Skip to content

Instantly share code, notes, and snippets.

@rochefort

rochefort/diff my.cnf my.cnf_20120502_061523

Created May 1, 2012 20:08
Show Gist options
  • Save rochefort/2571001 to your computer and use it in GitHub Desktop.
Save rochefort/2571001 to your computer and use it in GitHub Desktop.
Download ZIP
intializing for sakura VPS on CentOS release 6.2 (Final)
Raw
diff my.cnf my.cnf_20120502_061523
diff my.cnf my.cnf_20120502_061523
2,3d1
< character-set-server = utf8
< default-storage-engine=InnoDB
33d30
< character-set-server = utf8
37,48d33
< [mysqldump]
< character-set-server = utf8
< quick
< quote-names
< max_allowed_packet = 16M
<
< [mysql]
< auto-rehash
< character-set-server = utf8
<
< prompt='[\\d] \\R:\\m> '
< #prompt='\\u: [\\d] \\r:\\m> '
Raw
my.cnf
[mysqld]
character-set-server = utf8
default-storage-engine=InnoDB
# Settings user and group are ignored when systemd is used (fedora >= 15).
# If you need to run mysqld under different user or group,
# customize your systemd unit file for mysqld according to the
# instructions in http://fedoraproject.org/wiki/Systemd
user=mysql
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
# Semisynchronous Replication
# http://dev.mysql.com/doc/refman/5.5/en/replication-semisync.html
# uncomment next line on MASTER
;plugin-load=rpl_semi_sync_master=semisync_master.so
# uncomment next line on SLAVE
;plugin-load=rpl_semi_sync_slave=semisync_slave.so
# Others options for Semisynchronous Replication
;rpl_semi_sync_master_enabled=1
;rpl_semi_sync_master_timeout=10
;rpl_semi_sync_slave_enabled=1
# http://dev.mysql.com/doc/refman/5.5/en/performance-schema.html
;performance_schema
[mysqld_safe]
character-set-server = utf8
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
[mysqldump]
character-set-server = utf8
quick
quote-names
max_allowed_packet = 16M
[mysql]
auto-rehash
character-set-server = utf8
prompt='[\\d] \\R:\\m> '
#prompt='\\u: [\\d] \\r:\\m> '
Raw
nginx startup script
#!/bin/sh
#
# nginx - this script starts and stops the nginx daemon
#
# chkconfig: - 85 15
# description: Nginx is an HTTP(S) server, HTTP(S) reverse \
# proxy and IMAP/POP3 proxy server
# processname: nginx
# config: /etc/nginx/nginx.conf
# config: /etc/sysconfig/nginx
# pidfile: /var/run/nginx.pid
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0
nginx="/opt/nginx/sbin/nginx"
prog=$(basename $nginx)
sysconfig="/etc/sysconfig/$prog"
lockfile="/var/lock/subsys/nginx"
pidfile="/opt/nginx/logs/${prog}.pid"
#pidfile="/var/run/${prog}.pid"
NGINX_CONF_FILE="/etc/nginx/nginx.conf"
[ -f $sysconfig ] && . $sysconfig
start() {
[ -x $nginx ] || exit 5
[ -f $NGINX_CONF_FILE ] || exit 6
echo -n $"Starting $prog: "
daemon $nginx -c $NGINX_CONF_FILE
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
return $retval
}
stop() {
echo -n $"Stopping $prog: "
killproc -p $pidfile $prog
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}
restart() {
configtest_q || return 6
stop
start
}
reload() {
configtest_q || return 6
echo -n $"Reloading $prog: "
killproc -p $pidfile $prog -HUP
echo
}
configtest() {
$nginx -t -c $NGINX_CONF_FILE
}
configtest_q() {
$nginx -t -q -c $NGINX_CONF_FILE
}
rh_status() {
status $prog
}
rh_status_q() {
rh_status >/dev/null 2>&1
}
# Upgrade the binary with no downtime.
upgrade() {
local oldbin_pidfile="${pidfile}.oldbin"
configtest_q || return 6
echo -n $"Upgrading $prog: "
killproc -p $pidfile $prog -USR2
retval=$?
sleep 1
if [[ -f ${oldbin_pidfile} && -f ${pidfile} ]]; then
killproc -p $oldbin_pidfile $prog -QUIT
success $"$prog online upgrade"
echo
return 0
else
failure $"$prog online upgrade"
echo
return 1
fi
}
# Tell nginx to reopen logs
reopen_logs() {
configtest_q || return 6
echo -n $"Reopening $prog logs: "
killproc -p $pidfile $prog -USR1
retval=$?
echo
return $retval
}
case "$1" in
start)
rh_status_q && exit 0
$1
;;
stop)
rh_status_q || exit 0
$1
;;
restart|configtest|reopen_logs)
$1
;;
force-reload|upgrade)
rh_status_q || exit 7
upgrade
;;
reload)
rh_status_q || exit 7
$1
;;
status|status_q)
rh_$1
;;
condrestart|try-restart)
rh_status_q || exit 7
restart
;;
*)
echo $"Usage: $0 {start|stop|reload|configtest|status|force-reload|upgrade|restart|reopen_logs}"
exit 2
esac
Raw
sakura_vps_initialize.sh
#!/bin/sh
# intializing for sakura VPS on CentOS release 6.2 (Final)
##
# Global variables
##
CENT_OS_VERSION='CentOS release 6.2 (Final)'
USER='work user name'
PORT='10022'
MAIL='your email'
