### don't block logged in users 191 191 $critnumber = 888 if ($PROXY =~ /^($myip)$/); ### don't block own IP 192 print " \n===[$isloggedin] $PROXY is logged in===" if ($isloggedin);193 print " \n===[$critnumber] critnumber for $PROXY===" if ($PROXY);192 print "===[$isloggedin] $PROXY is logged in===\n" if ($isloggedin); 193 print "===[$critnumber] critnumber for $PROXY===\n" if ($PROXY); 194 194 local($blocked) = 0; 195 195 &check_ip($PROXY); 196 196 if ($thisim_sumarpx > $critnumber) { … … sub makeactions 204 204 } 205 205 } 206 206 } 207 print " \n===[$sumar] sumar===";208 print " \n===[$sumarpx] sumarpx===";209 print " \n===[$im_sumar] im_sumar===";210 print " \n===[$im_sumarpx] im_sumarpx===\n";207 print "===[$sumar] sumar===\n"; 208 print "===[$sumarpx] sumarpx===\n"; 209 print "===[$im_sumar] im_sumar===\n"; 210 print "===[$im_sumarpx] im_sumarpx===\n"; 211 211 undef (%li_cnt); 212 212 undef (%px_cnt); 213 213 undef (%im_li_cnt); -
aegir/tools/system/monitor/check/sqlcheck
diff --git a/aegir/tools/system/monitor/check/sqlcheck b/aegir/tools/system/monitor/check/sqlcheck index 2453479..0ad143a 100755
a b local(@MYARR) = `grep mysql /var/log/syslog | tail --lines=999 2>&1`; 34 34 $log_is="$MONTX:$DAYX:$HOUR:$MIN"; 35 35 if ($now_is eq $log_is) { 36 36 $status="ERROR"; 37 print " \n===[$now_is]\t[$log_is]===";37 print "===[$now_is]\t[$log_is]===\n"; 38 38 `echo "[$now_is]:[$log_is]" >> /var/xdrago/log/last-sqlcheck-y-problem`; 39 39 } 40 40 # else { -
aegir/tools/system/proc_num_ctrl.cgi
diff --git a/aegir/tools/system/proc_num_ctrl.cgi b/aegir/tools/system/proc_num_ctrl.cgi index 8b5a010..db1110a 100755
a b 5 5 ### 6 6 `/etc/init.d/postfix restart` if (!-f "/var/spool/postfix/pid/master.pid"); 7 7 `/etc/init.d/redis-server start` if (!-f "/var/run/redis.pid"); 8 &mysqld_action; 8 9 &global_action; 9 10 foreach $USER (sort keys %li_cnt) { 10 11 print " $li_cnt{$USER}\t$USER\n"; … … if (-e "/usr/sbin/pdnsd" && !$pdnsdsumar) { 55 56 `/etc/init.d/pdnsd stop; rm -f /var/cache/pdnsd/pdnsd.cache; /etc/init.d/pdnsd start`; 56 57 `/etc/init.d/pdnsd stop; rm -f /var/cache/pdnsd/pdnsd.cache; /etc/init.d/pdnsd start`; 57 58 } 58 if ( !$mysqlsumar || $mysqlsumar > 150) {59 if ((!$mysqlsumar || $mysqlsumar > 150) && !-f "/var/xdrago/log/mysql_restart_running.pid") { 59 60 `bash /var/xdrago/move_sql.sh`; 60 61 } 61 62 if (!$redissumar && (-f "/etc/init.d/redis-server" || -f "/etc/init.d/redis")) { … … if (-f "/usr/local/sbin/pure-config.pl") { 77 78 `/usr/local/sbin/pure-config.pl /usr/local/etc/pure-ftpd.conf` if (!$ftpsumar); 78 79 } 79 80 if ($mysqlsumar > 0) { 80 $resultmysql5 = ` /usr/bin/mysqladmin flush-hosts 2>&1`;81 $resultmysql5 = `mysqladmin flush-hosts 2>&1`; 81 82 print "\n MySQL hosts flushed...\n"; 82 83 } 83 84 if ($dhcpcdlives) { … … sub global_action 119 120 } 120 121 } 121 122 123 if ($PID ne "PID" && $COMMAND =~ /^(\|)/ && $B =~ /^(\\)/ && $TIME =~ /[3-9]:/ && $K =~ /php/ && $X =~ /drush/ && $Z =~ /cron/) 124 { 125 `kill -9 $PID`; 126 $timedate=`date +%y%m%d-%H%M`; 127 chomp($timedate); 128 `echo "$timedate $K $TIME $STAT $START $X $Y" >> /var/xdrago/log/php-cli.kill.log`; 129 } 130 122 131 if ($PID ne "PID" && $COMMAND =~ /^(\\)/ && $TIME =~ /2:/ && $B =~ /php/ && $K =~ /drush/ && $Y =~ /cron/) 123 132 { 124 133 $timedate=`date +%y%m%d-%H%M`; 125 134 chomp($timedate); 126 `echo "$timedate $K $TIME $STAT $X $Y" >> /var/xdrago/log/php-cli.watch.log`; 135 `echo "$timedate $K $TIME $STAT $START $X $Y" >> /var/xdrago/log/php-cli.watch.log`; 136 } 137 elsif ($PID ne "PID" && $COMMAND =~ /^(\\)/ && $TIME =~ /[3-9]:/ && $B =~ /php/ && $K =~ /drush/ && $Y =~ /cron/) 138 { 139 `kill -9 $PID`; 140 $timedate=`date +%y%m%d-%H%M`; 141 chomp($timedate); 142 `echo "$timedate $K $TIME $STAT $START $X $Y" >> /var/xdrago/log/php-cli.kill.log`; 127 143 } 128 elsif ($PID ne "PID" && $COMMAND =~ /^(\\)/ && $ TIME =~ /3:/ && $B =~ /php/ && $K =~ /drush/ && $Y =~ /cron/)144 elsif ($PID ne "PID" && $COMMAND =~ /^(\\)/ && $START =~ /[A-Z]/ && $B =~ /php/) 129 145 { 130 146 `kill -9 $PID`; 131 147 $timedate=`date +%y%m%d-%H%M`; 132 148 chomp($timedate); 133 `echo "$timedate $K $TIME $STAT $ X $Y" >> /var/xdrago/log/php-cli.kill.log`;149 `echo "$timedate $K $TIME $STAT $START $X $Y" >> /var/xdrago/log/php-cli.kill.log`; 134 150 } 135 151 136 if ($PID ne "PID" && $USER =~ /(tomcat|jetty)/ && $COMMAND =~ /java/ && ($ TIME !~ /^[0-1]{1}:/ || ($TIME !~ /^0:/ && $CPU > 10)))152 if ($PID ne "PID" && $USER =~ /(tomcat|jetty)/ && $COMMAND =~ /java/ && ($STAT =~ /R/ || $TIME !