====== Установка 1С ======
===== Зависимости =====
apt install software-properties-common -y
apt-add-repository contrib
apt install gnupg2 sudo ttf-mscorefonts-installer fontconfig -y
fc-cache -fv
wget http://ftp.de.debian.org/debian/pool/main/e/enchant/libenchant1c2a_1.6.0-11.1+b1_amd64.deb
dpkg -i libenchant1c2a_1.6.0-11.1+b1_amd64.deb
apt --fix-broken install -y
===== 1c =====
tar xvfz server64_8.3.24.1342.tar.gz
./setup-full-8.3.24.1342-x86_64.run --mode unattended --enable-components server,ws,server_admin,liberica_jre,ru
chown -R usr1cv8:grp1cv8 /opt/1cv8/
ln -f /opt/1cv8/x86_64/8.3.24.1342/srv1cv8-8.3.24.1342@.service /etc/systemd/system/srv1cv8.service
sed -i 's/^Environment=SRV1CV8_KEYTAB=.*/Environment=SRV1CV8_KEYTAB=\/opt\/1cv8\/conf\/usr1cv8.keytab/g' /etc/systemd/system/srv1cv8.service
systemctl daemon-reload
systemctl enable srv1cv8.service
systemctl start srv1cv8
systemctl status srv1cv8
===== i386 =====
dpkg --add-architecture i386
apt update
apt install unixodbc:i386 imagemagick:i386 liblcms2-2:i386 libgssapi-krb5-2:i386 -y
wget http://ftp.de.debian.org/debian/pool/main/e/enchant/libenchant1c2a_1.6.0-11.1+b1_i386.deb
dpkg -i libenchant1c2a_1.6.0-11.1+b1_i386.deb
apt --fix-broken install -y
===== Postgresql 1C =====
cd ~
wget https://repo.postgrespro.ru/1c/1c-15/keys/pgpro-repo-add.sh
sh pgpro-repo-add.sh
apt install postgrespro-1c-15 -y
/opt/pgpro/1c-15/bin/pg-wrapper links update
echo "host all all 0.0.0.0/0 md5" >> /var/lib/pgpro/1c-15/data/pg_hba.conf
systemctl enable postgrespro-1c-15
systemctl start postgrespro-1c-15
systemctl status postgrespro-1c-15
sudo -u postgres psql -U postgres -c "alter user postgres with password 'password';"
===== samba =====
apt install samba winbind krb5-config libnss-winbind acl krb5-user -y
systemctl enable --now {smbd,nmbd}
cat << EOF > /etc/krb5.conf
[libdefaults]
default_realm = AUGIN.RU
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
[realms]
DC1.AUGIN.RU = {
kdc = dc1.augin.ru
admin_server = dc1.augin.ru
}
AUGIN.RU = {
kdc = dc1.augin.ru
}
[domain_realm]
dc1.augin.ru = DC1.AUGIN.RU
.dc1.augin.ru = DC1.AUGIN.RU
EOF
cat << EOF > /etc/samba/smb.conf
[global]
workgroup = AUGIN
security = ads
kerberos method = secrets and keytab
realm = AUGIN.RU
winbind use default domain = true
winbind enum groups = Yes
winbind enum users = Yes
password server = dc1.augin.ru
idmap config * : range = 16777216-33554431
idmap config * : backend = autorid
template homedir = /home/%U
template shell = /sbin/nologin
winbind offline logon = false
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
[exchange$]
comment = exchange folder
path = /home/exchange
public = yes
writable = yes
EOF
cat << EOF > /etc/nsswitch.conf
passwd: files systemd winbind
group: files systemd winbind
shadow: files
gshadow: files
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
EOF
mkdir /home/exchange
mkdir /home/exchange/log
chown -R usr1cv8:grp1cv8 /home/exchange
net ads join -U Administrator
systemctl restart smbd nmbd winbind
wbinfo -u
setfacl -R -m g:"domain admins":rwx /home
setfacl -R -d -m g:"domain admins":rwx /home
===== авторизация AD =====
PowerShell
Invoke-Command -ComputerName dc1 -ScriptBlock {ktpass -kvno 12 -ptype KRB5_NT_PRINCIPAL -princ usr1cv8/s1c.augin.ru@AUGIN.RU -mapuser l1cuser -pass PaSwOrD(l1cuser) -out \\s1c\exchange$\usr1cv8.keytab}
cp /root/usr1cv8.keytab /opt/1cv8/conf/usr1cv8.keytab
