Differences

This shows you the differences between two versions of the page.

--- linux_wiki:os_install_post_install [2017/09/12 23:06]
billdozor [Post Install Script]
+++ linux_wiki:os_install_post_install [2017/09/12 23:24]
billdozor [Post Install Script: Worker]
@@ Line 308: / Line 308: @@
   * The post install script is what gets called via the firstboot script.
   * This script does all the heavy lifting (system updates, configuration, etc).
+===== Post Install Script: Parent =====
 **Post install script**: Provide logging and error checking
@@ Line 411: / Line 413: @@
 echo -e "----> Remember to umount NFS before rebooting <----"
 </code>
+===== Post Install Script: Worker =====
 **Post install worker**: Perform the actual installations/config work
 <code bash worker_postinstall.sh>
+#!/bin/bash
+# Name: worker_postinstall.sh
+# Description: Post-install configuration worker script for Enterprise Linux 6/7
+#              This script is meant to be launched via its parent script: postinstall.sh
+# Last Updated: 2016-12-14
+# Recent Changes:-Fixed services section for EL7; 1 failed service no longer affects others.
+#                -Clamd install/config. Removed fallback for freshclam files. Updated services
+#                section to be EL7 or other specific for target services.
+###############################################################################################
+function print_usage
+{
+echo
+echo " Usage: postinstall.sh [-y]"
+echo
+echo "   This script(${0}), is a worker script that is meant to be launched"
+echo "   from the parent script: postinstall.sh."
+echo
+echo "   Recommended action"
+echo "   1) Mount: mount -t nfs nfs-server:/admin /mnt"
+echo "   2) Execute parent script: /mnt/deploy/postinstall.sh [-y]"
+echo "      -y  => Yes, execute script without prompting."
+echo
+exit 1
+}
+function get_os_type
+{
+if [ -f /etc/system-release-cpe ];then
+  distro=$(awk -F: '{printf "%s", $3}' /etc/system-release-cpe)
+  major_version=$(awk -F: '{printf "%d", $5}' /etc/system-release-cpe)
+elif [ -f /etc/redhat-release ];then
+  distro=$(awk '{printf "%s", $1}' /etc/redhat-release)
+  major_version=$(awk -F. '{print $1}' /etc/redhat-release | awk '{printf "%d", $3}')
+fi
+# ${distro,,} converts to lower case for comparison
+if [[ ${distro,,} == "centos" || ${distro,,} == "oracle" ]]; then
+  case $major_version in
+)
+      OSTYPE="el7"
+    ;;
+)
+      OSTYPE="el6"
+    ;;
+)
+      echo ">>Error: ${distro} ${major_version} is deprecated."
+      exit 1
+    ;;
+    *)
+      echo ">>Error: Cannot determine ${distro} major version or version not supported (${major_version})."
+      exit 1
+    ;;
+  esac
+else
+  echo ">>Error: Only CentOS and Oracle Linux are supported...exiting."
+  exit 1
+fi
+}
+#=====================================
+# Get Script Arguments
+#=====================================
+# Reset POSIX variable in case it has been used previously in this shell
+OPTIND=1
+# By default, do not force run script. Prompt for running or not.
+force_run_script="no"
+while getopts "hd:y" opt; do
+  case "${opt}" in
+    h) # -h (help) argument
+      print_usage
+      exit 0
+    ;;
+    d) # -d (directory path)
+      base_path=${OPTARG}
+    ;;
+    y) # -y (yes to running script) argument
+      force_run_script="yes"
+    ;;
+    *) # invalid argument
+      print_usage
+      exit 0
+    ;;
+  esac
+done
+####==================================
+#### Main Starts Here
+####==================================
+# Ensure a base path of where we start is passed
+if [ ! -d "${base_path}" ]; then
+  echo ">>Error: Argument -d 'dir' expected and must be a directory."
+  print_usage
+fi
+# Set variables used throughout the script
+get_os_type
+#====================================================================
+# Confirm running the post install script
+#====================================================================
+echo -e "======================================================"
+echo -e "####========= Post Install Configuration =========####"
+echo -e "======================================================"
+echo
+echo -e "Warning: Run this on a fresh install only for initial setup."