~ /^[0-5]{1}:/)) 137 153 { 138 154 `kill -9 $PID`; 139 155 $timedate=`date +%y%m%d-%H%M`; 140 156 chomp($timedate); 141 `echo "$timedate $TIME $CPU $MEM $STAT $ USER" >> /var/xdrago/log/tomcat-jetty-java.kill.log`;157 `echo "$timedate $TIME $CPU $MEM $STAT $START $USER" >> /var/xdrago/log/tomcat-jetty-java.kill.log`; 142 158 } 143 159 144 160 if ($PID ne "PID" && $COMMAND !~ /^(\\)/ && $COMMAND !~ /^(\|)/) … … sub global_action 161 177 } 162 178 } 163 179 } 180 ############################################################################# 181 sub mysqld_action 182 { 183 local($PROCS) = `grep -c processor /proc/cpuinfo`; 184 chomp($PROCS); 185 $MAXCPU = $PROCS."00"; 186 if ($PROCS > 4) 187 { 188 $MAXCPU = 400; 189 } 190 $MAXCPU = $MAXCPU - 50; 191 local(@SQLARR) = `top -n 1 | grep mysqld 2>&1`; 192 foreach $line (@SQLARR) { 193 if ($line !~ /mysqld_safe/) 194 { 195 local($NONE, $PID, $USER, $PR, $NI, $VIRT, $RES, $SHR, $S, $CPU, $MEM, $TIME, $COMMAND) = split(/\s+/,$line); 196 if (!-f "/var/xdrago/log/mysql_restart_running.pid" && !-f "/var/run/boa_wait.pid") { 197 if ($USER =~ /mysql/ && $COMMAND =~ /mysqld/) 198 { 199 if ($CPU > $MAXCPU) 200 { 201 `bash /var/xdrago/move_sql.sh`; 202 $timedate=`date +%y%m%d-%H%M`; 203 chomp($timedate); 204 `echo $timedate >> /var/xdrago/log/mysql.forced.restart.log`; 205 print "B LINE is $line"; 206 } 207 else { 208 print "C LINE is $line"; 209 } 210 } 211 } 212 } 213 } 214 } 164 215 ###EOF2013### -
aegir/tools/system/second.sh
diff --git a/aegir/tools/system/second.sh b/aegir/tools/system/second.sh index 8dcb2e1..271345b 100755
a b control() 40 40 { 41 41 ONEX_LOAD=`awk '{print $1*100}' /proc/loadavg` 42 42 FIVX_LOAD=`awk '{print $2*100}' /proc/loadavg` 43 CTL_ONEX_SPIDER_LOAD= 50044 CTL_FIVX_SPIDER_LOAD= 50043 CTL_ONEX_SPIDER_LOAD=388 44 CTL_FIVX_SPIDER_LOAD=388 45 45 CTL_ONEX_LOAD=1444 46 46 CTL_FIVX_LOAD=888 47 47 CTL_ONEX_LOAD_CRIT=1888 -
aegir/tools/system/usage.sh
diff --git a/aegir/tools/system/usage.sh b/aegir/tools/system/usage.sh index e0f03c8..f76c77f 100755
a b PATH=/usr/local/sbin:/usr/local/bin:/opt/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 25 25 ### 26 26 _PERMISSIONS=YES 27 27 _MODULES=YES 28 _MODULES_ON_SEVEN="syslog robotstxt entitycache" 29 _MODULES_ON_SIX="syslog path_alias_cache robotstxt" 30 _MODULES_OFF_SEVEN="dblog l10n_update devel performance" 31 _MODULES_OFF_SIX="cache dblog l10n_update devel performance poormanscron supercron css_gzip javascript_aggregator cookie_cache_bypass" 28 _MODULES_ON_SEVEN="robotstxt" 29 _MODULES_ON_SIX="path_alias_cache robotstxt" 30 _MODULES_OFF_SEVEN="syslog dblog l10n_update devel performance" 31 _MODULES_OFF_LESS_SEVEN="syslog dblog l10n_update performance devel" 32 _MODULES_OFF_SIX="syslog cache dblog l10n_update poormanscron supercron css_gzip javascript_aggregator cookie_cache_bypass devel performance" 32 33 33 34 34 35 ###-------------SYSTEM-----------------### … … if [ "$_MODULES" = "YES" ] ; then 189 190 su -s /bin/bash $_THIS_HM_USER -c "drush en $_MODULES_ON_SIX -y &> /dev/null" 190 191 su -s /bin/bash $_THIS_HM_USER -c "drush sqlq \"UPDATE system SET weight = '-1' WHERE type = 'module' AND name = 'path_alias_cache'\" &> /dev/null" 191 192 elif [ -e "$Plr/modules/o_contrib_seven" ] ; then 192 su -s /bin/bash $_THIS_HM_USER -c "drush dis $_MODULES_OFF_SEVEN -y &> /dev/null" 193 if [ -e "$Plr/profiles/panopoly" ] || [ -e "$Plr/profiles/martplug" ] ; then 194 su -s /bin/bash $_THIS_HM_USER -c "drush dis $_MODULES_OFF_LESS_SEVEN -y &> /dev/null" 195 else 196 su -s /bin/bash $_THIS_HM_USER -c "drush dis $_MODULES_OFF_SEVEN -y &> /dev/null" 197 fi 198 if [ ! -e "$Plr/sites/all/modules/entitycache_dont_enable.info" ] ; then 199 su -s /bin/bash $_THIS_HM_USER -c "drush en entitycache -y &> /dev/null" 200 fi 193 201 su -s /bin/bash $_THIS_HM_USER -c "drush en $_MODULES_ON_SEVEN -y &> /dev/null" 194 202 fi 195 203 fi … … if [ "$_PERMISSIONS" = "YES" ] ; then 220 228 esac 221 229 ### modules,themes,libraries - platform level 222 230 if [ ! -f "$Plr/sites/all/permissions-fix-$_NOW.info" ] ; then 223 chown $_THIS_HM_USER:users $Plr/sites/all/{modules,themes,libraries} &> /dev/null231 mkdir -p $Plr/sites/all/{modules,themes,libraries} 224 232 chown -R $_THIS_HM_USER.ftp:users $Plr/sites/all/{modules,themes,libraries}/* &> /dev/null 233 chown $_THIS_HM_USER:users $Plr/drushrc.php $Plr/sites $Plr/sites/all $Plr/sites/all/{modules,themes,libraries} &> /dev/null 225 234 find $Plr/sites/all/{modules,themes,libraries} -type d -exec chmod 02775 {} \; &> /dev/null 226 235 find $Plr/sites/all/{modules,themes,libraries} -type