forked from littlebizzy/slickstack
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ss-update-modules.txt
391 lines (301 loc) · 21.1 KB
/
ss-update-modules.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
#!/bin/bash
####################################################################################################
#### author: SlickStack ############################################################################
#### link: https://slickstack.io ###################################################################
#### mirror: https://mirrors.slickstack.io/bash/ss-update-modules.txt ##############################
#### path: /var/www/ss-update-modules ##############################################################
#### destination: n/a (not a boilerplate) ##########################################################
#### purpose: Updates and cleans up required Ubuntu packages including the Linux kernel ############
#### module version: Ubuntu 20.04 LTS ##############################################################
#### sourced by: ss-update #########################################################################
#### bash aliases: ss update|upgrade packages, ss update|upgrade modules ###########################
####################################################################################################
## YOU CAN SAFELY RUN SS-UPDATE WITH NO CHANGES TO YOUR LEMP MODULE CONFIGURATION FILES ##
## IN CASE YOU ACCIDENTALLY OVERWRITE CONFIG FILES SIMPLY RUN SS-INSTALL AGAIN ##
## source ss-config ##
source /var/www/ss-config
## source ss-functions ##
source /var/www/ss-functions
## BELOW THIS RELIES ON SS-CONFIG AND SS-FUNCTIONS
####################################################################################################
#### SS-Update-Packages: Message (Begin Script) ####################################################
####################################################################################################
## this is a simple message that announces to the shell the purpose of this bash script ##
## it will only be noticed by sudo users who manually call ss core bash scripts ##
## echo message ##
echo -e "${PURPLE}Running ss-update-packages: Updates and cleans up required Ubuntu packages including the Linux kernel... ${NOCOLOR}"
sleep "$SLEEP_MESSAGE_BEGIN"
####################################################################################################
#### SS-Update: Message (Begin Script) #############################################################
####################################################################################################
## this is a simple message that announces to the shell the purpose of this bash script ##
## it will only be noticed by sudo users who manually call ss core bash scripts ##
## echo message ##
# echo -e "${PURPLE}Running ss-update: Updates ss-config file, root crontab, Ubuntu packages, Linux kernel, and CMS... ${NOCOLOR}"
# sleep "$SLEEP_MESSAGE_BEGIN"
####################################################################################################
#### SS-Update: Backup MySQL Database Before Proceeding ############################################
####################################################################################################
## here we first dump the live production database to /var/www/meta/ before proceeding ##
## this ensures a recent backup exists in case any database corruption occurs ##
## run ss-dump-database ##
source /var/www/ss-dump-database
####################################################################################################
#### SS-Update: Retrieve Latest SS-Check + SS-Worker (Core Bash Scripts) ###########################
####################################################################################################
## here we run ss-check and ss-worker in case ss core cron jobs have not been running ##
## this ensures that all ss core bash scripts are updated before proceeding ##
## run ss-check and ss-worker ##
source /var/www/ss-check
source /var/www/ss-worker
source /var/www/ss-check
####################################################################################################
#### SS-Update: Install SlickStack (Root) Crontab ##################################################
####################################################################################################