+echo -e "Detected Distro: ${distro} ${major_version}"
+echo -e "OS Family: ${OSTYPE}"
+echo -e "Using Base Path: ${base_path}"
+echo -e "=>Continue?[y/n]:\c"
+if [[ ${force_run_script} == "no" ]]; then
+  read run_script
+elif [[ ${force_run_script} == "yes" ]]; then
+  echo -e " Force run script detected. Continuing..."
+  run_script="y"
+else
+  echo -e ">>Error: Unknown value for force_run_script (${force_run_script}). Exiting..."
+  exit 1
+fi
+if [[ ${run_script} != "y" ]]; then
+  echo -e "\n>>Will not run the post install script. Exiting..."
+  exit 1
+fi
+#===================================================================
+# Remove some packages
+#===================================================================
+echo -e "\n\n>>Removing some packages..."
+# If a Virtual Machine: Remove/Disable biosdevname so network device naming
+# doesn't change to port/slot naming convention
+dmidecode | grep -i vmware > /dev/null
+if [[ $? -eq 0 ]]; then
+  echo -e "\n->Checking for biosdevname..."
+  rpm -q biosdevname
+  if [ $? -eq 0 ]; then
+    echo -e "->Removing biosdevname..."
+    yum -y remove biosdevname
+    # Disable the kernel option for biosdevname
+    if [[ ${major_version} == "7" ]]; then
+      # check for "net.ifnames=0 biosdevname=0" on the kernel options line
+      if [[ $(grep GRUB_CMDLINE_LINUX /etc/default/grub | grep -o "net.ifnames=0 biosdevname=0" | wc -l) -eq 0 ]]; then
+        echo -e "->Disabling biosdevname kernel option..."
+        # remove trailing quote (") and then append: net.ifnames=0 biosdevname=0"
+        sed -i -r -e "/^GRUB_CMDLINE_LINUX/s/\"$//" /etc/default/grub
+        sed -i -r -e "/^GRUB_CMDLINE_LINUX/s/^(GRUB_CMDLINE_LINUX=\".*)/\1 net.ifnames=0 biosdevname=0\"/g" /etc/default/grub
+        grub2-mkconfig -o /boot/grub2/grub.cfg
+      fi
+    else
+      echo -e "->Disabling biosdevname kernel option..."
+      # append biosdevname=0 to the kernel lines
+      sed -i -r -e "/^\s+kernel/s/^(\s+kernel .*)/\1 biosdevname=0/g" /boot/grub/grub.conf
+    fi
+  fi
+fi
+## End of virtual machine check ##
+# Space separated list of packages to remove
+remove_packages="NetworkManager abrt setroubleshoot-server"
+# Remove the packages
+for package in ${remove_packages}; do
+  echo -e "\n->Checking for ${package}..."
+  rpm -q ${package}
+  if [ $? -eq 0 ]; then
+    echo -e "->Removing ${package}..."
+    yum -y remove ${package}
+  fi
+done
+#====================================================================
+# Temporary DNS Settings
+#====================================================================
+echo -e "\n\n>>Setting temporary DNS settings to ensure a working config..."
+echo "##== Temp Settings from worker_postinstall.sh ==##" > /etc/resolv.conf
+echo "search example.com" >> /etc/resolv.conf
+echo "options timeout:1" >> /etc/resolv.conf
+echo "options attempts:1" >> /etc/resolv.conf
+echo "nameserver ip.address.here" >> /etc/resolv.conf
+echo "nameserver ip.address.here" >> /etc/resolv.conf
+echo "nameserver ip.address.here" >> /etc/resolv.conf
+echo -e "->Settings are:"
+cat /etc/resolv.conf
+echo -e "\n>>Removing interface DNS over rides..."
+sed -i '/^DNS.*/d' /etc/sysconfig/network-scripts/ifcfg-*
+#====================================================================
+# Register with Spacewalk - or other systems management app
+#====================================================================
+#=========================
+# Spacewalk Customization
+#=========================
+# Spacewalk server fqdn hostname
+sw_server="spacewalk.example.com"
+# Spacewalk server's ssl ca rpm version and installed location
+#(this is the package available at: https://${sw_server}/pub/${sw_server_ca})
+sw_server_ca="rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm"
+sw_server_ca_installed="/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT"
+# Spacewalk server channel activation keys
+sw_activation_key_centos6_32bit="1-centos6_i386_key"
+sw_activation_key_centos6_64bit="1-centos6_x86-64_key"
+sw_activation_key_centos7_64bit="1-centos7_x86-64_key"
+sw_activation_key_oracle6_64bit="1-oracle6_x86-64_key"
+sw_activation_key_oracle7_64bit="1-oracle7_x86-64_key"
+# Repos and GPG Keys
+sw_client_repo_gpgkey="http://${sw_server}/pub/repos/RPM-GPG-KEY-spacewalk-2015"
+sw_client_repo_el6="http://${sw_server}/pub/repos/spacewalk-client-repo-2.4-3.el6.noarch.rpm"
+sw_client_repo_el7="http://${sw_server}/pub/repos/spacewalk-client-repo-2.4-3.el7.noarch.rpm"
+sw_epel_repo_el6_gpgkey="http://${sw_server}/pub/repos/RPM-GPG-KEY-EPEL-6"
+sw_epel_repo_el7_gpgkey="http://${sw_server}/pub/repos/RPM-GPG-KEY-EPEL-7"
+sw_epel_repo_el6="http://${sw_server}/pub/repos/epel-release-latest-6.noarch.rpm"
+sw_epel_repo_el7="http://${sw_server}/pub/repos/epel-release-latest-7.noarch.rpm"
+#======================
+# End of Customization
+#======================
+echo -e "\n\n>>Registering with Spacewalk..."
+## Pre-Register Checks ##
+echo -e "\n->Performing pre-registration system checks..."
+#Store system architecture so we aren't calling uname multiple times
+system_arch=$(uname -i)
+if [[ ${system_arch} != "x86_64" && ${system_arch} != "i386" ]]; then
+  echo -e "->Error: Only x86_64 or i386 architecture channels supported at this time."
+  register_with_spacewalk="no"
+else
+  if [[ ${distro,,} == "centos" ]]; then
+    case $major_version in
+)
+        ## CentOS 7 Register - Set spacewalk client repo, epel, activation key ##
+        if [[ ${system_arch} != "x86_64" ]]; then
+          echo -e "->Error: Only ${distro} ${major_version} x86_64 architecture channels supported at this time."
+          register_with_spacewalk="no"
+        else
+          sw_client_repo="${sw_client_repo_el7}"
+          sw_epel_repo="${sw_epel_repo_el7}"
+          sw_epel_repo_gpgkey="${sw_epel_repo_el7_gpgkey}"
+          sw_activation_key="${sw_activation_key_centos7_64bit}"
+          register_with_spacewalk="yes"
+        fi
+      ;;
+)
+        ## CentOS 6 Register - Set spacewalk client repo, epel, activation key ##
+        sw_client_repo="${sw_client_repo_el6}"
+        sw_epel_repo="${sw_epel_repo_el6}"
+        sw_epel_repo_gpgkey="${sw_epel_repo_el6_gpgkey}"
+        if [[ ${system_arch} == "x86_64" ]]; then
+          sw_activation_key="${sw_activation_key_centos6_64bit}"
+        else
+          sw_activation_key="${sw_activation_key_centos6_32bit}"
+        fi
+        register_with_spacewalk="yes"
+      ;;
+      *)
+        echo "-> Warning: No Spacewalk channel available for ${distro} ${major_version}."
+        register_with_spacewalk="no"
+      ;;
+    esac
+  elif [[ ${distro,,} == "oracle" ]]; then
+    case ${major_version} in
+)
+        # Oracle 7 register - Set spacewalk client repo, epel, activation key ##
+        if [[ ${system_arch} != "x86_64" ]]; then
+          echo -e "->Error: Only ${distro} ${major_version} x86_64 architecture channels supported at this time."