f -exec chmod 0664 {} \; &> /dev/null 227 236 ### known exceptions … … if [ "$_PERMISSIONS" = "YES" ] ; then 231 240 echo fixed > $Plr/sites/all/permissions-fix-$_NOW.info 232 241 fi 233 242 ### modules,themes,libraries - site level 234 chown $_THIS_HM_USER:users $Dir/{modules,themes,libraries} &> /dev/null235 243 chown -R $_THIS_HM_USER.ftp:users $Dir/{modules,themes,libraries}/* &> /dev/null 244 chown $_THIS_HM_USER:users $Dir/drushrc.php $Dir/{modules,themes,libraries} &> /dev/null 236 245 find $Dir/{modules,themes,libraries} -type d -exec chmod 02775 {} \; &> /dev/null 237 246 find $Dir/{modules,themes,libraries} -type f -exec chmod 0664 {} \; &> /dev/null 238 247 ### files - site level … … else 532 541 action >/var/xdrago/log/usage/usage-$_NOW.log 2>&1 533 542 fi 534 543 # 544 echo "INFO: Removing old permissions-fix-* files..." 535 545 find /data/disk/*/distro/*/*/sites/all/permissions-fix-* -mtime +1 -type f -exec rm -rf {} \; 536 546 find /data/disk/*/static/*/sites/all/permissions-fix-* -mtime +1 -type f -exec rm -rf {} \; 537 547 find /data/disk/*/static/*/*/sites/all/permissions-fix-* -mtime +1 -type f -exec rm -rf {} \; … … find /data/disk/*/static/*/*/*/sites/all/permissions-fix-* -mtime +1 -type f -ex 540 550 ###--------------------### 541 551 echo "INFO: Checking BARRACUDA version..." 542 552 cd /opt/tmp 543 wget -q -U iCab http://drupalcode.org/project/barracuda.git/blob_plain/HEAD:/aegir/conf/ version.txt544 if [ -e "/opt/tmp/ version.txt" ] ; then545 _INSTALLER_VERSION=`cat /opt/tmp/ version.txt`546 _VERSIONS_TEST=`cat /var/ aegir/config/includes/barracuda_log.txt`553 wget -q -U iCab http://drupalcode.org/project/barracuda.git/blob_plain/HEAD:/aegir/conf/barracuda-version.txt 554 if [ -e "/opt/tmp/barracuda-version.txt" ] ; then 555 _INSTALLER_VERSION=`cat /opt/tmp/barracuda-version.txt` 556 _VERSIONS_TEST=`cat /var/log/barracuda_log.txt` 547 557 if [[ "$_VERSIONS_TEST" =~ "$_INSTALLER_VERSION" ]] ; then 548 558 _VERSIONS_TEST_RESULT=OK 549 559 echo "INFO: Version test result: OK" … … EOF 564 574 echo "INFO: Update notice sent: OK" 565 575 fi 566 576 fi 577 # 578 if [ ! -f "/data/all/permissions-fix-$_INSTALLER_VERSION.info" ] ; then 579 echo "INFO: Fixing permissions in the /data/all tree..." 580 chmod 02775 /data/all/*/*/sites/all/{modules,libraries,themes} &> /dev/null 581 chown -R root:root /data/all 582 chown -R root:users /data/all/*/*/sites 583 echo fixed > /data/all/permissions-fix-$_INSTALLER_VERSION.info 584 fi 567 585 ###EOF2013### -
deleted file egir/tools/usr/add_ftp_user_standard.sh.txt
diff --git a/aegir/tools/usr/add_ftp_user_standard.sh.txt b/aegir/tools/usr/add_ftp_user_standard.sh.txt deleted file mode 100755 index cc6edf5..0000000
+ - 1 #!/bin/bash2 3 4 ###----------------------------###5 ## Add ftp only user to site ##6 ###----------------------------###7 8 ### Config9 _ADMIN=admin10 _USER=user11 _SITE=domain12 _SITE_DIR="/path/to/platform/sites/$_SITE"13 14 ### Create user15 _USERFTP="$_USER.ftp"16 _USERFTP_ROOT="/home/$_USERFTP"17 _TMP="/var/tmp"18 _WEBG=www-data19 _USRG=users20 if [ ! -d $_USERFTP_ROOT ] ; then21 useradd -d /home/$_USERFTP -s /bin/false -m -N -r $_USERFTP22 adduser $_USERFTP $_WEBG23 cd $_TMP24 touch $_TMP/$_USERFTP.txt25 chmod 0600 $_TMP/$_USERFTP.txt26 pwgen -v -s -1 > $_TMP/$_USERFTP.txt27 ph=$(makepasswd --clearfrom=$_TMP/$_USERFTP.txt --crypt-md5 |awk '{print $2}')28 usermod -p $ph $_USERFTP29 fi30 PXSWD=`cat $_TMP/$_USERFTP.txt`31 PASWD=`echo -n $PXSWD | tr -d "\n"`32 cd /home/$_USERFTP; ln -s $_SITE_DIR $_SITE33 cd34 mkdir -p /home/$_ADMIN/ftp.users35 echo "$_USERFTP:$PASWD" >> /home/$_ADMIN/ftp.users/$_SITE -
deleted file egir/tools/usr/add_lshell_user_master.sh.txt
diff --git a/aegir/tools/usr/add_lshell_user_master.sh.txt b/aegir/tools/usr/add_lshell_user_master.sh.txt deleted file mode 100755 index 3fba953..0000000
+ - 1 #!/bin/bash2 3 4 ###----------------------------###5 ## Add ftps/ssh master user ##6 ###----------------------------###7 8 ### Config9 _ADMIN=admin10 _USER=user11 _SITE=domain12 _SITE_DIR="/path/to/platform/sites/$_SITE"13 14 ### Create user15 _USERFTP="$_USER.ftp"16 _USERFTP_ROOT="/home/$_USERFTP"17 _TMP="/var/tmp"18 _WEBG=www-data19 _USRG=users20 if [ ! -d $_USERFTP_ROOT ] ; then21 useradd -d /home/$_USERFTP -s /usr/bin/lshell -m -N -r $_USERFTP22 adduser $_USERFTP $_WEBG23 cd $_TMP24 touch $_TMP/$_USERFTP.txt25 chmod 0600 $_TMP/$_USERFTP.txt26 pwgen -v -s -1 > $_TMP/$_USERFTP.txt27 ph=$(makepasswd --clearfrom=$_TMP/$_USERFTP.txt --crypt-md5 |awk '{print $2}')28 usermod -p $ph $_USERFTP29 passwd -w 7 -x 90 $_USERFTP30 usermod -aG lshellg $_USERFTP31 fi32 PXSWD=`cat $_TMP/$_USERFTP.txt`33 PASWD=`echo -n $PXSWD | tr -d "\n"`34 chsh -s /usr/bin/lshell $_USERFTP35 echo " " >> /etc/lshell.conf36 echo "[$_USERFTP]" >> /etc/lshell.conf37 echo "path : ['/data/disk/$_USER/distro', '/data/disk/$_USER/static', '/data/disk/$_USER/backups']" >> /etc/lshell.conf38 cd /home/$_USERFTP; ln -s $_SITE_DIR $_SITE39 cd40 mkdir -p /home/$_ADMIN/ftp.users41 echo "$_USERFTP:$PASWD" >> /home/$_ADMIN/ftp.users/$_SITE -
