commit 3a124c2b6fdf822f9cd0cd4786c1f567912462ef Author: Eliezer Croitoru Date: Wed Oct 18 04:04:28 2023 +0300 1 diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..0d1d13f --- /dev/null +++ b/.gitattributes @@ -0,0 +1,2 @@ +*.sh text eol=lf +Vagrantfile text eol=lf \ No newline at end of file diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..71b95ef --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.vagrant/ diff --git a/Vagrantfile b/Vagrantfile new file mode 100644 index 0000000..6dd7d4e --- /dev/null +++ b/Vagrantfile @@ -0,0 +1,75 @@ + +$ENALBE_SYNC_FOLDER = false + +$ENALBE_SYNC_FOLDER = true if File.exist?("sync_shared") + +$HOST_NET = File.readlines('net').first.chomp +$VM_NAME = File.readlines('vmname').first.chomp +$VM_MEM = File.readlines('vmmem').first.chomp.to_i +$VM_VCPU = File.readlines('vmcpu').first.chomp.to_i + +$BOX = File.readlines('box').first.chomp + +$PROVIDER = File.readlines('provider').first.chomp + +$HOSTNAME = File.readlines('hostname').first.chomp + +if $PROVIDER =~ /hyperv|virtualbox/ + ENV["VAGRANT_DEFAULT_PROVIDER"] = $PROVIDER +end + +# Will not work on Hyper-V +#$VM_DISK_SIZE = File.readlines('disksize').first.chomp + + +$PROVISION_SSH_KEY_SCRIPT=<> /root/.ssh/authorized_keys +chmod 0600 /root/.ssh/authorized_keys +chown root:root -R /root/.ssh +mkdir -p /home/vagrant/.ssh +chmod 0700 /home/vagrant/.ssh +echo /home/vagrant/.ssh/vagrant.pub >> /home/vagrant/.ssh/authorized_keys +chmod 0600 /home/vagrant/.ssh/authorized_keys +chown vagrant:vagrant -R /home/vagrant/.ssh +EOF + + +Vagrant.configure("2") do |config| + config.vm.box = $BOX + +## Remember to generate the vagrant private key. +## ssh-keygen -f C:\Users\eliezer\.ssh\vagrant + + config.ssh.insert_key = false + config.ssh.private_key_path = ['~/.ssh/vagrant', '~/.vagrant.d/insecure_private_key' ] + + config.vm.provider "hyperv" do |hv, override| + hv.vmname = $VM_NAME + hv.maxmemory = $VM_MEM + hv.memory = $VM_MEM + hv.cpus = $VM_VCPU + override.vm.allowed_synced_folder_types = [:rsync] + end + + config.vm.network "public_network", bridge: $HOST_NET + + config.vm.synced_folder ".", "/vagrant", disabled: true + +if $ENALBE_SYNC_FOLDER == true + config.vm.synced_folder "shared/", "/vagrant", type: "rsync" +end + + config.vm.provision "file", source: "~/.ssh/vagrant.pub", destination: "/home/vagrant/.ssh/vagrant.pub" + config.vm.provision 'shell', inline: $PROVISION_SSH_KEY_SCRIPT + +if $ENALBE_SYNC_FOLDER == true + config.vm.provision 'shell', inline: "stat /vagrant/init.sh && cd /vagrant && bash init.sh;true" +end + +if not $HOSTNAME.empty? + config.vm.provision 'shell', inline: "hostnamectl set-hostname #{$HOSTNAME}" +end + +end diff --git a/box b/box new file mode 100644 index 0000000..0e604fc --- /dev/null +++ b/box @@ -0,0 +1 @@ +generic/alma9 diff --git a/hostname b/hostname new file mode 100644 index 0000000..6bacdc0 --- /dev/null +++ b/hostname @@ -0,0 +1 @@ +051-NgTech-K-KidsTube-20231010 \ No newline at end of file diff --git a/net b/net new file mode 100644 index 0000000..3ce4ea7 --- /dev/null +++ b/net @@ -0,0 +1 @@ +VMs_OUT \ No newline at end of file diff --git a/provider b/provider new file mode 100644 index 0000000..9b2644f --- /dev/null +++ b/provider @@ -0,0 +1 @@ +hyperv diff --git a/shared/init.sh b/shared/init.sh new file mode 100644 index 0000000..c3359ca --- /dev/null +++ b/shared/init.sh @@ -0,0 +1,234 @@ +#!/usr/bin/env bash + +mkdir -p /opt/src/ + +# Adding local path to PATH +cd ~/ +touch .bash_profile +echo 'export PATH=$PATH:/usr/local/bin:/usr/local/sbin:' >> .bash_profile +source ~/.bash_profile + +# Disable SELINUX +setenforce 0 +sed -i -e "s@SELINUX=.*@SELINUX=disabled@g" /etc/selinux/config + +# Adding sysctl configs +cat > /etc/sysctl.d/10-avideo.conf < /etc/cron.d/youtube-dl < /dev/null +@daily python -m pip install --upgrade yt-dlp > /dev/null +EOF + +# Step 2: Install LAMP stack +dnf install -y httpd mod_ssl httpd-tools + +sed -i -e "s@AllowOverride\ None@AllowOverride All@g" /etc/httpd/conf/httpd.conf + +mv -v /etc/httpd/conf.d/welcome.conf /etc/httpd/conf.d/welcome.conf.disabled +cp -v /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf.original + +cat < /etc/httpd/conf.d/ssl.conf +Listen 443 https + +SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog + +SSLSessionCache shmcb:/run/httpd/sslcache(512000) +SSLSessionCacheTimeout 300 + +SSLCryptoDevice builtin +#SSLCryptoDevice ubsec +EOF + +mkdir -pv /etc/httpd/sites-enabled +mkdir -pv /etc/httpd/sites-avaliable + +egrep "^IncludeOptional\ sites\-enabled\/\*\.conf" /etc/httpd/conf/httpd.conf || \ +echo 'IncludeOptional sites-enabled/*.conf' >> /etc/httpd/conf/httpd.conf +httpd -t +httpd -S + +## Gen certs + +mkdir -p /etc/ssl/local + +openssl req -nodes -x509 -sha256 -newkey rsa:4096 \ + -keyout /etc/ssl/local/localhost.key \ + -out /etc/ssl/local/localhost.crt \ + -days 3560 \ + -subj "/C=IL/ST=Shomron/L=Karney Shomron/O=NgTech LTD/OU=IT/CN=020-NgTech-K-AVideo-Encoder" \ + -addext "subjectAltName = DNS:localhost,DNS:020-NgTech-K-AVideo-Encoder.k.ngtech.co.il,DNS:*.k.ngtech.co.il,DNS:*.ngtech.co.il" + + +## Setup vhosts +cat < /etc/httpd/sites-avaliable/avideo.conf + + ServerName kids-tube.k.ngtech.co.il + ServerAlias kids-tube.ngtech.co.il + + DocumentRoot /var/www/AVideo + + + DirectoryIndex index.php + Options +FollowSymLinks + AllowOverride All + Require all granted + + + + + ServerName kids-tube.k.ngtech.co.il + ServerAlias kids-tube.ngtech.co.il + DocumentRoot /var/www/AVideo + + ErrorLog logs/ssl_error_log + TransferLog logs/ssl_access_log + LogLevel warn + + SSLEngine on + + SSLHonorCipherOrder on + SSLCipherSuite PROFILE=SYSTEM + SSLProxyCipherSuite PROFILE=SYSTEM + SSLCertificateFile /etc/ssl/local/localhost.crt + SSLCertificateKeyFile /etc/ssl/local/localhost.key + #SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt + #SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt + + + SSLOptions +StdEnvVars + + + SSLOptions +StdEnvVars + + +BrowserMatch "MSIE [2-5]" \ + nokeepalive ssl-unclean-shutdown \ + downgrade-1.0 force-response-1.0 + +# Per-Server Logging: +# The home of a custom SSL log file. Use this when you want a +# compact non-error SSL logfile on a virtual host basis. +CustomLog logs/ssl_request_log \ + "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" + + + DirectoryIndex index.php + Options +FollowSymLinks + AllowOverride All + Require all granted + + + +EOF + +cd /etc/httpd/sites-enabled && ln -s ../sites-avaliable/avideo.conf && cd - + +httpd -t +httpd -S + +systemctl enable httpd +systemctl start httpd + +dnf install -y php php-cli php-fpm php-curl php-mysqlnd php-gd php-readline php-mbstring php-apcu php-xml php-dom php-opcache php-zip php-intl php-common php-bcmath php-json +dnf install -y perl-Image-ExifTool + +sed -i -e "s@^post_max_size.