## because the crontab is so critical we reinstall it anytime that ss-update is executed ##
## ss-install is the only other time that the crontab is automatically installed ##
## run ss-install-ubuntu-crontab ##
source "$PATH_SS_INSTALL_UBUNTU_CRONTAB"
####################################################################################################
#### SS-Update-Packages: Purge Irrelevant Ubuntu Packages ##########################################
####################################################################################################
## uninstall expect (no longer used for ss-install-mysql) ##
apt purge expect
####################################################################################################
#### SS-Update: Set Dpkg Basic Settings + Update Apt (Package) Cache ###############################
####################################################################################################
## for smoother execution and to avoid conflicts we set dpkg to noninteractive/confold ##
## it is much better to run ss-update instead of calling apt get upgrade manually ##
## set confold as dpkg default (fail-safe in case apt upgrade called directly) ##
DEBIAN_FRONTEND=noninteractive dpkg --configure -a --force-confold
####################################################################################################
#### SS-Install: Configure MySQL Users + Connections (Supports IPv4 + IPv6) ########################
####################################################################################################
## THIS IS REQUIRED BECAUSE NEW SS-CONFIG TEMPLATE SWITCHED TO 127.0.0.1 DATABASE HOST ##
## delete/move/improve this snippet
## prepare MySQL root password (suppresses MySQL security warnings) ##
export MYSQL_PWD=$DB_PASSWORD_ROOT
## create root user (required before granting privileges after MySQL 8.0) ##
mysql -uroot -p${DB_PASSWORD_ROOT} -e "CREATE USER 'root'@'localhost' IDENTIFIED BY '${DB_PASSWORD_ROOT}';"
mysql -uroot -p${DB_PASSWORD_ROOT} -e "CREATE USER 'root'@'127.0.0.1' IDENTIFIED BY '${DB_PASSWORD_ROOT}';"
mysql -uroot -p${DB_PASSWORD_ROOT} -e "CREATE USER 'root'@'::1' IDENTIFIED BY '${DB_PASSWORD_ROOT}';"
## grant root user all privileges on wordpress database (all connections) ##
mysql -uroot -p${DB_PASSWORD_ROOT} -e "GRANT ALL PRIVILEGES ON ${DB_NAME}.* TO 'root'@'localhost';"
mysql -uroot -p${DB_PASSWORD_ROOT} -e "GRANT ALL PRIVILEGES ON ${DB_NAME}.* TO 'root'@'127.0.0.1';"
mysql -uroot -p${DB_PASSWORD_ROOT} -e "GRANT ALL PRIVILEGES ON ${DB_NAME}.* TO 'root'@'::1';"
## create database user as per ss-config ##
mysql -uroot -p${DB_PASSWORD_ROOT} -e "CREATE USER '${DB_USER}'@'localhost' IDENTIFIED BY '${DB_PASSWORD}';"
mysql -uroot -p${DB_PASSWORD_ROOT} -e "CREATE USER '${DB_USER}'@'127.0.0.1' IDENTIFIED BY '${DB_PASSWORD}';"
mysql -uroot -p${DB_PASSWORD_ROOT} -e "CREATE USER '${DB_USER}'@'::1' IDENTIFIED BY '${DB_PASSWORD}';"
## grant database user all privileges on wordpress database only (all connections) ##
mysql -uroot -p${DB_PASSWORD_ROOT} -e "GRANT ALL PRIVILEGES ON ${DB_NAME}.* TO '${DB_USER}'@'localhost';"
mysql -uroot -p${DB_PASSWORD_ROOT} -e "GRANT ALL PRIVILEGES ON ${DB_NAME}.* TO '${DB_USER}'@'127.0.0.1';"
mysql -uroot -p${DB_PASSWORD_ROOT} -e "GRANT ALL PRIVILEGES ON ${DB_NAME}.* TO '${DB_USER}'@'::1';"
## flush MySQL privileges ##
mysql --user=root --execute="FLUSH PRIVILEGES;"
####################################################################################################
#### SS-Update: Install CMS (WordPress, PrestaShop, MediaWiki, Etc) ################################
####################################################################################################
## SNIPPET: ss-install, ss-update
## this snippet fetches the latest stable version of WordPress from SlickStack mirrors ##
## major CMS releases (unpatched) are never considered stable for our purposes ##
if [[ "$SS_APP" == "wordpress" || -z "$SS_APP" ]]; then
## run ss-install-wordpress-core ##
source "$PATH_SS_INSTALL_WORDPRESS_CORE"
## here we retrieve latest wp-config.php boilerplate and customize per ss-config settings ##
## you should never make changes directly to wp-config.php in SlickStack servers ##
## run ss-install-wordpress-config ##
source "$PATH_SS_INSTALL_WORDPRESS_CONFIG"