deleted file egir/tools/usr/add_lshell_user_standard.sh.txt
diff --git a/aegir/tools/usr/add_lshell_user_standard.sh.txt b/aegir/tools/usr/add_lshell_user_standard.sh.txt deleted file mode 100755 index 2a40ac6..0000000
+ - 1 #!/bin/bash2 3 4 ###----------------------------###5 ## Add ftps/ssh user to site ##6 ###----------------------------###7 8 ### Config9 _ADMIN=admin10 _USER=user11 _SITE=domain12 _SITE_DIR="/path/to/platform/sites/$_SITE"13 14 ### Create user15 _USERFTP="$_USER.ftp"16 _USERFTP_ROOT="/home/$_USERFTP"17 _TMP="/var/tmp"18 _WEBG=www-data19 _USRG=users20 if [ ! -d $_USERFTP_ROOT ] ; then21 useradd -d /home/$_USERFTP -s /usr/bin/lshell -m -N -r $_USERFTP22 adduser $_USERFTP $_WEBG23 cd $_TMP24 touch $_TMP/$_USERFTP.txt25 chmod 0600 $_TMP/$_USERFTP.txt26 pwgen -v -s -1 > $_TMP/$_USERFTP.txt27 ph=$(makepasswd --clearfrom=$_TMP/$_USERFTP.txt --crypt-md5 |awk '{print $2}')28 usermod -p $ph $_USERFTP29 passwd -w 7 -x 90 $_USERFTP30 usermod -aG lshellg $_USERFTP31 fi32 PXSWD=`cat $_TMP/$_USERFTP.txt`33 PASWD=`echo -n $PXSWD | tr -d "\n"`34 chsh -s /usr/bin/lshell $_USERFTP35 echo " " >> /etc/lshell.conf36 echo "[$_USERFTP]" >> /etc/lshell.conf37 echo "path : ['$_SITE_DIR']" >> /etc/lshell.conf38 cd /home/$_USERFTP; ln -s $_SITE_DIR $_SITE39 cd40 mkdir -p /home/$_ADMIN/ftp.users41 echo "$_USERFTP:$PASWD" >> /home/$_ADMIN/ftp.users/$_SITE -
new file docs/BLOWFISH.txt
diff --git a/docs/BLOWFISH.txt b/docs/BLOWFISH.txt new file mode 100644 index 0000000..d10b71b
- + 1 2 ---------- 3 SHA512 4 ---------- 5 Your Debian or Ubuntu system uses SHA512 for passwords encryption by default. 6 7 This is not bad, and for sure much better than MD5 by default used in BOA for 8 all newly created SSH/FTPS accounts (both main and extra - for Aegir Clients) 9 in all releases up to BOA-2.0.8 10 11 But since BOA forces all users to update their passwords every 90 days, once 12 the user updates his password, it is automatically encrypted with SHA512, 13 so it no longer uses the completely insecure MD5 hashing. 14 15 Note that BOA switched to SHA512 instead of MD5 by default in HEAD after 16 BOA-2.0.8 Edition, and will use SHA512 by default starting with BOA-2.0.9 17 18 ---------- 19 WARNING! 20 ---------- 21 1. Make sure you have working SSH keys for direct root access without sudo. 22 2. Make sure you have working SSH keys for direct root access without sudo. 23 3. Make sure you have working SSH keys for direct root access without sudo. 24 25 REALLY. Don't even read anything below, if you didn't set this up yet! 26 You could lock yourself out of your server forever (almost), 27 if your only access is password based and something will go wrong, 28 because you didn't read and follow this how-to *precisely*. 29 If you are interested why it is so important, read the explanation 30 further below. 31 32 ---------- 33 BLOWFISH 34 ---------- 35 You can easily switch your system to use much more secure Bcrypt/Blowfish, 36 using the simple steps listed below. 37 38 $ apt-get install libpam-unix2 -y 39 40 $ cp -af /usr/share/pam-configs/unix /usr/share/pam-configs/unix2 41 $ sed -i "s/^Name: Unix/Name: Unix2/g" /usr/share/pam-configs/unix2 42 $ sed -i "s/pam_unix.so/pam_unix2.so/g" /usr/share/pam-configs/unix2 43 $ sed -i "s/nullok_secure//g" /usr/share/pam-configs/unix2 44 $ sed -i "s/obscure//g" /usr/share/pam-configs/unix2 45 $ sed -i "s/sha512//g" /usr/share/pam-configs/unix2 46 $ sed -i "s/rounds//g" /usr/share/pam-configs/unix2 47 $ sed -i "s/pam_unix.so/pam_unix2.so/g" /etc/pam.d/pure-ftpd 48 $ sed -i "s/^CRYPT=des.*/CRYPT=blowfish/g" /etc/security/pam_unix2.default 49 $ sed -i "s/^BLOWFISH_CRYPT_FILES=.*/BLOWFISH_CRYPT_FILES=8/g" /etc/security/pam_unix2.default 50 51 $ pam-auth-update 52 53 [*] Unix2 authentication 54 [*] Unix authentication 55 56 In the displayed dialog box please enable "Unix2 authentication" and *DO NOT* 57 disable "Unix authentication". Both should be enabled, or all existing SHA512 58 passwords, including your root password, will stop working! 