From 3a124c2b6fdf822f9cd0cd4786c1f567912462ef Mon Sep 17 00:00:00 2001 From: Eliezer Croitoru Date: Wed, 18 Oct 2023 04:04:28 +0300 Subject: [PATCH] 1 --- .gitattributes | 2 + .gitignore | 1 + Vagrantfile | 75 ++++++++++++++++ box | 1 + hostname | 1 + net | 1 + provider | 1 + shared/init.sh | 234 +++++++++++++++++++++++++++++++++++++++++++++++++ sync_shared | 1 + vmcpu | 1 + vmmem | 1 + vmname | 1 + 12 files changed, 320 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 Vagrantfile create mode 100644 box create mode 100644 hostname create mode 100644 net create mode 100644 provider create mode 100644 shared/init.sh create mode 100644 sync_shared create mode 100644 vmcpu create mode 100644 vmmem create mode 100644 vmname diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..0d1d13f --- /dev/null +++ b/.gitattributes @@ -0,0 +1,2 @@ +*.sh text eol=lf +Vagrantfile text eol=lf \ No newline at end of file diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..71b95ef --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.vagrant/ diff --git a/Vagrantfile b/Vagrantfile new file mode 100644 index 0000000..6dd7d4e --- /dev/null +++ b/Vagrantfile @@ -0,0 +1,75 @@ + +$ENALBE_SYNC_FOLDER = false + +$ENALBE_SYNC_FOLDER = true if File.exist?("sync_shared") + +$HOST_NET = File.readlines('net').first.chomp +$VM_NAME = File.readlines('vmname').first.chomp +$VM_MEM = File.readlines('vmmem').first.chomp.to_i +$VM_VCPU = File.readlines('vmcpu').first.chomp.to_i + +$BOX = File.readlines('box').first.chomp + +$PROVIDER = File.readlines('provider').first.chomp + +$HOSTNAME = File.readlines('hostname').first.chomp + +if $PROVIDER =~ /hyperv|virtualbox/ + ENV["VAGRANT_DEFAULT_PROVIDER"] = $PROVIDER +end + +# Will not work on Hyper-V +#$VM_DISK_SIZE = File.readlines('disksize').first.chomp + + +$PROVISION_SSH_KEY_SCRIPT=<> /root/.ssh/authorized_keys +chmod 0600 /root/.ssh/authorized_keys +chown root:root -R /root/.ssh +mkdir -p /home/vagrant/.ssh +chmod 0700 /home/vagrant/.ssh +echo /home/vagrant/.ssh/vagrant.pub >> /home/vagrant/.ssh/authorized_keys +chmod 0600 /home/vagrant/.ssh/authorized_keys +chown vagrant:vagrant -R /home/vagrant/.ssh +EOF + + +Vagrant.configure("2") do |config| + config.vm.box = $BOX + +## Remember to generate the vagrant private key. +## ssh-keygen -f C:\Users\eliezer\.ssh\vagrant + + config.ssh.insert_key = false + config.ssh.private_key_path = ['~/.ssh/vagrant', '~/.vagrant.d/insecure_private_key' ] + + config.vm.provider "hyperv" do |hv, override| + hv.vmname = $VM_NAME + hv.maxmemory = $VM_MEM + hv.memory = $VM_MEM + hv.cpus = $VM_VCPU + override.vm.allowed_synced_folder_types = [:rsync] + end + + config.vm.network "public_network", bridge: $HOST_NET + + config.vm.synced_folder ".", "/vagrant", disabled: true + +if $ENALBE_SYNC_FOLDER == true + config.vm.synced_folder "shared/", "/vagrant", type: "rsync" +end + + config.vm.provision "file", source: "~/.ssh/vagrant.pub", destination: "/home/vagrant/.ssh/vagrant.pub" + config.vm.provision 'shell', inline: $PROVISION_SSH_KEY_SCRIPT + +if $ENALBE_SYNC_FOLDER == true + config.vm.provision 'shell', inline: "stat /vagrant/init.sh && cd /vagrant && bash init.sh;true" +end + +if not $HOSTNAME.empty? + config.vm.provision 'shell', inline: "hostnamectl set-hostname #{$HOSTNAME}" +end + +end diff --git a/box b/box new file mode 100644 index 0000000..0e604fc --- /dev/null +++ b/box @@ -0,0 +1 @@ +generic/alma9 diff --git a/hostname b/hostname new file mode 100644 index 0000000..6bacdc0 --- /dev/null +++ b/hostname @@ -0,0 +1 @@ +051-NgTech-K-KidsTube-20231010 \ No newline at end of file diff --git a/net b/net new file mode 100644 index 0000000..3ce4ea7 --- /dev/null +++ b/net @@ -0,0 +1 @@ +VMs_OUT \ No newline at end of file diff --git a/provider b/provider new file mode 100644 index 0000000..9b2644f --- /dev/null +++ b/provider @@ -0,0 +1 @@ +hyperv diff --git a/shared/init.sh b/shared/init.sh new file mode 100644 index 0000000..c3359ca --- /dev/null +++ b/shared/init.sh @@ -0,0 +1,234 @@ +#!/usr/bin/env bash + +mkdir -p /opt/src/ + +# Adding local path to PATH +cd ~/ +touch .bash_profile +echo 'export PATH=$PATH:/usr/local/bin:/usr/local/sbin:' >> .bash_profile +source ~/.bash_profile + +# Disable SELINUX +setenforce 0 +sed -i -e "s@SELINUX=.*@SELINUX=disabled@g" /etc/selinux/config + +# Adding sysctl configs +cat > /etc/sysctl.d/10-avideo.conf < /etc/cron.d/youtube-dl < /dev/null +@daily python -m pip install --upgrade yt-dlp > /dev/null +EOF + +# Step 2: Install LAMP stack +dnf install -y httpd mod_ssl httpd-tools + +sed -i -e "s@AllowOverride\ None@AllowOverride All@g" /etc/httpd/conf/httpd.conf + +mv -v /etc/httpd/conf.d/welcome.conf /etc/httpd/conf.d/welcome.conf.disabled +cp -v /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf.original + +cat < /etc/httpd/conf.d/ssl.conf +Listen 443 https + +SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog + +SSLSessionCache shmcb:/run/httpd/sslcache(512000) +SSLSessionCacheTimeout 300 + +SSLCryptoDevice builtin +#SSLCryptoDevice ubsec +EOF + +mkdir -pv /etc/httpd/sites-enabled +mkdir -pv /etc/httpd/sites-avaliable + +egrep "^IncludeOptional\ sites\-enabled\/\*\.conf" /etc/httpd/conf/httpd.conf || \ +echo 'IncludeOptional sites-enabled/*.conf' >> /etc/httpd/conf/httpd.conf +httpd -t +httpd -S + +## Gen certs + +mkdir -p /etc/ssl/local + +openssl req -nodes -x509 -sha256 -newkey rsa:4096 \ + -keyout /etc/ssl/local/localhost.key \ + -out /etc/ssl/local/localhost.crt \ + -days 3560 \ + -subj "/C=IL/ST=Shomron/L=Karney Shomron/O=NgTech LTD/OU=IT/CN=020-NgTech-K-AVideo-Encoder" \ + -addext "subjectAltName = DNS:localhost,DNS:020-NgTech-K-AVideo-Encoder.k.ngtech.co.il,DNS:*.k.ngtech.co.il,DNS:*.ngtech.co.il" + + +## Setup vhosts +cat < /etc/httpd/sites-avaliable/avideo.conf + + ServerName kids-tube.k.ngtech.co.il + ServerAlias kids-tube.ngtech.co.il + + DocumentRoot /var/www/AVideo + + + DirectoryIndex index.php + Options +FollowSymLinks + AllowOverride All + Require all granted + + + + + ServerName kids-tube.k.ngtech.co.il + ServerAlias kids-tube.ngtech.co.il + DocumentRoot /var/www/AVideo + + ErrorLog logs/ssl_error_log + TransferLog logs/ssl_access_log + LogLevel warn + + SSLEngine on + + SSLHonorCipherOrder on + SSLCipherSuite PROFILE=SYSTEM + SSLProxyCipherSuite PROFILE=SYSTEM + SSLCertificateFile /etc/ssl/local/localhost.crt + SSLCertificateKeyFile /etc/ssl/local/localhost.key + #SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt + #SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt + + + SSLOptions +StdEnvVars + + + SSLOptions +StdEnvVars + + +BrowserMatch "MSIE [2-5]" \ + nokeepalive ssl-unclean-shutdown \ + downgrade-1.0 force-response-1.0 + +# Per-Server Logging: +# The home of a custom SSL log file. Use this when you want a +# compact non-error SSL logfile on a virtual host basis. +CustomLog logs/ssl_request_log \ + "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" + + + DirectoryIndex index.php + Options +FollowSymLinks + AllowOverride All + Require all granted + + + +EOF + +cd /etc/httpd/sites-enabled && ln -s ../sites-avaliable/avideo.conf && cd - + +httpd -t +httpd -S + +systemctl enable httpd +systemctl start httpd + +dnf install -y php php-cli php-fpm php-curl php-mysqlnd php-gd php-readline php-mbstring php-apcu php-xml php-dom php-opcache php-zip php-intl php-common php-bcmath php-json +dnf install -y perl-Image-ExifTool + +sed -i -e "s@^post_max_size.*@post_max_size = 1024M@g" \ + -e "s@^upload_max_filesize.*@upload_max_filesize = 1024M@g" \ + -e "s@^memory_limit.*@memory_limit = 1024M@g" \ + -e "s@^max_execution_time.*@max_execution_time = 7200@g" /etc/php.ini +sed -i -e "s@^\;env\[PATH\]@env[PATH]@g" /etc/php-fpm.d/www.conf + +systemctl start php-fpm +systemctl enable php-fpm + +dnf module reset -y mariadb +dnf module enable -y mariadb:10.5 + +dnf install -y mariadb-server + +systemctl start mariadb +systemctl enable mariadb + + + +# Step 3: Create a database and user for avideo and avideoEncoder +echo "CREATE DATABASE avideo CHARACTER SET utf8 COLLATE utf8_general_ci;" | mysql -u root +echo "CREATE USER 'avideo'@'localhost' IDENTIFIED BY 'avideo';" | mysql -u root +echo "GRANT ALL PRIVILEGES ON avideo.* TO 'avideo'@'localhost';" | mysql -u root +echo "FLUSH PRIVILEGES;" | mysql -u root + +echo "CREATE DATABASE avideoEncoder CHARACTER SET utf8 COLLATE utf8_general_ci;" | mysql -u root +echo "CREATE USER 'avideoEncoder'@'localhost' IDENTIFIED BY 'avideoEncoder';" | mysql -u root +echo "GRANT ALL PRIVILEGES ON avideoEncoder.* TO 'avideoEncoder'@'localhost';" | mysql -u root +echo "FLUSH PRIVILEGES;" | mysql -u root + +echo "CREATE DATABASE AVideoResources CHARACTER SET utf8 COLLATE utf8_general_ci;" | mysql -u root +echo "CREATE USER 'AVideoResources'@'localhost' IDENTIFIED BY 'AVideoResources';" | mysql -u root +echo "GRANT ALL PRIVILEGES ON AVideoResources.* TO 'AVideoResources'@'localhost';" | mysql -u root +echo "FLUSH PRIVILEGES;" | mysql -u root + + +# Step 4: Install Avideo +mkdir -p /var/www/src + +git clone --depth 1 https://github.com/WWBN/AVideo.git /var/www/AVideo + +git clone --depth 1 https://github.com/WWBN/AVideo-Encoder.git /var/www/AVideo-Encoder + +chown -R apache:apache /var/www/ +find /var/www/ -type d -exec chmod 775 {} \; +find /var/www/ -type f -exec chmod 664 {} \; + +systemctl restart httpd + +firewall-cmd --add-service=http --permanent +firewall-cmd --add-service=https --permanent +firewall-cmd --add-service=mysql --permanent + +firewall-cmd --reload + + +# Install ffmpeg +#https://johnvansickle.com/ffmpeg/releases/ffmpeg-release-amd64-static.tar.xz + + +stat /opt/src/ffmpeg-release-amd64-static.tar.xz || wget https://johnvansickle.com/ffmpeg/releases/ffmpeg-release-amd64-static.tar.xz -O /opt/src/ffmpeg-release-amd64-static.tar.xz +tar xvf /opt/src/ffmpeg-release-amd64-static.tar.xz -C /opt/src/ +cp -v /opt/src/ffmpeg-*amd64-static/{ffmpeg,ffprobe,qt-faststart} /usr/local/bin/ diff --git a/sync_shared b/sync_shared new file mode 100644 index 0000000..d3f5a12 --- /dev/null +++ b/sync_shared @@ -0,0 +1 @@ + diff --git a/vmcpu b/vmcpu new file mode 100644 index 0000000..e0e1028 --- /dev/null +++ b/vmcpu @@ -0,0 +1 @@ +4 diff --git a/vmmem b/vmmem new file mode 100644 index 0000000..9a086b7 --- /dev/null +++ b/vmmem @@ -0,0 +1 @@ +4096 diff --git a/vmname b/vmname new file mode 100644 index 0000000..6bacdc0 --- /dev/null +++ b/vmname @@ -0,0 +1 @@ +051-NgTech-K-KidsTube-20231010 \ No newline at end of file