chown usr1cv8:grp1cv8 /opt/1cv8/conf/usr1cv8.keytab
chmod 600 /opt/1cv8/conf/usr1cv8.keytab
sed -i 's/^Environment=SRV1CV8_KEYTAB=.*/Environment=SRV1CV8_KEYTAB=\/opt\/1cv8\/conf\/usr1cv8.keytab/g' /etc/systemd/system/srv1cv8.service
systemctl daemon-reload
systemctl restart srv1cv8.service
===== WEB =====
apt install apache2 -y
apt install php php-common php-pgsql php-gd php-xml php-mbstring php-fpm -y
systemctl enable apache2 --now
a2enmod proxy_fcgi setenvif
a2enconf php7.4-fpm
systemctl restart apache2 php7.4-fpm
wget https://github.com/vrana/adminer/releases/download/v4.7.6/adminer-4.7.6.php -O /var/www/html/index.php
mkdir /var/www/html/dengi/
/opt/1cv8/x86_64/8.3.22.1709/webinst -apache24 -wsdir dengi -dir '/var/www/html/dengi' -connStr 'Srvr="s1c.augin.ru";Ref="dengi";' -confPath /etc/apache2/apache2.conf
systemctl restart apache2
===== logs =====
cat << EOF > /opt/1cv8/conf/logcfg.xml
EOF
chown -R usr1cv8:grp1cv8 /opt/1cv8/
===== backup =====
cat << EOF > /opt/backup.sh
#!/bin/bash
SERVER=bs
BAK_DIR="/mnt/disk1/sql_bases/s1c-x"
DATE=\`date +%d.%m.%Y-%H%M\`
RECENT=7
ssh root@\$SERVER "mkdir \$BAK_DIR/\$DATE"
for base in \`su -l postgres -c "psql -U postgres -Aqt -c 'select datname from pg_database;'"\`
do
su -l postgres -c "pg_dump \$base" | gzip > /var/lib/pgpro/bak/\$base.sql.gz
scp "/var/lib/pgpro/bak/\$base.sql.gz" "root@\$SERVER:\$BAK_DIR/\$DATE/\$base.sql.gz"
done
x=1
for i in \`ssh root@\$SERVER -C "ls -t \$BAK_DIR"\`
do
if [ \$x -le \$RECENT ]
then
((x++))
continue
fi
ssh root@\$SERVER -C "rm -rf \$BAK_DIR/\$i"
done
EOF
chmod +x /opt/backup.sh
mkdir /var/lib/pgpro/bak/
cat << EOF > /etc/cron.d/backup-postgresql
# backup postgres
0 1 * * * root /opt/backup.sh
EOF
cat << EOF > /opt/restore.sh
su postgres -c "psql -c 'DROP DATABASE pg_base_name;'"
su postgres -c "psql -c 'CREATE DATABASE pg_base_name;'"
su postgres -c "gunzip -c pg_base_name.sql.gz | psql pg_base_name"
EOF
ssh-copy-id root@bs
=====Создание информационной базы=====
su usr1cv8 -c "/opt/1cv8/x86_64/8.3.22.1704/ras cluster --daemon"
su usr1cv8 -c "/opt/1cv8/x86_64/8.3.22.1704/rac cluster list"
cluster : 1fc5b766-b120-44e1-8982-245b7458830a
su usr1cv8 -c "/opt/1cv8/x86_64/8.3.22.1704/rac infobase --cluster=1fc5b766-b120-44e1-8982-245b7458830a create --create-database --name=dengi --dbms=PostgreSQL --db-server=s1c --db-name=dengi --locale=ru_RU --db-user=postgres --db-pwd='password' --license-distribution=allow"
infobase : bed93d44-3e5d-4c3e-80a2-f681a14c24f2
su usr1cv8 -c "/opt/1cv8/x86_64/8.3.22.1704/rac infobase --cluster=1fc5b766-b120-44e1-8982-245b7458830a summary list"
/opt/1C/v8.3/x86_64/rac infobase --cluster=47e454ce-622f-13e8-548b-005c293a22e1 drop --infobase=356332f4-62a8-11e9-1d97-003c254a22e1 --infobase-user=admin --infobase-pwd='alks76dg(h323)qw' --drop-database
===== Лицензия =====
если аппаратный ключ
apt install aksusbd -y
reboot
===== disable-transparent-huge-pages =====
cat << EOF > /etc/systemd/system/disable-transparent-huge-pages.service
[Unit]
Description=Disable Transparent Huge Pages
[Service]
Type=oneshot
ExecStart=/bin/sh -c "/usr/bin/echo "never" | tee /sys/kernel/mm/transparent_hugepage/enabled"
ExecStart=/bin/sh -c "/usr/bin/echo "never" | tee /sys/kernel/mm/transparent_hugepage/defrag"
[Install]
WantedBy=multi-user.target
EOF
systemctl enable disable-transparent-huge-pages
systemctl start disable-transparent-huge-pages
systemctl status disable-transparent-huge-pages