59 60 You should use Arrow keys, then choose <Ok> with Tab and hit Enter to confirm. 61 62 ---------- 63 TESTING 64 ---------- 65 Now update your root password and any other account password for testing 66 with standard `passwd` command. Even if you have disabled password based 67 root access, you should still keep the password working, because you will 68 still need it when accessing the system via remote console, if available. 69 70 You will notice in the /etc/shadow file that instead of lines similar to: 71 72 o1.ftp:$1$XVn3/oPw$Me6EZMC2A4/qAayQGRCh2/:15801::90:7::: 73 === if $1$ then it is *insecure* MD5 === 74 75 o1.ftp:$6$N52KMMFm$m/CB/sQtgREx1TtlHNy7aBHUxUQMx6r3q8O39FDTbt6Etzfi2ZYqR/AjUWtRWHmz3IPjZQW8xtXJjwbee9dFk0:15822::90:7::: 76 === if $6$ then it is better SHA512 === 77 78 Now it looks similar to: 79 80 o1.ftp:$2a$08$EeO3oNMsWxqtvCdWrZfeNeQhwxI0MxqJEDjvRqjZ1Cvc5Yu8XbTlK:15822::90:7::: 81 === if $2a$ $08$ then it is the best Bcrypt/Blowfish with 8 work-factor === 82 83 Test if the updated password for o1.ftp allows you to log in via SSH and FTPS. 84 85 Done! 86 87 ---------- 88 IMPORTANT! 89 ---------- 90 Only MD5 passwords would still work after enabling "Unix2 authentication" 91 and disabling "Unix authentication", as it is recommended in many how-tos 92 you can find on the net. Their authors even share horrible stories where 93 they managed to lock the access completely and were forced to boot the system 94 from rescue CD etc. because they didn't fully realize what they are doing. 95 96 The problem is that both root password and any other account password, 97 once updated after initial setup with MD5 used in BOA for non-root accounts 98 previously, will use SHA512, which simply doesn't work when you have disabled 99 "Unix authentication" and enabled only "Unix2 authentication". 100 101 Make sure that you have enabled both! 102 103 Note that BOA will still use SHA512 for all new or updated automatically 104 extra accounts, but since it still forces you to update passwords every 105 90 days, all accounts on your system will use Bcrypt/Blowfish as soon as 106 their passwords are updated with standard `passwd` command, after you have 107 added Bcrypt/Blowfish support using the how-to above. 108 109 ---------- 110 REFERENCES 111 ---------- 112 http://arstechnica.com/security/2013/04/why-livingsocials-50-million-password-breach-is-graver-than-you-may-think/ 113 http://arstechnica.com/security/2012/08/passwords-under-assault/ 114 http://codahale.com/how-to-safely-store-a-password/ 115 http://yorickpeterse.com/articles/use-bcrypt-fool/ 116 http://wildlyinaccurate.com/bcrypt-choosing-a-work-factor 117 https://gist.github.com/jkmickelson/3660219 118 http://drupal.org/node/1201444#comment-6448638 119 http://drupal.org/project/phpass 120 http://www.php.net/manual/en/function.crypt.php 121 http://www.php.net/security/crypt_blowfish.php -
docs/NOTES.txt
diff --git a/docs/NOTES.txt b/docs/NOTES.txt index 9928b39..ed3aa18 100644
a b 1 1 2 # Notes related to Barracuda add-ons configurable via _XTRAS_LIST variable. 3 4 * Configuration file location: /root/.barracuda.cnf 5 6 ### 7 ### Xtras included with "ALL" wildcard: 8 ### 9 ### CGP --- Collectd Graph Panel 10 ### CHV --- Chive DB Manager 11 ### CSF --- Firewall 12 ### CSS --- Compass Tools 13 ### FTP --- Pure-FTPd server with forced FTPS 14 ### PDS --- Fast DNS Cache Server (pdnsd) 15 ### WMN --- Webmin Control Panel 16 ### 17 ### Xtras which need to be listed explicitly: 18 ### 19 ### BDD --- SQL Buddy DB Manager 20 ### BND --- Bind9 DNS Server 21 ### FMG --- FFmpeg support 22 ### GIT --- Latest Git from sources 23 ### SR1 --- Apache Solr 1 with Jetty 7 24 ### SR3 --- Apache Solr 3 with Jetty 8 25 ### SR4 --- Apache Solr 4 with Jetty 8 or 9 26 ### 27 ### Examples: 28 ### 29 ### _XTRAS_LIST="" 30 ### _XTRAS_LIST="ALL" 31 ### _XTRAS_LIST="ALL GIT SR3" 32 ### _XTRAS_LIST="PDS CSF CGP CHV FTP" 33 ### 34 35 * Configuration file template: docs/cnf/barracuda.cnf 36 37 2 38 # Notes related to Barracuda install on public server with or w/o _EASY_PUBLIC option 3 39 4 40 NOTE: 123.45.67.89 below is a placeholder for your server public, real IP address. … … 58 94 it further on upgrade, by editing various settings stored in the BOA config 59 95 files, respectively: 60 96 61 /root/.barracuda.cnf 62 /root/.o1.octopus.cnf 63 /root/.o2.octopus.cnf 97 /root/.barracuda.cnf - check docs/cnf/barracuda.cnf template 98 /root/.o1.octopus.cnf - check docs/cnf/octopus.cnf template 99 /root/.o2.octopus.cnf - check docs/cnf/octopus.cnf template 64 100 etc. 65 101 66 102 It may be useful when you prefer to install Percona instead of MariaDB 67 103 or to always use latest version of PHP built from sources etc. 104 68 105 Please read docs/UPGRADE.txt for simple upgrades how-to. 69 106 -