*@post_max_size = 1024M@g" \ + -e "s@^upload_max_filesize.*@upload_max_filesize = 1024M@g" \ + -e "s@^memory_limit.*@memory_limit = 1024M@g" \ + -e "s@^max_execution_time.*@max_execution_time = 7200@g" /etc/php.ini +sed -i -e "s@^\;env\[PATH\]@env[PATH]@g" /etc/php-fpm.d/www.conf + +systemctl start php-fpm +systemctl enable php-fpm + +dnf module reset -y mariadb +dnf module enable -y mariadb:10.5 + +dnf install -y mariadb-server + +systemctl start mariadb +systemctl enable mariadb + + + +# Step 3: Create a database and user for avideo and avideoEncoder +echo "CREATE DATABASE avideo CHARACTER SET utf8 COLLATE utf8_general_ci;" | mysql -u root +echo "CREATE USER 'avideo'@'localhost' IDENTIFIED BY 'avideo';" | mysql -u root +echo "GRANT ALL PRIVILEGES ON avideo.* TO 'avideo'@'localhost';" | mysql -u root +echo "FLUSH PRIVILEGES;" | mysql -u root + +echo "CREATE DATABASE avideoEncoder CHARACTER SET utf8 COLLATE utf8_general_ci;" | mysql -u root +echo "CREATE USER 'avideoEncoder'@'localhost' IDENTIFIED BY 'avideoEncoder';" | mysql -u root +echo "GRANT ALL PRIVILEGES ON avideoEncoder.* TO 'avideoEncoder'@'localhost';" | mysql -u root +echo "FLUSH PRIVILEGES;" | mysql -u root + +echo "CREATE DATABASE AVideoResources CHARACTER SET utf8 COLLATE utf8_general_ci;" | mysql -u root +echo "CREATE USER 'AVideoResources'@'localhost' IDENTIFIED BY 'AVideoResources';" | mysql -u root +echo "GRANT ALL PRIVILEGES ON AVideoResources.* TO 'AVideoResources'@'localhost';" | mysql -u root +echo "FLUSH PRIVILEGES;" | mysql -u root + + +# Step 4: Install Avideo +mkdir -p /var/www/src + +git clone --depth 1 https://github.com/WWBN/AVideo.git /var/www/AVideo + +git clone --depth 1 https://github.com/WWBN/AVideo-Encoder.git /var/www/AVideo-Encoder + +chown -R apache:apache /var/www/ +find /var/www/ -type d -exec chmod 775 {} \; +find /var/www/ -type f -exec chmod 664 {} \; + +systemctl restart httpd + +firewall-cmd --add-service=http --permanent +firewall-cmd --add-service=https --permanent +firewall-cmd --add-service=mysql --permanent + +firewall-cmd --reload + + +# Install ffmpeg +#https://johnvansickle.com/ffmpeg/releases/ffmpeg-release-amd64-static.tar.xz + + +stat /opt/src/ffmpeg-release-amd64-static.tar.xz || wget https://johnvansickle.com/ffmpeg/releases/ffmpeg-release-amd64-static.tar.xz -O /opt/src/ffmpeg-release-amd64-static.tar.xz +tar xvf /opt/src/ffmpeg-release-amd64-static.tar.xz -C /opt/src/ +cp -v /opt/src/ffmpeg-*amd64-static/{ffmpeg,ffprobe,qt-faststart} /usr/local/bin/ diff --git a/sync_shared b/sync_shared new file mode 100644 index 0000000..d3f5a12 --- /dev/null +++ b/sync_shared @@ -0,0 +1 @@ + diff --git a/vmcpu b/vmcpu new file mode 100644 index 0000000..e0e1028 --- /dev/null +++ b/vmcpu @@ -0,0 +1 @@ +4 diff --git a/vmmem b/vmmem new file mode 100644 index 0000000..9a086b7 --- /dev/null +++ b/vmmem @@ -0,0 +1 @@ +4096 diff --git a/vmname b/vmname new file mode 100644 index 0000000..6bacdc0 --- /dev/null +++ b/vmname @@ -0,0 +1 @@ +051-NgTech-K-KidsTube-20231010 \ No newline at end of file