Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
linux_wiki:os_install_post_install [2016/05/18 23:23] billdozor |
linux_wiki:os_install_post_install [2017/09/12 23:24] billdozor [Post Install Script: Worker] |
||
---|---|---|---|
Line 4: | Line 4: | ||
After installing an OS via [[linux_wiki: | After installing an OS via [[linux_wiki: | ||
+ | |||
+ | This page demonstrates how to create VM templates and kickstarts that will auto-execute scripts one time for a system' | ||
**Checklist** | **Checklist** | ||
* Distro(s): Enterprise Linux 6/7 | * Distro(s): Enterprise Linux 6/7 | ||
+ | * Other: NFS Server sharing a post install configuration script | ||
---- | ---- | ||
Line 12: | Line 15: | ||
====== Firstboot ====== | ====== Firstboot ====== | ||
- | Post install configuration | + | * The firstboot script |
+ | * It is baked into the system | ||
+ | * It stays generic and calls other external scripts on remote admin systems | ||
+ | * It also reboots the system and sends an email once it has completed | ||
---- | ---- | ||
Line 20: | Line 26: | ||
This script is meant to run once and then disable itself. It calls other post install script(s) to do the actual work. | This script is meant to run once and then disable itself. It calls other post install script(s) to do the actual work. | ||
+ | / | ||
<code bash> | <code bash> | ||
#!/bin/bash | #!/bin/bash | ||
Line 30: | Line 37: | ||
nfs_client_mountpoint="/ | nfs_client_mountpoint="/ | ||
post_install_script=" | post_install_script=" | ||
+ | post_install_log="/ | ||
# Write a successful run file | # Write a successful run file | ||
firstboot_ran_file="/ | firstboot_ran_file="/ | ||
+ | |||
+ | # System Admins Group Email | ||
+ | system_admins_email=' | ||
# Reboot delay in minutes | # Reboot delay in minutes | ||
Line 135: | Line 146: | ||
#### End of Safeguards #### | #### End of Safeguards #### | ||
- | # Email root notification of completion | + | # Email notification of completion |
- | echo -e " | + | echo -e " |
- | echo -e "The firstboot script process has completed for: ' | + | echo -e "The firstboot script process has completed for: ' |
# Allow some time for the email to be sent | # Allow some time for the email to be sent | ||
Line 145: | Line 156: | ||
shutdown -r +${reboot_delay} " | shutdown -r +${reboot_delay} " | ||
- | ===== Firstboot: VM Template | + | ---- |
+ | |||
+ | ===== Firstboot: | ||
+ | |||
+ | Firstboot will get executed on CentOS 7 via a custom systemd service unit. | ||
+ | |||
+ | Create the following service unit file: / | ||
+ | <code bash> | ||
+ | [Unit] | ||
+ | Description=Auto-execute post install scripts | ||
+ | After=network.target | ||
+ | |||
+ | [Service] | ||
+ | ExecStart=/ | ||
+ | |||
+ | [Install] | ||
+ | WantedBy=multi-user.target | ||
+ | </ | ||
+ | |||
+ | ---- | ||
+ | |||
+ | ===== Firstboot: CentOS 6 Service ===== | ||
+ | |||
+ | CentOS 6 will make use of rc.local to execute the script. | ||
+ | |||
+ | Append to: / | ||
+ | <code bash> | ||
+ | / | ||
+ | </ | ||
+ | |||
+ | ---- | ||
+ | |||
+ | ====== Auto Setup ====== | ||
+ | |||
+ | Now that we have a firstboot script and method of executing on boot(CentOS 7 service or CentOS 6 rc.local), the combination of the two can be added to VM templates or kickstarts for unattended execution. | ||
+ | |||
+ | ---- | ||
+ | |||
+ | ===== Auto Setup: VM Templates ===== | ||
+ | |||
+ | The modifications for auto execution need to be done on a new template that is a modification of your base VM template. | ||
+ | |||
+ | **Warning**: | ||
+ | |||
+ | * Deploy a new VM from your base template ([[linux_wiki: | ||
+ | * Make the following modifications to the new system. | ||
+ | * **CentOS 6**<code bash>## VM deployed from the base template ## | ||
+ | |||
+ | ## Create a script directory for root | ||
+ | mkdir / | ||
+ | |||
+ | ## Mount NFS Server and Copy firstboot.sh to the VM | ||