new file docs/PLATFORMS.txt
diff --git a/docs/PLATFORMS.txt b/docs/PLATFORMS.txt new file mode 100644 index 0000000..7833a48
- + 1 ###----------------------------------------### 2 ### PLATFORMS INSTALL MODE ### 3 ###----------------------------------------### 4 ### 5 ### You can use wildcard "ALL" to install all 6 ### available platforms or configure the list 7 ### of platforms to be installed as explained 8 ### below. 9 ### 10 ### Note: the "ALL" wildcard is not default! 11 ### 12 ### When combined with _AUTOPILOT=YES option 13 ### you can speed up the process and still 14 ### control which platforms will be installed, 15 ### using the symbols listed below. 16 ### 17 ### D8D ----------- Drupal 8 dev-tested (off) 18 ### D8E ----------- Drupal 8 dev-edge (off) 19 ### D7P D7S D7D --- Drupal 7 prod/stage/dev 20 ### D6P D6S D6D --- Pressflow 6 p/s/d 21 ### D5P ----------- Pressflow 5 (off) 22 ### AQ6 ----------- Acquia D6 23 ### CC3 ----------- CiviCRM 3.4.8 D6 (off) 24 ### CM6 ----------- CiviCRM 4.1.6 D6 25 ### CM7 ----------- CiviCRM 4.2.8 D7 26 ### CME ----------- Commerce v.2 27 ### COD ----------- Conference 28 ### CS7 ----------- Commons 7 29 ### DCE ----------- Commerce v.1 30 ### DCS ----------- Commons 6 31 ### ELS ----------- ELMS (off) 32 ### FSR ----------- Feature Server 33 ### MNS ----------- Managing News 34 ### MPG ----------- MartPlug (off) 35 ### NS7 ----------- NodeStream D7 36 ### NSM ----------- NodeStream D6 (off) 37 ### OAM ----------- Open Atrium 38 ### OAY ----------- Open Academy (off) 39 ### OCH ----------- OpenChurch 40 ### ODS ----------- Open Deals 41 ### OEE ----------- Open Enterprise (off) 42 ### OOH ----------- Open Outreach 43 ### OPC ----------- OpenPublic (off) 44 ### OPH ----------- OpenPublish 45 ### OSR ----------- OpenScholar (off) 46 ### OVO ----------- Octopus Video (off) 47 ### PPT ----------- ProsePoint 48 ### PPY ----------- Panopoly 49 ### UC7 ----------- Ubercart D7 50 ### UCT ----------- Ubercart D6 51 ### VOA ----------- Videola (off) 52 ### 53 ### Examples: 54 ### 55 ### _PLATFORMS_LIST=ALL 56 ### _PLATFORMS_LIST="D7P D6P OAM MNS NS7 OOH" 57 ### 58 _PLATFORMS_LIST="D7P D7S D7D D6P D6S D6D OAM" 59 60 61 ###----------------------------------------### 62 ### UNSUPPORTED (off) DISTROS INSTALL ### 63 ###----------------------------------------### 64 ### 65 ### If you wish to install also distros listed 66 ### above as (off), change the option below 67 ### to: _ALLOW_UNSUPPORTED=YES 68 ### 69 _ALLOW_UNSUPPORTED=NO -
docs/SOLR.txt
diff --git a/docs/SOLR.txt b/docs/SOLR.txt index 6ab1eae..c7fc34b 100644
a b 40 40 41 41 Solr port ........: 8077 (for Solr 1.x with Jetty 7) 42 42 Solr port ........: 8088 (for Solr 3.x with Jetty 8) 43 Solr port ........: 8099 (for Solr 4.x with Jetty 8 or 9 on Precise )43 Solr port ........: 8099 (for Solr 4.x with Jetty 8 or 9 on Precise/Wheezy) 44 44 Solr port ........: 8080 (for Solr 1.x with Jetty 7 migrated from Tomcat) 45 45 46 46 Solr path ........: solr/core0 (configured in solr.xml) … … 63 63 2. Add this new core in the solr.xml file: 64 64 /opt/solr1/solr.xml (for Solr 1.x with Jetty 7) 65 65 /opt/solr3/solr.xml (for Solr 3.x with Jetty 8) 66 /opt/solr4/solr.xml (for Solr 4.x with Jetty 8 or 9 on Precise )66 /opt/solr4/solr.xml (for Solr 4.x with Jetty 8 or 9 on Precise/Wheezy) 67 67 68 68 3. Restart correct Jetty instance: 69 69 service jetty7 restart (for Solr 1.x with Jetty 7) 70 70 service jetty8 restart (for Solr 3.x with Jetty 8) 71 service jetty9 restart (for Solr 4.x with Jetty 8 or 9 on Precise )71 service jetty9 restart (for Solr 4.x with Jetty 8 or 9 on Precise/Wheezy) 72 72 73 73 You can also rename the "core name" in the file: 74 74 /opt/solr{1,3,4}/solr.xml … … 85 85 86 86 SR1 (for Solr 1.x with Jetty 7) 87 87 SR3 (for Solr 3.x with Jetty 8) 88 SR4 (for Solr 4.x with Jetty 8 or 9 on Precise )88 SR4 (for Solr 4.x with Jetty 8 or 9 on Precise/Wheezy) 89 89 90 90 It is even possible to add them *all* on upgrade when 91 91 you are already running now deprecated Tomcat 6 with Solr 1.x, -
docs/SSL.txt
diff --git a/docs/SSL.txt b/docs/SSL.txt index 3c0ebf9..4557de1 100644
a b server { 34 34 location / { 35 35 proxy_pass http://extra_ip; 36 36 proxy_redirect off; 37 gzip_vary off; 37 38 proxy_set_header Host $host; 38 39 proxy_set_header X-Real-IP $remote_addr; 39 40 proxy_set_header X-Forwarded-By $server_addr:$server_port; … … server { 95 96 location / { 96 97 proxy_pass http://extra_ip_ssl; 97 98 proxy_redirect off; 99 gzip_vary off; 98 100 proxy_set_header Host $host; 99 101 proxy_set_header X-Real-IP $remote_addr; 100 102 proxy_set_header X-Forwarded-By $server_addr:$server_port; … … server { 143 145 location / { 144 146 proxy_pass http://extra_ip_ssl; 145 147 proxy_redirect off; 148 gzip_vary off; 146 149 proxy_set_header Host $host; 147 150 proxy_set_header X-Real-IP $remote_addr; 148 151 proxy_set_header X-Forwarded-By $server_addr:$server_port; -
docs/UPGRADE.txt
diff --git a/docs/UPGRADE.txt b/docs/UPGRADE.txt index 5552cdd..c837ef8 100644
a b $ octopus up-head all 53 53 $ barracuda up-stable log 54 54 $ octopus up-stable all log 55 55 56 Note also that detailed backend log on barracuda 57 upgrade is always stored directly in /var/backups/* 56 Detailed backend log on barracuda upgrade is always stored in 57 /var/backups/* 58 59 ### NOTE: You can append "system" as a last argument to the barracuda 60 command, and it will upgrade only the system, without running 61 Aegir Master Instance upgrade, plus it will write the output 62 to the file instead of to the console: 63 /var/backups/reports/up/barracuda/* 64 65 Example: 66 67 $ barracuda up-stable system 68 69 ### NOTE: While both "log" and "system" modes are "silent", because 70 they don't display anything in your console, they will send 71 the log via e-mail to your address specified in the file: 72 /root/.barracuda.cnf 73 74 It is recommended that you start `screen` before running 75 commands using the "silent" mode - to avoid confusion 76 or incomplete tasks when your SSH connection drops. 58 77 59 78 ### NOTE: It is possible to set/force the upgrade mode on the fly 60 79 using optional arguments: {aegir|platforms|both} … … $ octopus up-head all 63 82 honor also settings from the octopus instance cnf file, 64 83 where currently only "aegir" mode is defined 65 84 with _HM_ONLY=YES option. 66 85 67 86 Examples: 68 87 69 88 $ octopus up-stable o1 aegir -
new file docs/cnf/barracuda.cnf
diff --git a/docs/cnf/barracuda.cnf b/docs/cnf/barracuda.cnf new file mode 100644 index 0000000..bd92367
- + 1 ### 2 ### Barracuda version BOA-2.0.8 3 ### 4 ### Configuration stored in the /root/.barracuda.cnf file. 5 ### This example is for public install mode - see docs/INSTALL.txt 6 ### 7 ### NOTE: the group of settings displayed bellow will *not* be overriden 8 ### on upgrade by the Barracuda script nor by this configuration file. 9 ### They can be defined only on initial Barracuda install. 10 ### 11 _HTTP_WILDCARD=YES #------------ Listen on single IP instead of all IPs when NO 12 _MY_OWNIP="123.45.67.89" #------ Allows to specify web server IP if not default 13 _MY_HOSTN="f-q-d-n" #----------- Allows to define server hostname 14 _EASY_HOSTNAME="f-q-d-n" #------ Hostname auto-configured via _EASY_PUBLIC 15 _MY_FRONT="master.f-q-d-n" #---- URL of the Aegir Master Instance control panel 16 _THIS_DB_HOST=localhost #------- Allows to use hostname in DB grants when FQDN 17 _SMTP_RELAY_TEST=YES #---------- Allows to skip SMTP availability tests when NO 18 _SMTP_RELAY_HOST="" #----------- Allows to configure simple SMTP relay (w/o pwd) 19 _LOCAL_NETWORK_IP="" #---------- Web server IP if in localhost mode - auto-conf 20 _LOCAL_NETWORK_HN="" #---------- Hostname if in localhost mode - auto-conf 21 ### 22 ### NOTE: the group of settings displayed bellow 23 ### will *override* all listed settings in the Barracuda script, 24 ### both on initial install and upgrade. 25 ### 26 _MY_EMAIL="my@email" #---------- System admin e-mail 27 _XTRAS_LIST="" #---------------- See docs/NOTES.txt for details on add-ons 28 _AUTOPILOT=NO #----------------- Allows to skip all Yes/No questions when YES 29 _SYSTEM_UPGRADE_ONLY=NO #------- Allows to skip Aegir on upgrade (deprecated) 30 _DEBUG_MODE=NO #---------------- Allows to enable Drush debugging when YES 31 _DB_SERVER=MariaDB #------------ Allows to install MariaDB or Percona DB server 32 _DB_BINARY_LOG=NO #------------- Allows to enable binary logging when YES 33 _DB_ENGINE=InnoDB #------------- Allows to specify default engine for Drupal 6 34 _SSH_PORT=22 #------------------ Allows to configure non-standard SSH port 35 _LOCAL_DEBIAN_MIRROR= #--------- Allows to force non-default Debian mirror 36 _LOCAL_UBUNTU_MIRROR= #--------- Allows to force non-default Ubuntu mirror 37 _FORCE_GIT_MIRROR="" #---------- Allows to use different mirror (deprecated) 38 _DNS_SETUP_TEST=YES #----------- Allows to skip DNS testing when NO 39 _NGINX_WORKERS=AUTO #----------- Allows to override AUTO with valid number 40 _NGINX_DOS_LIMIT=300 #---------- Allows to override default 250/300 limit 41 _BUILD_FROM_SRC=NO #------------ Allows to force PHP build from sources 42 _PHP_MODERN_ONLY=YES #---------- Allows to install PHP 5.2 when NO 43 _PHP_FPM_VERSION=5.3 #---------- Allows to define default PHP-FPM version 44 _PHP_CLI_VERSION=5.3 #---------- Allows to define default PHP-CLI version 45 _PHP_FPM_WORKERS=AUTO #--------- Allows to override AUTO with valid number 46 _NGINX_EXTRA_CONF="" #---------- Allows to add custom options to Nginx build 47 _NGINX_LDAP=NO #---------------- Installs LDAP Nginx support when YES 48 _PHP_GEOS=NO #------------------ Installs GEOS for PHP when YES - experimental 49 _PHP_MONGODB=NO #--------------- Installs MONGODB for PHP when YES 50 _PHP_EXTRA_CONF="" #------------ Allows to add custom options to PHP build 51 _LOAD_LIMIT_ONE=1444 #---------- Defines max 1 min load before disabling Nginx 52 _LOAD_LIMIT_TWO=888 #----------- Defines max 5 min load before disabling Nginx 53 _CUSTOM_CONFIG_CSF=NO #--------- Protects custom CSF config when YES 54 _CUSTOM_CONFIG_SQL=NO #--------- Protects custom SQL config when YES 55 _CUSTOM_CONFIG_REDIS=NO #------- Protects custom Redis config when YES 56 _CUSTOM_CONFIG_PHP_5_2=NO #----- Protects custom PHP 5.2 ini files when YES 57 _CUSTOM_CONFIG_PHP_5_3=NO #----- Protects custom PHP 5.3 ini files when YES 58 _SPEED_VALID_MAX=3600 #--------- Defines Speed Booster hourly cache TTL in sec 59 _USE_MEMCACHED=NO #------------- Installs memcached when YES (deprecated) 60 _NEWRELIC_KEY= #---------------- Installs New Relic when license key is set 61 _USE_STOCK=NO #----------------- Allows to install stock Aegir 2.x when YES 62 _EXTRA_PACKAGES="" #------------ Installs listed extra packages with apt-get 63 _STRONG_PASSWORDS=NO #---------- Allows to generate secure passwords when YES 64 ### 65 ### Barracuda version BOA-2.0.8 66 ### -
new file docs/cnf/octopus.cnf
diff --git a/docs/cnf/octopus.cnf b/docs/cnf/octopus.cnf new file mode 100644 index 0000000..c13d7b4
- + 1 ### 2 ### Octopus version BOA-2.0.8 3 ### 4 ### Configuration stored in the /root/.$_USER.octopus.cnf file. 5 ### This example is for public install mode - see docs/INSTALL.txt 6 ### 7 ### NOTE: the group of settings displayed bellow 8 ### will *override* all listed here settings in the Octopus script. 9 ### 10 _USER="o1" #-------------------- Aegir Instance system account name 11 _MY_EMAIL="my@email" #---------- Aegir Instance owner e-mail 12 _PLATFORMS_LIST=ALL #----------- Platforms to install - see docs/PLATFORMS.txt 13 _ALLOW_UNSUPPORTED=NO #--------- Allows to install deprecated platforms when YES 14 _AUTOPILOT=NO #----------------- Allows to skip all Yes/No questions when YES 15 _HM_ONLY=NO #------------------- Allows to upgrade Aegir only (deprecated) 16 _O_CONTRIB_UP=NO #-------------- Allows to force o_contrib upgrade when YES 17 _DEBUG_MODE=NO #---------------- Allows to enable Drush debugging when YES 18 _MY_OWNIP= #-------------------- Allows to specify web server IP if not default 19 _FORCE_GIT_MIRROR="" #---------- Allows to use different mirror (deprecated) 20 _THIS_DB_HOST=localhost #------- DB host depends on Barracuda setting (FQDN) 21 _DNS_SETUP_TEST=YES #----------- Allows to skip DNS testing when NO 22 _HOT_SAUCE=NO #----------------- Forces new platforms tree on install when YES 23 _USE_CURRENT=YES #-------------- Forces new platforms tree on upgrade when NO 24 _REMOTE_CACHE_IP=127.0.0.1 #---- Default IP address where Redis listens 25 _LOCAL_NETWORK_IP= #------------ Web server IP if in localhost mode - auto-conf 26 _PHP_FPM_VERSION=5.3 #---------- Defaults to 5.3 because 5.2 is deprecated 27 _PHP_CLI_VERSION=5.3 #---------- Defaults to 5.3 because 5.2 is deprecated 28 _USE_STOCK=NO #----------------- Allows to install stock Aegir 2.x when YES 29 _STRONG_PASSWORDS=NO #---------- Allows to generate secure passwords when YES 30 ### 31 ### NOTE: the group of settings displayed bellow will be *overriden* 32 ### by config files stored in the /data/disk/o1/log/ directory, 33 ### but only on upgrade. 34 ### 35 _DOMAIN="o1.f-q-d-n" #---------- URL of the Aegir control panel 36 _CLIENT_EMAIL= #---------------- Create client user if different than _MY_EMAIL 37 _CLIENT_OPTION="SSD" #---------- Currently not used 38 _CLIENT_SUBSCR="Y" #------------ Currently not used 39 _CLIENT_CORES="8" #------------- Currently not used 40 ### 41 ### Octopus version BOA-2.0.8 42 ###