## this will install the designated MU plugins and also Custom Functions and Object Cache ##
## with a few exceptions these can all be customized using ss-config settings ##
## run ss-install-wordpress-mu-plugins ##
source "$PATH_SS_INSTALL_WORDPRESS_MU_PLUGINS"
## run ss-install-wordpress-cli ##
source "$PATH_SS_INSTALL_WORDPRESS_CLI"
fi
## this snippet fetches the latest stable version of PrestaShop from SlickStack mirrors ##
## major CMS releases (unpatched) are never considered stable for our purposes ##
if [[ "$SS_APP" == "prestashop" ]]; then
## run ss-install-prestashop-core ##
source "$PATH_SS_INSTALL_PRESTASHOP_CORE"
## run ss-install-prestashop-config ##
source "$PATH_SS_INSTALL_PRESTASHOP_CONFIG"
fi
## this snippet fetches the latest stable version of MediaWiki from SlickStack mirrors ##
## major CMS releases (unpatched) are never considered stable for our purposes ##
if [[ "$SS_APP" == "mediawiki" ]]; then
## run ss-install-mediawiki-core ##
source "$PATH_SS_INSTALL_MEDIAWIKI_CORE"
## run ss-install-mediawiki-config ##
source "$PATH_SS_INSTALL_MEDIAWIKI_CONFIG"
fi
####################################################################################################
#### SS-Update-Packages: Upgrade Ubuntu Packages + Linux Kernel ####################################
####################################################################################################
## the main purpose of ss-update is to upgrade all currently installed Ubuntu packages ##
## we use apt full-upgrade (not apt-get) in order to upgrade the Linux kernel ##
## temporarily disable UFW Firewall ##
ufw --force disable
## clean Ubuntu packages ##
apt clean
## update Ubuntu repo cache ##
apt update
## upgrade installed Ubuntu packages (LEMP modules) + Linux kernel (apt feature) ##
apt full-upgrade
## autoremove unused Ubuntu packages ##
apt autoremove
## autoclean Ubuntu packages ##
# apt autoclean
####################################################################################################
#### SS-Update: Configure UFW Firewall + Set UFW Rules (In Case Apt Overwrites UFW Files) ##########
####################################################################################################
## at least one case reported where ss-update resulted in UFW config being overwritten ##
## therefore we include this reinstallation of UFW to ensure no port lockouts ##
## delete tmp files ##
rm /tmp/ufw*
rm /tmp/user*
## install UFW firewall ##
apt install ufw
## set UFW rules ##
ufw default deny incoming
ufw default allow outgoing
ufw allow $SSH_PORT
ufw allow 80
ufw allow 443
ufw allow 6379
## re-enable UFW Firewall (prevously disabled above) ##
ufw --force enable
echo "y" | ufw enable
# retrieve latest versions ##
wget -O /tmp/ufw http://mirrors.slickstack.io/ufw-firewall/ufw.txt
wget -O /tmp/ufw.conf http://mirrors.slickstack.io/ufw-firewall/ufw-conf.txt
wget -O /tmp/user.rules http://mirrors.slickstack.io/ufw-firewall/user-rules.txt
if [[ -z "$SSH_PORT" ]]; then
sed -i "s/@SSH_PORT/6969/g" /tmp/user.rules
else
sed -i "s/@SSH_PORT/${SSH_PORT}/g" /tmp/user.rules
fi
## copy files to their destinations ##
cp /tmp/ufw /etc/default/ufw
cp /tmp/ufw.conf /etc/ufw/ufw.conf
cp /tmp/user.rules /etc/ufw/user.rules
## reset permissions ##
chown root:root /etc/default/ufw
chown root:root /etc/ufw/ufw.conf
chown root:root /etc/ufw/user.rules
chmod 0664 /etc/default/ufw
chmod 0664 /etc/ufw/ufw.conf
chmod 0664 /etc/ufw/user.rules
## delete tmp files ##
rm /tmp/ufw*
rm /tmp/user*
####################################################################################################
#### SS-Update: Reset Permissions (All Permissions) ################################################
####################################################################################################
## intuitively resets all file and user permissions across the entire SlickStack server ##
## depending on the CMS installed it will also reset those permissions as well ##
## run ss-perms ##
# source /var/www/ss-perms
####################################################################################################
#### SS-Update-Packages: Restart Modules (All Modules) #############################################
####################################################################################################