+ | mount -t nfs < | ||
+ | cp -v / | ||
+ | chown -Rv root:root / | ||
+ | chmod -Rv 700 / | ||
+ | |||
+ | ## Create line in rc.local to auto execute firstboot script | ||
+ | echo "/ | ||
+ | |||
+ | ## Unmount NFS server | ||
+ | umount / | ||
+ | * [[linux_wiki: | ||
+ | * **CentOS 7**<code bash>## VM deployed from the base template ## | ||
+ | |||
+ | ## Create a script directory for root | ||
+ | mkdir / | ||
+ | |||
+ | ## Mount NFS Server and Copy firstboot.sh to the VM | ||
+ | mount -t nfs < | ||
+ | cp -v / | ||
+ | chown -Rv root:root / | ||
+ | chmod -Rv 700 / | ||
+ | |||
+ | ## Copy firstboot.service unit to the VM | ||
+ | cp -v / | ||
+ | chown -v root:root / | ||
+ | chmod -v 644 / | ||
+ | systemctl enable firstboot.service | ||
+ | |||
+ | ## Unmount NFS server | ||
+ | umount / | ||
+ | * [[linux_wiki: | ||
+ | |||
+ | ---- | ||
+ | |||
+ | ===== Auto Setup: Kickstarts ===== | ||
+ | |||
+ | Kickstart files require a post install section to be edited in order for the firstboot script to be placed on a new system. | ||
+ | |||
+ | * [[linux_wiki: | ||
+ | * Modify the " | ||
+ | * **CentOS 6**<code bash> | ||
+ | ( | ||
+ | |||
+ | ## Start rpcbind for NFS | ||
+ | service rpcbind start | ||
+ | |||
+ | ## Mount NFS Server | ||
+ | mount -vt nfs 10.1.2.3:/ | ||
+ | |||
+ | ## Create root's scripts directory | ||
+ | mkdir / | ||
+ | |||
+ | ## Copy the firstboot script to the new directory | ||
+ | cp -v / | ||
+ | chown -Rv root:root / | ||
+ | chmod -Rv 700 / | ||
+ | |||
+ | ## Create rc.local entry for auto execution on boot | ||
+ | echo "/ | ||
+ | |||
+ | ## Unmount NFS Server | ||
+ | umount -v /mnt | ||
+ | ) | ||
+ | %end</ | ||
+ | * **CentOS 7**<code bash> | ||
+ | ( | ||
+ | |||
+ | ## Start rpcbind for NFS | ||
+ | systemctl start rpcbind | ||
+ | |||
+ | ## Mount NFS Server | ||
+ | mount -vt nfs 10.1.2.3:/ | ||
+ | |||
+ | ## Create root's scripts directory | ||
+ | mkdir / | ||
+ | |||
+ | ## Copy the firstboot script to the new directory | ||
+ | cp -v / | ||
+ | chown -Rv root:root / | ||
+ | chmod -Rv 700 / | ||
+ | |||
+ | ## Copy the firstboot service for auto execution on boot | ||
+ | cp -v / | ||
+ | chown -v root:root / | ||
+ | chmod -v 644 / | ||
+ | |||
+ | ## Enable firstboot service | ||
+ | systemctl enable firstboot.service | ||
+ | |||
+ | ## Unmount NFS Server | ||
+ | umount -v /mnt | ||
+ | ) | ||
+ | %end</ | ||
+ | |||
+ | ---- | ||
+ | |||
+ | ====== Post Install Script ====== | ||
+ | |||
+ | * The post install script is what gets called via the firstboot script. | ||
+ | * This script does all the heavy lifting (system updates, configuration, | ||
+ | |||
+ | ===== Post Install Script: Parent ===== | ||
+ | |||
+ | **Post install script**: Provide logging and error checking | ||
+ | <code bash postinstall.sh> | ||
+ | # | ||
+ | # Title: postinstall.sh | ||
+ | # Description: | ||
+ | # Last Updated: 2016-10-24 | ||
+ | # Most Recent Changes: | ||
+ | ####################################################################################### | ||
+ | |||
+ | function print_usage | ||
+ | { | ||
+ | echo | ||
+ | echo " Usage: postinstall.sh [-y]" | ||
+ | echo | ||
+ | echo " | ||
+ | echo | ||
+ | echo " | ||
+ | echo " | ||
+ | echo " | ||
+ | echo " | ||
+ | echo | ||
+ | exit 1 | ||
+ | } | ||
+ | |||
+ | # | ||
+ | # Get Script Arguments | ||
+ | # | ||
+ | # Reset POSIX variable in case it has been used previously in this shell | ||
+ | OPTIND=1 | ||
+ | |||
+ | # By default, do not force run script. Prompt for running or not. | ||
+ | force_run_script=" | ||
+ | |||
+ | while getopts " | ||
+ | case " | ||
+ | h) # -h (help) argument | ||
+ | print_usage | ||
+ | exit 0 | ||
+ | ;; | ||
+ | y) # -y (yes to running script) argument | ||
+ | force_run_script=" | ||
+ | ;; | ||
+ | *) # invalid argument | ||
+ | print_usage | ||
+ | exit 0 | ||
+ | ;; | ||
+ | esac | ||
+ | done | ||
+ | |||
+ | ## | ||
+ | ## Pre-req checks | ||
+ | ## | ||
+ | |||
+ | ## Ensure we are root ## | ||
+ | if [[ $(id --user) -ne 0 ]]; then | ||
+ | echo ">> | ||
+ | exit 1 | ||
+ | fi | ||
+ | |||
+ | ## | ||
+ | ## Set Script Variables | ||
+ | ## | ||
+ | |||
+ | # Set base path from executed command (relative or full path works) | ||
+ | base_path=" | ||
+ | |||
+ | # Set log file and script locations | ||
+ | postinstall_log="/ | ||
+ | postinstall_worker=" | ||
+ | |||
+ | ## | ||
+ | ## Setup Logging | ||
+ | ## | ||
+ | echo -e ">> | ||
+ | |||
+ | # Clear log and timestamp the beginning | ||
+ | cat /dev/null > ${postinstall_log} | ||
+ | echo -e "---- Log Started: $(date) ----\n" | ||
+ | |||
+ | ## | ||
+ | ## Execute External Scripts | ||
+ | ## | ||
+ | # Start script, pass base path argument | ||
+ | if [[ ${force_run_script} == " | ||
+ | ${base_path}${postinstall_worker} -d ${base_path} 2>&1 | tee -a ${postinstall_log} | ||
+ | elif [[ ${force_run_script} == " | ||
+ | ${base_path}${postinstall_worker} -d ${base_path} -y 2>&1 | tee -a ${postinstall_log} | ||
+ | else | ||
+ | echo -e ">> | ||
+ | exit 1 | ||
+ | fi | ||
+ | |||
+ | ## | ||
+ | ## Close Logs, Show Location | ||
+ | ## | ||
+ | # Ending timestamp | ||
+ | echo -e " | ||
+ | |||
+ | # Reminder of where the log file is at | ||
+ | echo -e " | ||
+ | echo -e " | ||
+ | </ | ||
+ | |||
+ | ===== Post Install Script: Worker ===== | ||
+ | |||
+ | **Post install worker**: Perform the actual installations/ | ||
+ | <code bash worker_postinstall.sh> | ||
+ | # | ||
+ | # Name: worker_postinstall.sh | ||
+ | # Description: | ||
+ | # This script is meant to be launched via its parent script: postinstall.sh | ||
+ | # Last Updated: 2016-12-14 | ||
+ | # Recent Changes: | ||
+ | # -Clamd install/ | ||
+ | # section to be EL7 or other specific for target services. | ||
+ | ############################################################################################### | ||
+ | |||
+ | function print_usage | ||
+ | { | ||
+ | echo | ||
+ | echo " Usage: postinstall.sh [-y]" | ||
+ | echo | ||
+ | echo " | ||
+ | echo " | ||
+ | echo | ||
+ | echo " | ||
+ | echo " | ||
+ | echo " | ||
+ | echo " | ||
+ | echo | ||
+ | exit 1 | ||
+ | } | ||
+ | |||
+ | function get_os_type | ||
+ | { | ||
+ | if [ -f / | ||
+ | distro=$(awk -F: ' | ||
+ | major_version=$(awk -F: ' | ||
+ | elif [ -f / | ||
+ | distro=$(awk ' | ||
+ | major_version=$(awk -F. ' | ||
+ | fi | ||
+ | |||
+ | # ${distro,,} converts to lower case for comparison | ||
+ | if [[ ${distro,,} == " | ||
+ | case $major_version in | ||
+ | 7) | ||
+ | OSTYPE=" | ||
+ | ;; | ||
+ | 6) | ||
+ | OSTYPE=" | ||
+ | ;; | ||
+ | 5) | ||
+ | echo ">> | ||
+ | exit 1 | ||
+ | ;; | ||
+ | *) | ||
+ | echo ">> | ||
+ | exit 1 | ||
+ | ;; | ||
+ | esac | ||
+ | else | ||
+ | echo ">> | ||
+ | exit 1 | ||
+ | fi | ||
+ | } | ||
+ | |||
+ | # | ||
+ | # Get Script Arguments | ||
+ | # | ||
+ | # Reset POSIX variable in case it has been used previously in this shell | ||
+ | OPTIND=1 | ||
+ | |||
+ | # By default, do not force run script. Prompt for running or not. | ||
+ | force_run_script=" | ||
+ | |||
+ | while getopts " | ||
+ | case " | ||
+ | h) # -h (help) argument | ||
+ | print_usage | ||
+ | exit 0 | ||
+ | ;; | ||
+ | d) # -d (directory path) | ||
+ | base_path=${OPTARG} | ||
+ | ;; | ||
+ | y) # -y (yes to running script) argument | ||
+ | force_run_script=" | ||
+ | ;; | ||
+ | *) # invalid argument | ||
+ | print_usage | ||
+ | exit 0 | ||
+ | ;; | ||
+ | esac | ||
+ | done | ||
+ | |||
+ | #### | ||
+ | #### Main Starts Here | ||
+ | #### | ||
+ | |||
+ | # Ensure a base path of where we start is passed | ||
+ | if [ ! -d " | ||
+ | echo ">> | ||
+ | print_usage | ||
+ | fi | ||
+ | |||
+ | # Set variables used throughout the script | ||
+ | get_os_type | ||
+ | |||
+ | # | ||
+ | # Confirm running the post install script | ||
+ | # | ||
+ | echo -e " | ||
+ | echo -e "#### | ||
+ | echo -e " | ||
+ | echo | ||
+ | echo -e " | ||
+ | echo -e " | ||
+ | echo -e "OS Family: ${OSTYPE}" | ||
+ | echo -e "Using Base Path: ${base_path}" | ||
+ | echo -e " | ||
+ | |||
+ | if [[ ${force_run_script} == " | ||
+ | read run_script | ||
+ | elif [[ ${force_run_script} == " | ||
+ | echo -e " Force run script detected. Continuing..." | ||
+ | run_script=" | ||
+ | else | ||
+ | echo -e ">> | ||
+ | exit 1 | ||
+ | fi | ||
+ | |||
+ | if [[ ${run_script} != " | ||
+ | echo -e " | ||
+ | exit 1 | ||
+ | fi | ||
+ | |||
+ | # | ||
+ | # Remove some packages | ||
+ | # | ||
+ | echo -e " | ||
+ | |||
+ | # If a Virtual Machine: Remove/ | ||
+ | # doesn' | ||
+ | dmidecode | grep -i vmware > /dev/null | ||
+ | if [[ $? -eq 0 ]]; then | ||
+ | |||
+ | echo -e " | ||
+ | rpm -q biosdevname | ||
+ | |||
+ | if [ $? -eq 0 ]; then | ||
+ | echo -e " | ||
+ | yum -y remove biosdevname | ||
+ | |||
+ | # Disable the kernel option for biosdevname | ||
+ | if [[ ${major_version} == " | ||
+ | # check for " | ||
+ | if [[ $(grep GRUB_CMDLINE_LINUX / | ||
+ | echo -e " | ||
+ | # remove trailing quote (") and then append: net.ifnames=0 biosdevname=0" | ||
+ | sed -i -r -e "/ | ||
+ | sed -i -r -e "/ | ||
+ | grub2-mkconfig -o / | ||
+ | fi | ||
+ | else | ||
+ | echo -e " | ||
+ | # append biosdevname=0 to the kernel lines | ||
+ | sed -i -r -e "/ | ||
+ | fi | ||
+ | fi | ||
+ | fi | ||
+ | ## End of virtual machine check ## | ||
+ | |||
+ | # Space separated list of packages to remove | ||
+ | remove_packages=" | ||
+ | |||
+ | # Remove the packages | ||
+ | for package in ${remove_packages}; | ||
+ | echo -e " | ||
+ | rpm -q ${package} | ||
+ | if [ $? -eq 0 ]; then | ||
+ | echo -e " | ||
+ | yum -y remove ${package} | ||
+ | fi | ||
+ | done | ||
+ | |||
+ | # | ||
+ | # Temporary DNS Settings | ||
+ | # | ||
+ | echo -e " | ||
+ | |||
+ | echo "##== Temp Settings from worker_postinstall.sh ==##" > / | ||
+ | echo " | ||
+ | echo " | ||
+ | echo " | ||
+ | echo " | ||
+ | echo " | ||
+ | echo " | ||
+ | |||
+ | echo -e " | ||
+ | cat / | ||
+ | |||
+ | echo -e " | ||
+ | sed -i '/ | ||
+ | |||
+ | # | ||
+ | # Register with Spacewalk - or other systems management app | ||
+ | # | ||
+ | |||
+ | # | ||
+ | # Spacewalk Customization | ||
+ | # | ||
+ | |||
+ | # Spacewalk server fqdn hostname | ||
+ | sw_server=" | ||
+ | |||
+ | # Spacewalk server' | ||
+ | #(this is the package available at: https:// | ||
+ | sw_server_ca=" | ||
+ | sw_server_ca_installed="/ | ||
+ | |||
+ | # Spacewalk server channel activation keys | ||
+ | sw_activation_key_centos6_32bit=" | ||
+ | sw_activation_key_centos6_64bit=" | ||
+ | sw_activation_key_centos7_64bit=" | ||
+ | sw_activation_key_oracle6_64bit=" | ||
+ | sw_activation_key_oracle7_64bit=" | ||
+ | |||
+ | # Repos and GPG Keys | ||
+ | sw_client_repo_gpgkey=" | ||
+ | sw_client_repo_el6=" | ||
+ | sw_client_repo_el7=" | ||
+ | |||
+ | sw_epel_repo_el6_gpgkey=" | ||
+ | sw_epel_repo_el7_gpgkey=" | ||
+ | sw_epel_repo_el6=" | ||
+ | sw_epel_repo_el7=" | ||
+ | |||
+ | # | ||
+ | # End of Customization | ||
+ | # | ||
+ | |||
+ | echo -e " | ||
+ | |||
+ | ## Pre-Register Checks ## | ||
+ | echo -e " | ||
+ | |||
+ | #Store system architecture so we aren't calling uname multiple times | ||
+ | system_arch=$(uname -i) | ||
+ | |||
+ | if [[ ${system_arch} != " | ||
+ | echo -e " | ||
+ | register_with_spacewalk=" | ||
+ | else | ||
+ | if [[ ${distro,,} == " | ||
+ | case $major_version in | ||
+ | 7) | ||
+ | ## CentOS 7 Register - Set spacewalk client repo, epel, activation key ## | ||
+ | if [[ ${system_arch} != " | ||
+ | echo -e " | ||
+ | register_with_spacewalk=" | ||
+ | else | ||
+ | sw_client_repo=" | ||
+ | sw_epel_repo=" | ||
+ | sw_epel_repo_gpgkey=" | ||
+ | sw_activation_key=" | ||
+ | register_with_spacewalk=" | ||
+ | fi | ||
+ | ;; | ||
+ | 6) | ||
+ | ## CentOS 6 Register - Set spacewalk client repo, epel, activation key ## | ||
+ | sw_client_repo=" | ||
+ | sw_epel_repo=" | ||
+ | sw_epel_repo_gpgkey=" | ||
+ | |||
+ | if [[ ${system_arch} == " | ||
+ | sw_activation_key=" | ||
+ | else | ||
+ | sw_activation_key=" | ||
+ | fi | ||
+ | register_with_spacewalk=" | ||
+ | ;; | ||
+ | *) | ||
+ | echo "-> Warning: No Spacewalk channel available for ${distro} ${major_version}." | ||
+ | register_with_spacewalk=" | ||
+ | ;; | ||
+ | esac | ||
+ | elif [[ ${distro,,} == " | ||
+ | case ${major_version} in | ||
+ | 7) | ||
+ | # Oracle 7 register - Set spacewalk client repo, epel, activation key ## | ||
+ | if [[ ${system_arch} != " | ||
+ | echo -e " | ||
+ | register_with_spacewalk=" | ||
+ | else | ||
+ | sw_client_repo=" | ||
+ | sw_epel_repo=" | ||
+ | sw_epel_repo_gpgkey=" | ||
+ | sw_activation_key=" | ||
+ | register_with_spacewalk=" | ||
+ | fi | ||
+ | ;; | ||
+ | 6) | ||
+ | ## Oracle 6 register - Set spacewalk client repo, epel, activation key ## | ||
+ | if [[ ${system_arch} != " | ||
+ | echo -e " | ||
+ | register_with_spacewalk=" | ||
+ | else | ||
+ | sw_client_repo=" | ||
+ | sw_epel_repo=" | ||
+ | sw_epel_repo_gpgkey=" | ||
+ | sw_activation_key=" | ||
+ | register_with_spacewalk=" | ||
+ | fi | ||
+ | ;; | ||
+ | *) | ||
+ | echo "-> Warning: No Spacewalk channel available for ${distro} ${major_version}." | ||
+ | register_with_spacewalk=" | ||
+ | ;; | ||
+ | esac | ||
+ | else | ||
+ | echo -e "-> Warning: ${distro} not supported. Only CentOS and Oracle channels available at this time." | ||
+ | register_with_spacewalk=" | ||
+ | fi # end of distro == centos, elif oracle check | ||
+ | fi # end of architecture check | ||
+ | |||
+ | ## Begin Registration Process ## | ||
+ | if [[ ${register_with_spacewalk} == " | ||
+ | # Add Repos # | ||
+ | echo -e " | ||
+ | rpm -v --import ${sw_client_repo_gpgkey} | ||
+ | rpm -ivh ${sw_client_repo} | ||
+ | |||
+ | echo -e " | ||
+ | rpm -v --import ${sw_epel_repo_gpgkey} | ||
+ | rpm -ivh ${sw_epel_repo} | ||
+ | |||
+ | echo -e " | ||
+ | yum makecache fast | ||
+ | |||
+ | # Install Spacewalk' | ||
+ | echo -e " | ||
+ | rpm -ivh https:// | ||
+ | |||
+ | echo -e " | ||
+ | dig mirrors.fedoraproject.org &> /dev/null | ||
+ | |||
+ | # Install Client Packages | ||
+ | echo -e " | ||
+ | yum -y install rhn-client-tools rhn-check rhn-setup rhnsd m2crypto yum-rhn-plugin | ||
+ | |||
+ | # Register # | ||
+ | echo -e " | ||
+ | rhnreg_ks --serverUrl=https:// | ||
+ | registration_return_code=$? | ||
+ | |||
+ | if [[ ${registration_return_code} -eq 0 ]]; then | ||
+ | echo -e " | ||
+ | sw_registered=" | ||
+ | |||
+ | # Show website | ||
+ | echo -e " | ||
+ | sleep 2 | ||
+ | |||
+ | # Install Config Management Packages | ||
+ | echo -e " | ||
+ | yum -y install rhncfg rhncfg-actions rhncfg-client rhncfg-management | ||
+ | |||
+ | # Allow Spacewalk server to deploy config files | ||
+ | echo -e " | ||
+ | rhn-actions-control --enable-all | ||
+ | |||
+ | # Deploy spacewalk-checkin cron job (runs rhn_check every 30 mins) | ||
+ | echo -e " | ||
+ | rhncfg-client get / | ||
+ | |||
+ | # If not successful, create a minimum job file | ||
+ | grep --quiet "This Config Managed by Spacewalk" | ||
+ | if [[ $? -ne 0 ]]; then | ||
+ | echo "# Spacewalk - Check in to the Spacewalk Server via rhn_check" | ||
+ | echo ' | ||
+ | echo "*/30 * * * * root / | ||
+ | |||
+ | echo -e " | ||
+ | chmod -v 600 / | ||
+ | fi | ||
+ | |||
+ | ## Disable rhnsd (not needed because of cron job " | ||
+ | echo -e " | ||
+ | if [[ ${major_version} == " | ||
+ | systemctl disable rhnsd | ||
+ | systemctl stop rhnsd | ||
+ | else | ||
+ | chkconfig rhnsd off | ||
+ | service rhnsd stop | ||
+ | fi | ||
+ | |||
+ | ## Add Custom GPG Key - If you created a custom Repo on Spacewalk ## | ||
+ | sw_custom_repo_gpgkey=" | ||
+ | echo -e " | ||
+ | rpm -v --import ${sw_custom_repo_gpgkey} | ||
+ | |||
+ | ## Deploy Config Files - If you are managing config files on Spacewalk ## | ||
+ | |||
+ | echo -e " | ||
+ | for FILE in $(rhncfg-client list | awk / | ||
+ | rhncfg-client get ${FILE} | ||
+ | done | ||
+ | |||
+ | echo -e " | ||
+ | for FILE in $(rhncfg-client list | awk / | ||
+ | rhncfg-client get ${FILE} | ||
+ | done | ||
+ | |||
+ | |||
+ | ## Disable Old Repos ## | ||
+ | if [[ ${distro,,} == " | ||
+ | # Disable CentOS default system repos | ||
+ | echo -e " | ||
+ | for FILE in / | ||
+ | sed -i ' | ||
+ | sed -i '/ | ||
+ | done | ||
+ | elif [[ ${distro,,} == " | ||
+ | # Disable Oracle default system repos | ||
+ | echo -e " | ||
+ | for FILE in / | ||
+ | sed -i ' | ||
+ | sed -i '/ | ||
+ | done | ||
+ | fi | ||
+ | |||
+ | # Disable temporary epel repo | ||
+ | echo -e " | ||
+ | sed -i ' | ||
+ | sed -i ' | ||
+ | |||
+ | # Show repos | ||
+ | echo -e " | ||
+ | yum repolist | ||
+ | |||
+ | elif [[ ${registration_return_code} -eq 255 ]]; then | ||
+ | echo -e "-> Registration encountered an error! (Return Code: ${registration_return_code})" | ||
+ | echo -e " | ||
+ | echo -e " | ||
+ | echo -e " | ||
+ | echo -e "-> Then disable non Base, | ||
+ | sw_registered=" | ||
+ | |||
+ | else | ||
+ | # Registration was not successful | ||
+ | echo -e "-> Registration encountered an error! (Return Code: ${registration_return_code})" | ||
+ | echo -e "-> Will NOT install setup spacewalk-checkin job and disable default repos." | ||
+ | sw_registered=" | ||
+ | fi | ||
+ | |||
+ | else | ||
+ | echo -e "-> WARNING: Will NOT register system with Spacewalk." | ||
+ | sw_registered=" | ||
+ | fi | ||
+ | ## End Registration Process ## | ||
+ | |||
+ | # | ||
+ | # Install system packages | ||
+ | # | ||
+ | echo -e " | ||
+ | yum -y install bash-completion bind-utils dmidecode iotop lsof mailx man mlocate nfs-utils openssh-clients perl psmisc rsync tcpdump vim-enhanced wget yum-utils | ||
+ | |||
+ | echo -e " | ||
+ | if [[ ${major_version} == " | ||
+ | mandb | ||
+ | else | ||
+ | makewhatis | ||
+ | fi | ||
+ | |||
+ | echo -e " | ||
+ | touch / | ||
+ | |||
+ | # | ||
+ | # Configure Grub | ||
+ | # | ||
+ | echo -e " | ||
+ | |||
+ | echo -e " | ||
+ | if [[ ${major_version} == " | ||
+ | sed -i ' | ||
+ | else | ||
+ | sed -i ' | ||
+ | fi | ||
+ | |||
+ | echo -e " | ||
+ | if [[ ${major_version} == " | ||
+ | echo -e " | ||
+ | else | ||
+ | sed -i '/ | ||
+ | fi | ||
+ | |||
+ | echo -e " | ||
+ | if [[ ${major_version} == " | ||
+ | sed -i 's/ rhgb// | ||
+ | else | ||
+ | sed -i 's/ rhgb// | ||
+ | fi | ||
+ | |||
+ | echo -e " | ||
+ | if [[ ${major_version} == " | ||
+ | sed -i 's/ quiet// | ||
+ | else | ||
+ | sed -i 's/ quiet// | ||
+ | fi | ||
+ | |||
+ | if [[ ${major_version} == " | ||
+ | echo -e " | ||
+ | grub2-mkconfig -o / | ||
+ | fi | ||
+ | |||
+ | # | ||
+ | # Install and configure time protocol | ||
+ | # | ||
+ | echo -e " | ||
+ | |||
+ | if [[ ${major_version} == " | ||
+ | echo -e " | ||
+ | yum -y remove ntp | ||
+ | yum -y install chrony | ||
+ | time_config=" | ||
+ | else | ||
+ | echo -e " | ||
+ | yum -y install ntp | ||
+ | time_config=" | ||
+ | fi | ||
+ | |||
+ | echo -e " | ||
+ | if [[ ${major_version} == " | ||
+ | echo -e " | ||
+ | else | ||
+ | ntpd -gxq | ||
+ | sleep 1 | ||
+ | ntpd -gxq | ||
+ | sleep 1 | ||
+ | ntpd -gxq | ||
+ | sleep 1 | ||
+ | fi | ||
+ | |||
+ | echo -e " | ||
+ | if [[ ${major_version} == " | ||
+ | systemctl restart chronyd | ||
+ | systemctl enable chronyd | ||
+ | else | ||
+ | service ntpd restart | ||
+ | chkconfig ntpd on | ||
+ | fi | ||
+ | |||
+ | # | ||
+ | # System Updates | ||
+ | # | ||
+ | echo -e " | ||
+ | yum -y update | ||
+ | |||
+ | # | ||
+ | # Configure OS settings | ||
+ | # | ||
+ | echo -e " | ||
+ | |||
+ | # Not in Spacewalk Config Channels | ||
+ | echo -e " | ||
+ | rm -fv /etc/motd | ||
