From ca7a2ed839f8fec5a7d7abbf50fc2c031f192fb5 Mon Sep 17 00:00:00 2001 From: onefang Date: Wed, 22 May 2019 19:14:35 +1000 Subject: Major tweaking of the scripts to suit the new setup. --- scripts/install/create_sim.sh | 55 +++++++++++++++++++------------------- scripts/install/go_live.sh | 2 +- scripts/install/opensim-monit.conf | 17 ++++-------- scripts/install/secure.sh | 20 ++++++++++++++ 4 files changed, 53 insertions(+), 41 deletions(-) create mode 100755 scripts/install/secure.sh (limited to 'scripts/install') diff --git a/scripts/install/create_sim.sh b/scripts/install/create_sim.sh index 0681067..08cedba 100755 --- a/scripts/install/create_sim.sh +++ b/scripts/install/create_sim.sh @@ -1,6 +1,6 @@ #!/bin/bash -source common.sh +source ../common.sh getPrgDir NAME=$1 @@ -9,8 +9,7 @@ URL=$3 IP=$4 SIZE=$5 -OSPATH="/opt/opensim" -cd $OSPATH/config +cd ${OS_PATH}/config k=0 for i in $(seq -w 1 99) @@ -22,38 +21,37 @@ do fi done -if [ "x$NAME" = "x" ] +if [ "x${NAME}" = "x" ] then NAME="No name sim $RANDOM" # Should be unique per grid. - echo "WARNING setting the sim name to [$NAME], this may not be what you want." + echo "WARNING setting the sim name to [${NAME}], this may not be what you want." fi # Sanitize the name. Not removing [ or ], couldn't get that to work, only important for Windows. -sim=$(sanitize $NAME) +sim=$(sanitize ${NAME}) -if [ "x$LOCATION" = "x" ] +if [ "x${LOCATION}" = "x" ] then LOCATION="$RANDOM,$RANDOM" # again UNIQUE (i.e. ONLY ONE) per grid in THIS case! - echo "WARNING setting the Location to $LOCATION, this may not be what you want." + echo "WARNING setting the Location to ${LOCATION}, this may not be what you want." fi -if [ "x$IP" = "x" ] +if [ "x${IP}" = "x" ] then - # 0.0.0.0 will work for a single sim per physical machine, otherwise we need the real internal IP. IP="0.0.0.0" - echo "WARNING setting the InternalAddress to $IP, this may not be what you want." + echo "WARNING setting the InternalAddress to ${IP}, this may not be what you want." # echo " 0.0.0.0 will work for a single sim per physical machine, otherwise we need the real internal IP." # According to the OpenSim docs, 0.0.0.0 means to listen on all NICs the machine has, which should work fine. fi -if [ "x$URL" = "x" ] +if [ "x${URL}" = "x" ] then # Here we make use of an external IP finding service. Careful, it may move. # URL=$(wget -q http://automation.whatismyip.com/n09230945.asp -O -) # URL is best (without the HTTP://), but IP (e.g. 88.109.81.55) works too. URL="SYSTEMIP" - echo "WARNING setting the ExternalHostName to $URL, this may not be what you want." + echo "WARNING setting the ExternalHostName to ${URL}, this may not be what you want." fi -if [ "x$SIZE" = "x" ] +if [ "x${SIZE}" = "x" ] then SIZE="256" fi @@ -68,29 +66,30 @@ fi PORT=$(( 9005 + (10#$k * 5) )) # 9002 is used for HTTP/UDP so START with port 9003! CAUTION Diva/D2 starts at port 9000. UUID=$(uuidgen) -echo "Creating sim$NUM on port $PORT @ $LOCATION - $NAME." +echo "Creating sim${NUM} on port ${PORT} @ ${LOCATION} - ${NAME}." -cp -r sim_skeleton sim$NUM +cp -r sim_skeleton sim${NUM} -cd sim$NUM +cd sim${NUM} mv My_sim.xml ${sim}.xml -sed -i "s@SIM_NAME@$NAME@g" ${sim}.xml -sed -i "s@SIM_UUID@$UUID@g" ${sim}.xml -sed -i "s@SIM_POS@$LOCATION@g" ${sim}.xml -sed -i "s@SIM_IP@$IP@g" ${sim}.xml -sed -i "s@SIM_INT_PORT@$(( $PORT + 1 ))@g" ${sim}.xml -sed -i "s@SIM_URL@$URL@g" ${sim}.xml -sed -i "s@SIM_SIZE@$SIZE@g" ${sim}.xml +sed -i "s@SIM_NAME@${NAME}@g" ${sim}.xml +sed -i "s@SIM_UUID@${UUID}@g" ${sim}.xml +sed -i "s@SIM_POS@${LOCATION}@g" ${sim}.xml +sed -i "s@SIM_IP@${IP}@g" ${sim}.xml +sed -i "s@SIM_INT_PORT@$(( ${PORT} + 1 ))@g" ${sim}.xml +sed -i "s@SIM_URL@${URL}@g" ${sim}.xml +sed -i "s@SIM_SIZE@${SIZE}@g" ${sim}.xml ln -s ../../current/scripts/common.sh common.sh ln -s ../../current/scripts/start-sim start-sim cp -P start-sim backup-sim cp -P start-sim stop-sim -sed -i "s@SIM_NUMBER@$NUM@g" ThisSim.ini -sed -i "s@SIM_PORT@$PORT@g" ThisSim.ini +sed -i "s@SIM_NUMBER@${NUM}@g" ThisSim.ini +sed -i "s@SIM_PORT@${PORT}@g" ThisSim.ini -sed -i "s@SIM_NUMBER@$NUM@g" opensim-monit.conf +sed -i "s@OS_PATH@${OS_PATH}@g" opensim-monit.conf +sed -i "s@SIM_NUMBER@${NUM}@g" opensim-monit.conf -sudo chown -R opensim:opensim .. +sudo chown -R ${OS_USER}:${OS_USER} .. sudo chmod -R g+w .. diff --git a/scripts/install/go_live.sh b/scripts/install/go_live.sh index 21d7072..c5ce90e 100755 --- a/scripts/install/go_live.sh +++ b/scripts/install/go_live.sh @@ -1,6 +1,6 @@ #!/bin/bash -OSPATH="/opt/opensim" +source common.sh for i in $(seq 99) do diff --git a/scripts/install/opensim-monit.conf b/scripts/install/opensim-monit.conf index 7785056..409b69e 100644 --- a/scripts/install/opensim-monit.conf +++ b/scripts/install/opensim-monit.conf @@ -9,23 +9,16 @@ # on ubuntu/debian, this is overridden by the CHECK_INTERVALS var in # /etc/default/monit . the below assumes you've set it to 30 seconds. # -# if process dies, will restart sim within 30 seconds. if process -# dies 5 times in as many tries, will stop trying and send email -# alert. -# -# if SimFPS drops to 0 for 2 minutes, restart. -# -# if process CPU usage stays above 300% for 2 minutes, restart. -# # see ../README for configuration instructions. # # Hmmmm, seems that monit changing to a user and running bash -l is different from sudo changing to a user and running bash -l. # -check process sim01 with pidfile /var/run/opensim/sim01.pid - start program = "/usr/bin/sudo -Hu opensim /bin/bash -lc 'cd /opt/opensim/config/sim01 && /opt/opensim/config/sim01/start-sim -q'" +check process simSIM_NUMBER with pidfile /OS_PATH/caches/simSIM_NUMBER.pid + start program = "/usr/bin/sudo -Hu opensim /bin/bash -lc 'cd /OS_PATH/config/simSIM_NUMBER && /OS_PATH/config/simSIM_NUMBER/start-sim -q'" as uid root and gid root - stop program = "/usr/bin/sudo -Hu opensim /bin/bash -lc 'cd /opt/opensim/config/sim01 && /opt/opensim/config/sim01/stop-sim'" with timeout 600 seconds + stop program = "/usr/bin/sudo -Hu opensim /bin/bash -lc 'cd /OS_PATH/config/simSIM_NUMBER && /OS_PATH/config/simSIM_NUMBER/stop-sim'" with timeout 600 seconds if cpu usage > 50% for 4 cycles then restart + if MEMORY usage > 10% for 4 cycles then restart # if 5 restarts within 5 cycles then timeout # if failed url http://127.0.0.1:9005/jsonSimStats/ # and content != '"SimFPS":0.0,' for 4 cycles @@ -33,4 +26,4 @@ check process sim01 with pidfile /var/run/opensim/sim01.pid # if failed url http://127.0.0.1:9008/jsonSimStats/ # and content == '"SimFPS":' for 4 cycles # then restart - + depends on ROBUST diff --git a/scripts/install/secure.sh b/scripts/install/secure.sh new file mode 100755 index 0000000..48255b6 --- /dev/null +++ b/scripts/install/secure.sh @@ -0,0 +1,20 @@ +#!/bin/bash + +source ../common.sh + +echo "Securing OpenSim." +sudo chmod 600 ${OS_PATH}/config/*.ini +sudo chown -R ${OS_USER}:${OS_USER} ${OS_PATH} +sudo chmod -R 775 ${OS_PATH} +sudo chmod -R a-x ${OS_PATH} +sudo chmod -R a+X ${OS_PATH} +sudo chmod -R g+w ${OS_PATH} +sudo chmod -R a+x ${OS_PATH}/current/*.sh +sudo chmod -R a+x ${OS_PATH}/current/scripts/*.sh +sudo chmod -R a+x ${OS_PATH}/current/scripts/install/*.sh +sudo chmod a+x ${OS_PATH}/current/scripts/show-console +sudo chmod a+x ${OS_PATH}/current/scripts/start-sim + +sudo chmod ug+rwx ${OS_PATH}/config +sudo chmod g+s ${OS_PATH}/config +sudo chmod 600 ${OS_PATH}/config/*.ini -- cgit v1.1