## this script is using init.d instead of systemd shortcuts to allow for absolute paths ##
## we are looking into including other snippets here such as unmasking (etc) ##
## run ss-restart-php ##
source "$PATH_SS_RESTART_PHP"
## run ss-restart-nginx ##
source "$PATH_SS_RESTART_NGINX"
## run ss-restart-mysql ##
source "$PATH_SS_RESTART_MYSQL"
## run ss-restart-redis ##
source "$PATH_SS_RESTART_REDIS"
####################################################################################################
#### SS-Update-Modules: Touch Timestamp File (End Script) ##########################################
####################################################################################################
## this is a dummy timestamp file that will remember the last time this script was run ##
## it can be useful for developer reference and is sometimes used by SlickStack ##
## script timestamp ##
touch "$TIMESTAMP_SS_UPDATE_MODULES"
####################################################################################################
#### SlickStack: External References Used To Improve This Script (Thanks, Interwebz) ###############
####################################################################################################
## Ref: https://linux.die.net/man/8/apt-get
## Ref: https://askubuntu.com/questions/1112555/is-apt-dist-upgrade-not-necessary-anymore
## Ref: https://unix.stackexchange.com/questions/467552/reboot-over-ssh/467996#467996
## Ref: https://askubuntu.com/questions/254129/how-to-display-all-apt-get-dpkgoptions-and-their-current-values
## Ref: https://serverfault.com/questions/48724/100-non-interactive-debian-dist-upgrade
## Ref: https://askubuntu.com/questions/938359/apt-get-install-remove-update-upgrade-via-cron-job
## Ref: http://manpages.ubuntu.com/manpages/trusty/man8/apt.8.html
## Ref: https://www.debian.org/doc/manuals/apt-guide/index.en.html
## Ref: https://serverfault.com/questions/478461/how-to-install-packages-with-apt-without-user-interaction
## Ref: https://serverfault.com/questions/644180/what-does-qq-argument-for-apt-get-mean
## Ref: https://superuser.com/questions/1438031/ubuntu-18-command-apt-get-dist-upgrade-qq-force-yes-deprecated
## Ref: https://superuser.com/questions/1412054/non-interactive-apt-upgrade
## Ref: https://serverfault.com/questions/227190/how-do-i-ask-apt-get-to-skip-any-interactive-post-install-configuration-steps
## Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1253351
## Ref: https://kb.cloudberrylab.com/backup-mac-linux/silent-install-macos-and-linux-builds
## Ref: https://unix.stackexchange.com/questions/32533/debian-how-to-delay-configuration-when-installing-upgrading
## Ref: https://raymii.org/s/tutorials/Silent-automatic-apt-get-upgrade.html
## Ref: https://unix.stackexchange.com/questions/138504/setting-path-vs-exporting-path-in-bash-profile
## Ref: https://askubuntu.com/questions/578568/path-error-in-ubuntu
## Ref: https://stackoverflow.com/questions/38977713/what-is-snap-bin-directory-in-path-can-i-remove-it-from-path
## Ref: https://askubuntu.com/questions/1121495/add-snap-bin-to-path-used-by-systemd
## Ref: https://askubuntu.com/questions/163200/e-dpkg-was-interrupted-run-sudo-dpkg-configure-a
## Ref: https://stackoverflow.com/questions/1305237/how-to-list-variables-declared-in-script-in-bash
## Ref: https://stackoverflow.com/questions/32739572/bash-search-and-replace-value-of-a-variable-inside-a-file
## Ref: https://askubuntu.com/questions/76808/how-do-i-use-variables-in-a-sed-command
## Ref: https://unix.stackexchange.com/questions/69112/how-can-i-use-variables-in-the-lhs-and-rhs-of-a-sed-substitution
## Ref: https://stackoverflow.com/questions/19151954/how-to-use-variables-in-a-command-in-sed
## Ref: https://unix.stackexchange.com/questions/47584/in-a-bash-script-using-the-conditional-or-in-an-if-statement
## Ref: https://stackoverflow.com/questions/11287861/how-to-check-if-a-file-contains-a-specific-string-using-bash
## Ref: https://stackoverflow.com/questions/25564051/how-to-compare-grep-result-with-a-variable
## Ref: https://stackoverflow.com/questions/26458121/grep-a-specific-string-from-bash-script-and-compare
## Ref: https://unix.stackexchange.com/questions/372733/get-output-and-return-value-of-grep-in-single-operation-in-bash
## Ref: https://stackoverflow.com/questions/18789907/read-values-from-configuration-file-and-use-in-shell-script
## Ref: https://stackoverflow.com/questions/38385963/sed-replacing-string-with-quotation-marks
## Ref: https://github.com/littlebizzy/slickstack/issues/36
## Ref: http://manpages.ubuntu.com/manpages/bionic/man1/date.1.html
## Ref: https://crunchify.com/shell-script-append-timestamp-to-file-name/
## Ref: https://stackoverflow.com/questions/6946677/grep-with-quotation-mark
## Ref: https://unix.stackexchange.com/questions/48535/can-grep-return-true-false-or-are-there-alternative-methods
## Ref: https://www.cyberciti.biz/faq/can-i-delete-var-cache-apt-archives-for-ubuntu-debian-linux/
## Ref: https://linux.die.net/man/8/apt-get
## Ref: https://askubuntu.com/questions/1112555/is-apt-dist-upgrade-not-necessary-anymore
## Ref: https://unix.stackexchange.com/questions/467552/reboot-over-ssh/467996#467996
## Ref: https://askubuntu.com/questions/254129/how-to-display-all-apt-get-dpkgoptions-and-their-current-values
## Ref: https://serverfault.com/questions/48724/100-non-interactive-debian-dist-upgrade
## Ref: https://askubuntu.com/questions/938359/apt-get-install-remove-update-upgrade-via-cron-job
## Ref: http://manpages.ubuntu.com/manpages/trusty/man8/apt.8.html
## Ref: https://www.debian.org/doc/manuals/apt-guide/index.en.html
## Ref: https://serverfault.com/questions/478461/how-to-install-packages-with-apt-without-user-interaction
## Ref: https://serverfault.com/questions/644180/what-does-qq-argument-for-apt-get-mean
## Ref: https://superuser.com/questions/1438031/ubuntu-18-command-apt-get-dist-upgrade-qq-force-yes-deprecated
## Ref: https://superuser.com/questions/1412054/non-interactive-apt-upgrade
## Ref: https://serverfault.com/questions/227190/how-do-i-ask-apt-get-to-skip-any-interactive-post-install-configuration-steps
## Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1253351
## Ref: https://kb.cloudberrylab.com/backup-mac-linux/silent-install-macos-and-linux-builds
## Ref: https://unix.stackexchange.com/questions/32533/debian-how-to-delay-configuration-when-installing-upgrading
## Ref: https://raymii.org/s/tutorials/Silent-automatic-apt-get-upgrade.html
## Ref: https://unix.stackexchange.com/questions/138504/setting-path-vs-exporting-path-in-bash-profile
## Ref: https://askubuntu.com/questions/578568/path-error-in-ubuntu
## Ref: https://stackoverflow.com/questions/38977713/what-is-snap-bin-directory-in-path-can-i-remove-it-from-path
## Ref: https://askubuntu.com/questions/1121495/add-snap-bin-to-path-used-by-systemd
## Ref: https://askubuntu.com/questions/163200/e-dpkg-was-interrupted-run-sudo-dpkg-configure-a
## Ref: https://stackoverflow.com/questions/1305237/how-to-list-variables-declared-in-script-in-bash
## Ref: https://stackoverflow.com/questions/32739572/bash-search-and-replace-value-of-a-variable-inside-a-file
## Ref: https://askubuntu.com/questions/76808/how-do-i-use-variables-in-a-sed-command
## Ref: https://unix.stackexchange.com/questions/69112/how-can-i-use-variables-in-the-lhs-and-rhs-of-a-sed-substitution
## Ref: https://stackoverflow.com/questions/19151954/how-to-use-variables-in-a-command-in-sed
## Ref: https://unix.stackexchange.com/questions/47584/in-a-bash-script-using-the-conditional-or-in-an-if-statement
## Ref: https://stackoverflow.com/questions/11287861/how-to-check-if-a-file-contains-a-specific-string-using-bash
## Ref: https://stackoverflow.com/questions/25564051/how-to-compare-grep-result-with-a-variable
## Ref: https://stackoverflow.com/questions/26458121/grep-a-specific-string-from-bash-script-and-compare
## Ref: https://unix.stackexchange.com/questions/372733/get-output-and-return-value-of-grep-in-single-operation-in-bash
## Ref: https://stackoverflow.com/questions/18789907/read-values-from-configuration-file-and-use-in-shell-script
## Ref: https://stackoverflow.com/questions/38385963/sed-replacing-string-with-quotation-marks
## Ref: https://github.com/littlebizzy/slickstack/issues/36
## Ref: http://manpages.ubuntu.com/manpages/bionic/man1/date.1.html
## Ref: https://crunchify.com/shell-script-append-timestamp-to-file-name/
## Ref: https://stackoverflow.com/questions/6946677/grep-with-quotation-mark
## Ref: https://unix.stackexchange.com/questions/48535/can-grep-return-true-false-or-are-there-alternative-methods
## SS_EOF