PUB_KEY='your ssh public key'
##
# private
##
_abort() {
echo "***************"
echo " ERR($1):${2}"
echo "***************"
exit $(($1))
}
_warn() {
echo "***************"
echo " WARN:${1}"
echo "***************"
}
_echo_and_exec() {
echo "-- ${1}"
$1
}
_backup_file() {
if [ -f $1 ]; then
cp -p $1 "${1}_$(date +%Y%m%d_%H%M%S)"
else
_warn "$1 is not found."
fi
}
_yumi() {
echo "-- yum install -y ${1}"
yum install -y $1
}
##
# procs
##
initialize() {
# check os version
local os_ver=$(cat /etc/redhat-release)
if [ "$os_ver" != "$CENT_OS_VERSION" ]; then
_abort 1 "${os_ver} is not supported."
fi
# check global variables
if [ "$USER" = '' -o "$PORT" = '' -o "$MAIL" = '' -o "$PUB_KEY" = '' ]; then
_abort 2 "Global variables are not specified. Check your script."
fi
clear
}
create_user() {
echo '-- change root password'
passwd
echo
echo "-- create user ${USER}"
useradd $USER
passwd $USER
usermod -G wheel $USER
_echo_and_exec "id ${USER}"
}
# add: auth required pam_wheel.so use_uid
# http://www.usupi.org/sysad/105.html
change_pamd_su() {
local file=/etc/pam.d/su
_backup_file $file
cat << EOS > $file 2>&1
auth sufficient pam_rootok.so
auth required pam_wheel.so use_uid
auth include system-auth
account sufficient pam_succeed_if.so uid = 0 use_uid quiet
account include system-auth
password include system-auth
session include system-auth
session optional pam_xauth.so
EOS
echo "-- modified ${file}"
}
change_sudores() {
local file=/etc/sudoers
_backup_file $file
cat << EOS >> $file 2>&1
%wheel ALL=(ALL) NOPASSWD: ALL
EOS
echo "-- modified ${file}"
}
change_sshd_config() {
local file=/etc/ssh/sshd_config
_backup_file $file
cat << EOS > $file 2>&1
# initial settings
Port $PORT
Protocol 2
SyslogFacility AUTHPRIV
ChallengeResponseAuthentication no
GSSAPICleanupCredentials yes
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
X11Forwarding yes
Subsystem sftp /usr/libexec/openssh/sftp-server
# modify settings
PasswordAuthentication no
GSSAPIAuthentication no
UsePAM no
# add settings
PermitRootLogin no
PermitEmptyPasswords no
EOS
echo "-- modified ${file}"
local ssh_home="/home/$USER/.ssh/"
mkdir $ssh_home
echo $PUB_KEY > ${ssh_home}/authorized_keys
chmod 600 ${ssh_home}/authorized_keys
chown -R $USER:$USER ${ssh_home}
chmod 700 $ssh_home
echo "-- created #{ssh_home}"
service sshd restart
echo "-- restart sshd"
}
change_iptables() {
local file=/etc/sysconfig/iptables
_backup_file $file
cat << EOS > $file 2>&1
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport $PORT -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
EOS
echo "-- modified ${file}"
/etc/init.d/iptables restart
echo "-- restart iptables"
}
change_aliases() {
local file="/etc/aliases"
_backup_file $file
echo "root: $MAIL" >> $file
newaliases
echo "-- modified ${file}"
}
# for mysql5.5
add_repos() {
# remi for mysql5.5
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
echo "-- added remi repos"
}
install_services() {
# http
#_yumi install httpd httpd-devel
#/etc/init.d/mysqld httpd
#chkconfig httpd on
# nginx
# when installing passenger
#_yumi nginx
#/etc/init.d/nginx start
#chkconfig nginx on
# git
_yumi 'git nmap'
# sqlite
_yumi 'sqlite sqlite-devel'
# ruby
_yumi 'openssl-devel curl-devel readline-devel zlib-devel libxml2 libxml2-devel libxslt-devel libyaml-devel libffi-devel'
# capistrano(nokogiri)
_yumi 'libxml2 libxml2-devel libxslt libxslt-devel'
# sphinx
_yumi sphinx
# python-setuptools(easy_install)
_yumi 'python-devel python-setuptools'
# monit
_yumi monit
chkconfig monit on
# hg
echo "-- easy_install Mercurial"
easy_install Mercurial
# mysql
_yumi 'mysql mysql-server mysql-devel --enablerepo=remi,remi-test'
/etc/init.d/mysqld start
chkconfig mysqld on
}
disable_services() {
chkconfig auditd off
chkconfig haldaemon off
chkconfig mdmonitor off
chkconfig messagebus off
chkconfig netfs off
chkconfig restorecond off
chkconfig smartd off
echo '-- disabled services'
chkconfig --list
}
yum_update() {
yum -y update
}
#setup_mysql() {
# #mysql_install_db
# #mysql_secure_installation
# ## data load
# #mysql_upgrade
#}
#setup_nginx() {
#
#
#}
finalize() {
echo 'Done! You should restart.'
}
main() {
initialize
# os settings
create_user
change_pamd_su
change_sudores
change_sshd_config
change_iptables
change_aliases
# service
add_repos
install_services
disable_services
yum_update
# setup
#setup_mysql
#setup_nginx
finalize
}
##
# execute
##
main
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment