Automatizáljuk a dolgokat!

  • Beküldve: 2015. november 04, 11:46
  • Szerző: Bolemányi Attila

Amint azt a bevezetőben is említettem, célszerű a leggyakrabban elvégzett konfigurációs műveleteket egy szript segítségével elvégeztetni. Nekünk csak annyi lesz a dolgunk, hogy megadunk néhány kiinduló adatot, a rabszolgamunkát pedig rábízzuk a szriptre. Az alábbiakban közreadott bash szkript sem nem szép, sem nem elegáns, vagyis pont olyan, mint egy barkácsolt hátvakaró, amely éppen ott segít, ahol a legjobban viszket. De a dolgát elvégzi, ahogyan kell. Használd fel nyugodtan, módosítsd, ahogyan azt a szükségeid kívánják, vagy csak egyszerűen tanulj belőle.

#!/bin/bash

##########################################################################
# Creating the website user and its configuration files.                 #
##########################################################################

WEBDIR="/srv/web/www"
WEBGROUP="www-data"
SKEL="/etc/skel"
SHELL="/bin/false"
APACHE_CONFIG_DIR="/etc/apache2/sites-available/"
FPM_POOL_DIR="/etc/php5/fpm/pool.d/"
LOGROTATE_CONFIG_DIR="/etc/logrotate.d/www/"

# Default hard quota in GB
HARDQUOTA="1"

# Default soft quota in %
SOFTQUOTA="80"

# Mount point (filesystem with quota)
MPOINT="/dev/www/web"

EMAIL="bolemanyi.attila@comega7.hu"
MESSAGE="/tmp/message.txt"

# Function to generate a random password
#  $1 = number of characters; defaults to 32
#  $2 = include special characters; 1 = yes, 0 = no; defaults to 1
function randpass() {
  [ "$2" == "0" ] && CHAR="[:alnum:]" || CHAR="[:graph:]"
  cat /dev/urandom | tr -cd "$CHAR" | head -c ${1:-32}
  echo
}

#########################
# Creating website user #
#########################

if [ $(id -u) -eq 0 ]; then
    read -p "Enter full website name (test.example.com): " USERNAME
    read -s -p "Enter password (or press ENTER to generate a random one): " PASSWORD
    if [ -z "$PASSWORD" ]
    then
    PASSWORD=$(randpass "16" "0")
    echo ""
    fi
    read -p "Enter quota size in GB (default=1): " QUOTA
    if [ -z "$QUOTA" ];then
    QUOTA=$HARDQUOTA
    fi
    echo ""
    egrep "^$USERNAME" /etc/passwd >/dev/null
    if [ $? -eq 0 ]; then
    echo "The website: $USERNAME has been already created!"
    exit 1
    else
    pass=$(perl -e 'print crypt($ARGV[0], "password")' $PASSWORD)
    useradd -b $WEBDIR -G $WEBGROUP -k $SKEL -m -N -s $SHELL -p $pass $USERNAME
    [ $? -eq 0 ] && echo "The website user has been added to the system!" || echo "Failed to add a user!"
    fi
else
    echo "Only root may add a website to the system"
    exit 2
fi

####################################################################
# Cleaning up website directory and setting up filesystem security #
####################################################################

HOME=$WEBDIR/$USERNAME

chown -R $USERNAME:$WEBGROUP $HOME
find $HOME -type f -exec rm -f {} \;
find $HOME -type d -exec chmod 0550 {} \;
chmod 750 $HOME"/www-data"
chmod 750 $HOME"/www-site"
chmod 750 $HOME"/log-files"
chattr +i $HOME
echo "Website home directory has been created and set up."

################################
# Setting up quota (in kBytes) #
################################

HARD_SIZE=$(echo "$QUOTA*1024*1024" | bc)
SOFT_SIZE=$(echo "$QUOTA*1024*1024/100*$SOFTQUOTA" | bc)
setquota -u $USERNAME $SOFT_SIZE $HARD_SIZE 0 0 -a $MPOINT
echo "Quota has been set up."

#####################################
# Creating FPM pool definition file #
#####################################

FCGI_SOCKET_FILE="/var/run/"$USERNAME".php5-fpm.sock"
FPM_POOL_FILE=$FPM_POOL_DIR$USERNAME".conf"

if [ ! -f $FPM_POOL_FILE ]; then
    echo "Creating FPM/PHP pool definition file..."
    
    touch $FPM_POOL_FILE
    echo "["$USERNAME"]" >> $FPM_POOL_FILE
    echo "" >> $FPM_POOL_FILE
    echo "user = "$USERNAME >> $FPM_POOL_FILE
    echo "group = "$WEBGROUP >> $FPM_POOL_FILE
    echo "" >> $FPM_POOL_FILE
    echo "listen = "$FCGI_SOCKET_FILE >> $FPM_POOL_FILE
    echo "listen.backlog = 128" >> $FPM_POOL_FILE
    echo "listen.owner = "$USERNAME >> $FPM_POOL_FILE
    echo "listen.group = "$WEBGROUP >> $FPM_POOL_FILE
    echo "listen.mode = 0660" >> $FPM_POOL_FILE
    echo "" >> $FPM_POOL_FILE
    echo "pm = dynamic" >> $FPM_POOL_FILE
    echo "pm.max_children = 5" >> $FPM_POOL_FILE
    echo "pm.start_servers = 2" >> $FPM_POOL_FILE
    echo "pm.min_spare_servers = 1" >> $FPM_POOL_FILE
    echo "pm.max_spare_servers = 3" >> $FPM_POOL_FILE
    echo "" >> $FPM_POOL_FILE
    echo "php_admin_flag[display_errors] = off" >> $FPM_POOL_FILE
    echo "php_admin_value[error_log] = "$HOME"/log-files/fpm-php.error.log" >> $FPM_POOL_FILE
    echo "php_admin_flag[log_errors] = on" >> $FPM_POOL_FILE
    echo "php_admin_value[memory_limit] = 128M" >> $FPM_POOL_FILE

    echo "Restarting FPM/PHP service..."
    systemctl restart php5-fpm
else
    echo "The file: "$FPM_POOL_FILE" already exists!"
fi

##################################################
# Creating Apache virtualhost configuration file #
##################################################

APACHE_CONFIG_FILE=$APACHE_CONFIG_DIR$USERNAME".conf"

if [ ! -f $APACHE_CONFIG_FILE ]; then
    echo "Creating Apache configuration file..."

    touch $APACHE_CONFIG_FILE
    echo "<VirtualHost *:80>" >> $APACHE_CONFIG_FILE
    echo " ServerName "$USERNAME >> $APACHE_CONFIG_FILE
    echo " ServerAdmin webmaster@comega7.local" >> $APACHE_CONFIG_FILE
    echo " DocumentRoot "$HOME"/www-site/" >> $APACHE_CONFIG_FILE
    echo "" >> $APACHE_CONFIG_FILE
    echo " <Directory \""$HOME"/www-site\">" >> $APACHE_CONFIG_FILE
    echo " Options +SymLinksIfOwnerMatch" >> $APACHE_CONFIG_FILE
    echo " AllowOverride Authconfig FileInfo Indexes Limit Options=Indexes,MultiViews" >> $APACHE_CONFIG_FILE
    echo " Require all granted" >> $APACHE_CONFIG_FILE
    echo " </Directory>" >> $APACHE_CONFIG_FILE
    echo "" >> $APACHE_CONFIG_FILE
    echo " <FilesMatch \\.php$>" >> $APACHE_CONFIG_FILE
    echo " SetHandler \"proxy:unix:"$FCGI_SOCKET_FILE"|fcgi://localhost\"" >> $APACHE_CONFIG_FILE
    echo " </FilesMatch>" >> $APACHE_CONFIG_FILE
    echo "" >> $APACHE_CONFIG_FILE
    echo " ErrorLog "$HOME"/log-files/error.log" >> $APACHE_CONFIG_FILE
    echo " CustomLog "$HOME"/log-files/access.log combined" >> $APACHE_CONFIG_FILE
    echo "</VirtualHost>" >> $APACHE_CONFIG_FILE

    echo "Enabling website config..."
    a2ensite $USERNAME
    echo "Restarting Apache webserver..."
    systemctl restart apache2
else
    echo "The file: "$APACHE_CONFIG_FILE" already exists!"
fi

########################################
# Setting up Apache log files rotation #
########################################

LOGROTATE_CONFIG_FILE=$LOGROTATE_CONFIG_DIR$USERNAME

if [ ! -f $LOGROTATE_CONFIG_FILE ]; then
    echo "Creating Apache log files rotation configuration file..."