+ | \cp -v ${base_path}os-agnostic/ | ||
+ | \cp -v ${base_path}os-agnostic/ | ||
+ | |||
+ | # Ensure proper ownership and permissions | ||
+ | chown -v root:root / | ||
+ | chmod -v 600 / | ||
+ | |||
+ | # | ||
+ | # Setup Mail | ||
+ | # | ||
+ | echo -e " | ||
+ | |||
+ | # Setup alias for root's mail | ||
+ | mail_aliases=' | ||
+ | echo -e " | ||
+ | sed -i -r -e " | ||
+ | |||
+ | echo -e " | ||
+ | newaliases | ||
+ | |||
+ | # Determine if using postfix or sendmail, setup config | ||
+ | echo -e " | ||
+ | rpm -q postfix | ||
+ | postfix_installed=" | ||
+ | rpm -q sendmail | ||
+ | sendmail_installed=" | ||
+ | |||
+ | if [[ ${postfix_installed} -eq 0 ]]; then | ||
+ | mail_client=" | ||
+ | echo -e " | ||
+ | |||
+ | elif [[ ${sendmail_installed} -eq 0 ]]; then | ||
+ | mail_client=" | ||
+ | echo -e " | ||
+ | |||
+ | else | ||
+ | mail_client="" | ||
+ | echo -e " | ||
+ | fi | ||
+ | |||
+ | if [[ ${mail_client} == " | ||
+ | echo -e " | ||
+ | |||
+ | if [[ ${major_version} == " | ||
+ | systemctl start ${mail_client} | ||
+ | systemctl enable ${mail_client} | ||
+ | else | ||
+ | service ${mail_client} start | ||
+ | chkconfig ${mail_client} on | ||
+ | fi | ||
+ | fi | ||
+ | |||
+ | # | ||
+ | # Setup Authentication (IPA) - or other LDAP source | ||
+ | # | ||
+ | echo -e " | ||
+ | |||
+ | echo -e " | ||
+ | yum -y install ipa-client | ||
+ | |||
+ | case ${OSTYPE} in | ||
+ | " | ||
+ | |||
+ | # Unattended install | ||
+ | echo -e " | ||
+ | ipa-client-install --domain=example.com --server=ipaserver01.example.com --server=ipaserver02.example.com --mkhomedir --no-dns-sshfp --fixed-primary --hostname=$(hostname | sed ' | ||
+ | |||
+ | if [[ $? -ne 0 ]]; then | ||
+ | # ipa-client-install exited with a non-zero status | ||
+ | echo -e " | ||
+ | echo -e " | ||
+ | else | ||
+ | # ipa-client-install realm join was successful | ||
+ | |||
+ | # fix sshd config: ipa-client-install modifies sshd, breaking it if there are any Match statements | ||
+ | echo -e " | ||
+ | rhncfg-client get / | ||
+ | systemctl restart sshd | ||
+ | |||
+ | echo -e " | ||
+ | systemctl stop nslcd nscd | ||
+ | systemctl disable nslcd nscd | ||
+ | |||
+ | echo -e " | ||
+ | authconfig --disableldap --disableldapauth --disableforcelegacy --update | ||
+ | |||
+ | echo -e " | ||
+ | systemctl restart sssd | ||
+ | |||
+ | echo -e " | ||
+ | systemctl start oddjobd | ||
+ | systemctl enable oddjobd | ||
+ | fi | ||
+ | |||
+ | ;; # END of EL7 IPA Config | ||
+ | |||
+ | " | ||
+ | |||
+ | # Unattended install | ||
+ | echo -e " | ||
+ | ipa-client-install --domain=example.com --server=ipaserver02.example.com --server=ipaserver01.example.com --mkhomedir --no-dns-sshfp --fixed-primary --hostname=$(hostname | sed ' | ||
+ | |||
+ | if [[ $? -ne 0 ]]; then | ||
+ | # ipa-client-install exited with a non-zero status | ||
+ | echo -e " | ||
+ | echo -e " | ||
+ | else | ||
+ | # ipa-client-install realm join was successful | ||
+ | |||
+ | # fix sshd config: ipa-client-install modifies sshd, breaking it if there are any Match statements | ||
+ | echo -e " | ||
+ | rhncfg-client get / | ||
+ | service sshd restart | ||
+ | |||
+ | echo -e " | ||
+ | service nslcd stop | ||
+ | service nscd stop | ||
+ | chkconfig nslcd off | ||
+ | chkconfig nscd off | ||
+ | |||
+ | echo -e " | ||
+ | authconfig --disableldap --disableldapauth --disableforcelegacy --update | ||
+ | |||
+ | echo -e " | ||
+ | service sssd restart | ||
+ | |||
+ | echo -e " | ||
+ | service messagebus start | ||
+ | service oddjobd start | ||
+ | chkconfig messagebus on | ||
+ | chkconfig oddjobd on | ||
+ | |||
+ | echo -e " | ||
+ | if [[ $(grep client_idle_timeout / | ||
+ | echo -e " | ||
+ | else | ||
+ | sed -i '/ | ||
+ | service sssd restart | ||
+ | service crond restart | ||
+ | fi | ||
+ | |||
+ | fi | ||
+ | |||
+ | ;; # END of EL6 IPA Config | ||
+ | |||
+ | esac | ||
+ | |||
+ | # | ||
+ | # Setup monitoring client | ||
+ | # | ||
+ | |||
+ | # Install and configure system monitoring client here | ||
+ | |||
+ | # | ||
+ | # Install Extra System Packages, EPEL Repo, and EPEL Packages | ||
+ | # | ||
+ | echo -e " | ||
+ | |||
+ | # Space separated package list | ||
+ | SYS_PKGS=" | ||
+ | echo -e " | ||
+ | yum -y install ${SYS_PKGS} | ||
+ | |||
+ | # Check to see if Spacewalk has registered the EPEL repo | ||
+ | echo -e " | ||
+ | yum repolist | grep " | ||
+ | epel_added=" | ||
+ | |||
+ | if [[ ${epel_added} -eq 0 ]]; then | ||
+ | # EPEL repo was found in yum repolist | ||
+ | echo -e " | ||
+ | else | ||
+ | # EPEL repo was NOT found in yum repolist; Add EPEL Repo | ||
+ | echo -e " | ||
+ | yum -y install epel-release | ||
+ | |||
+ | echo -e " | ||
+ | dig mirrors.fedoraproject.org > /dev/null | ||
+ | |||
+ | echo -e " | ||
+ | yum repolist | ||
+ | if [ $? -eq 1 ]; then | ||
+ | echo -e " | ||
+ | yum clean all | ||
+ | |||
+ | yum repolist | ||
+ | if [ $? -eq 1 ]; then | ||
+ | echo -e " | ||
+ | yum -y remove epel-release | ||
+ | yum clean all | ||
+ | yum -y install epel-release | ||
+ | |||
+ | echo -e " | ||
+ | dig mirrors.fedoraproject.org > /dev/null | ||
+ | echo -e " | ||
+ | yum repolist | ||
+ | fi | ||
+ | fi | ||
+ | fi # end of yum repolist grep | ||
+ | |||
+ | # Space separated package list | ||
+ | EPEL_PKGS=" | ||
+ | echo -e " | ||
+ | yum -y install ${EPEL_PKGS} | ||
+ | |||
+ | # | ||
+ | # Configure Extra Packages | ||
+ | # | ||
+ | echo -e " | ||
+ | |||
+ | echo -e " | ||
+ | if [[ -f / | ||
+ | sed -i '/ | ||
+ | else | ||
+ | echo -e " | ||
+ | fi | ||
+ | |||
+ | # | ||
+ | # System Services --- Startup | ||
+ | # | ||
+ | echo -e " | ||
+ | |||
+ | # Space separated services list | ||
+ | SERVICES_START=" | ||
+ | SERVICES_START_EL7=" | ||
+ | |||
+ | if [[ ${major_version} == " | ||
+ | echo -e " | ||
+ | for SYSTEM_SERVICE in ${SERVICES_START_EL7}; | ||
+ | systemctl start ${SYSTEM_SERVICE} | ||
+ | done | ||
+ | else | ||
+ | echo -e " | ||
+ | for SYSTEM_SERVICE in ${SERVICES_START}; | ||
+ | service ${SYSTEM_SERVICE} start | ||
+ | done | ||
+ | fi | ||
+ | |||
+ | # | ||
+ | # System Services --- Enable on boot | ||
+ | # | ||
+ | echo -e " | ||
+ | |||
+ | # Space separated services list | ||
+ | SERVICES_ON=" | ||
+ | SERVICES_ON_EL7=" | ||
+ | |||
+ | if [[ ${major_version} == " | ||
+ | echo -e " | ||
+ | for SYSTEM_SERVICE in ${SERVICES_ON_EL7}; | ||
+ | systemctl enable ${SYSTEM_SERVICE} | ||
+ | done | ||
+ | else | ||
+ | echo -e " | ||
+ | for SYSTEM_SERVICE in ${SERVICES_ON}; | ||
+ | chkconfig ${SYSTEM_SERVICE} on | ||
+ | done | ||
+ | fi | ||
+ | |||
+ | # | ||
+ | # System Services --- Stop | ||
+ | # | ||
+ | echo -e " | ||
+ | |||
+ | # Space separated services list | ||
+ | SERVICES_STOP=" | ||
+ | SERVICES_STOP_EL7=" | ||
+ | |||
+ | if [[ ${major_version} == " | ||
+ | echo -e " | ||
+ | for SYSTEM_SERVICE in ${SERVICES_STOP_EL7}; | ||
+ | systemctl stop ${SYSTEM_SERVICE} | ||
+ | done | ||
+ | else | ||
+ | echo -e " | ||
+ | for SYSTEM_SERVICE in ${SERVICES_STOP}; | ||
+ | service ${SYSTEM_SERVICE} stop | ||
+ | done | ||
+ | fi | ||
+ | |||
+ | # | ||
+ | # System Services --- Disable | ||
+ | # | ||
+ | echo -e " | ||
+ | |||
+ | # Space separated services list | ||
+ | SERVICES_OFF=" | ||
+ | SERVICES_OFF_EL7=" | ||
+ | |||
+ | if [[ ${major_version} == " | ||
+ | echo -e " | ||
+ | for SYSTEM_SERVICE in ${SERVICES_OFF_EL7}; | ||
+ | systemctl disable ${SYSTEM_SERVICE} | ||
+ | done | ||
+ | else | ||
+ | echo -e " | ||
+ | for SYSTEM_SERVICE in ${SERVICES_OFF}; | ||
+ | chkconfig ${SYSTEM_SERVICE} off | ||
+ | done | ||
+ | fi | ||
- | To create a firstboot | + | # |
+ | # Post Installation Completed | ||
+ | # | ||
+ | echo -e " | ||
+ | echo "# Post Install Configuration Completed. - A reboot is recommended." | ||
+ | echo "# | ||
+ | exit 0 | ||
+ | </ | ||
---- | ---- | ||