    touch $LOGROTATE_CONFIG_FILE
    echo $HOME"/log-files/*.log {" >> $LOGROTATE_CONFIG_FILE
    echo " weekly" >> $LOGROTATE_CONFIG_FILE
    echo " missingok" >> $LOGROTATE_CONFIG_FILE
    echo " rotate 12" >> $LOGROTATE_CONFIG_FILE
    echo " compress" >> $LOGROTATE_CONFIG_FILE
    echo " delaycompress" >> $LOGROTATE_CONFIG_FILE
    echo " notifempty" >> $LOGROTATE_CONFIG_FILE
    echo " create 440 "$USERNAME" "$WEBGROUP >> $LOGROTATE_CONFIG_FILE
    echo " sharedscripts" >> $LOGROTATE_CONFIG_FILE
    echo " postrotate" >> $LOGROTATE_CONFIG_FILE
    echo " if /etc/init.d/apache2 status > /dev/null ; then \\" >> $LOGROTATE_CONFIG_FILE
    echo " /etc/init.d/apache2 reload > /dev/null ; \\" >> $LOGROTATE_CONFIG_FILE
    echo " fi;\\" >> $LOGROTATE_CONFIG_FILE
    echo " endscript" >> $LOGROTATE_CONFIG_FILE
    echo " prerotate" >> $LOGROTATE_CONFIG_FILE
    echo " if [ -d /etc/logrotate.d/httpd-prerotate ]; then \\" >> $LOGROTATE_CONFIG_FILE
    echo " run-parts /etc/logrotate.d/httpd-prerotate; \\" >> $LOGROTATE_CONFIG_FILE
    echo " fi;\\" >> $LOGROTATE_CONFIG_FILE
    echo " endscript" >> $LOGROTATE_CONFIG_FILE
    echo "}" >> $LOGROTATE_CONFIG_FILE
else
    echo "The file: "$LOGROTATE_CONFIG_FILE" already exists!"
fi

#################################
# Sending e-mail about this job #
#################################

SUBJECT="Created website at webserver.comega7.local - "$USERNAME

echo "Hello, Admin!" > $MESSAGE
echo "" >> $MESSAGE
echo "I have just created a website with these parameters:" >> $MESSAGE
echo "" >> $MESSAGE
echo "Website URL (and FTP username): "$USERNAME >> $MESSAGE
echo "Password: "$PASSWORD >> $MESSAGE
R_HQUOTA=$(repquota $MPOINT | grep $USERNAME | awk '{print $5}')
R_SQUOTA=$(repquota $MPOINT | grep $USERNAME | awk '{print $4}')
REAL_HQUOTA=$(echo "scale=2; $R_HQUOTA/1024/1024" | bc )
REAL_SQUOTA=$(echo "scale=2; $R_SQUOTA/1024/1024" | bc )
echo "Hard quota size: "$REAL_HQUOTA" GB" >> $MESSAGE
echo "Soft quota size: "$REAL_SQUOTA" GB" >> $MESSAGE
echo "Web folder (for public web pages): www-site" >> $MESSAGE
echo "Data folder (unseen from the Internet): www-data" >> $MESSAGE
echo "Webserver log folder: log-files" >> $MESSAGE
echo "" >> $MESSAGE
echo "Your fantastic bash script ;-)" >> $MESSAGE
/usr/bin/mail -s "$SUBJECT" "$EMAIL" < $MESSAGE
echo "" > $MESSAGE

A fenti szkriptet mentsük el create-website-folder.sh néven és adjunk a számára futási jogot is, majd helyezzük el a /usr/bin mappában. A szkript működéséhez szükség lesz a mail és a bc parancsra is:

aptitude install mailutils bc

A tesztrendszeremen ez újabb módosítást igényel a Postfixen belül is. A /etc/postfix/generic fájl tartalma (a leveleket a root felhasználó küldi):

wordpress.comega7.local@webserver.comega7.local     wordpress.comega7.local@comega7.hu
joomla.comega7.local@webserver.comega7.local        joomla.comega7.local@comega7.hu
root@webserver.comega7.local                        root@comega7.hu

Juttassuk érvényre a fenti beállításokat:

postmap /etc/postfix/generic
systemctl restart postfix

A szkript mostantól működőképes és e-mailt is küld mindarról, amit elvégzett értünk.