+          register_with_spacewalk="no"
+        else
+          sw_client_repo="${sw_client_repo_el7}"
+          sw_epel_repo="${sw_epel_repo_el7}"
+          sw_epel_repo_gpgkey="${sw_epel_repo_el7_gpgkey}"
+          sw_activation_key="${sw_activation_key_oracle7_64bit}"
+          register_with_spacewalk="yes"
+        fi
+      ;;
+)
+        ## Oracle 6 register - Set spacewalk client repo, epel, activation key ##
+        if [[ ${system_arch} != "x86_64" ]]; then
+          echo -e "->Error: Only ${distro} ${major_version} x86_64 architecture channels supported at this time."
+          register_with_spacewalk="no"
+        else
+          sw_client_repo="${sw_client_repo_el6}"
+          sw_epel_repo="${sw_epel_repo_el6}"
+          sw_epel_repo_gpgkey="${sw_epel_repo_el6_gpgkey}"
+          sw_activation_key="${sw_activation_key_oracle6_64bit}"
+          register_with_spacewalk="yes"
+        fi
+      ;;
+      *)
+        echo "-> Warning: No Spacewalk channel available for ${distro} ${major_version}."
+        register_with_spacewalk="no"
+      ;;
+    esac
+  else
+    echo -e "-> Warning: ${distro} not supported. Only CentOS and Oracle channels available at this time."
+    register_with_spacewalk="no"
+  fi # end of distro == centos, elif oracle check
+fi # end of architecture check
+## Begin Registration Process ##
+if [[ ${register_with_spacewalk} == "yes" ]]; then
+  # Add Repos #
+  echo -e "\n->Adding Spacewalk Client Repo..."
+  rpm -v --import ${sw_client_repo_gpgkey}
+  rpm -ivh ${sw_client_repo}
+  echo -e "\n->Adding EPEL Repo..."
+  rpm -v --import ${sw_epel_repo_gpgkey}
+  rpm -ivh ${sw_epel_repo}
+  echo -e "\n->Making yum cache..."
+  yum makecache fast
+  # Install Spacewalk's CA Cert #
+  echo -e "\n>> Installing ${sw_server}'s trusted CA cert..."
+  rpm -ivh https://${sw_server}/pub/${sw_server_ca}
+  echo -e "\n->Caching DNS lookup for mirrors.fedoraproject.org..."
+  dig mirrors.fedoraproject.org &> /dev/null
+  # Install Client Packages
+  echo -e "\n->Installing rhn client packages..."
+  yum -y install rhn-client-tools rhn-check rhn-setup rhnsd m2crypto yum-rhn-plugin
+  # Register #
+  echo -e "\n>> Registering with ${sw_server}..."
+  rhnreg_ks --serverUrl=https://${sw_server}/XMLRPC --sslCACert=${sw_server_ca_installed} --activationkey=${sw_activation_key}
+  registration_return_code=$?
+  if [[ ${registration_return_code} -eq 0 ]]; then
+    echo -e "->Registration successful."
+    sw_registered="yes"
+    # Show website
+    echo -e "->System should now appear in the Spacewalk portal at: https://${sw_server}/rhn/systems/Registered.do"
+    sleep 2
+    # Install Config Management Packages
+    echo -e "\n->Installing rhn configuration management client packages..."
+    yum -y install rhncfg rhncfg-actions rhncfg-client rhncfg-management
+    # Allow Spacewalk server to deploy config files
+    echo -e "\n->Enabling Spacewalk server deploy control..."
+    rhn-actions-control --enable-all
+    # Deploy spacewalk-checkin cron job (runs rhn_check every 30 mins)
+    echo -e "\n>> Deploying /etc/cron.d/spacewalk-checkin job..."
+    rhncfg-client get /etc/cron.d/spacewalk-checkin
+    # If not successful, create a minimum job file
+    grep --quiet "This Config Managed by Spacewalk" /etc/cron.d/spacewalk-checkin
+    if [[ $? -ne 0 ]]; then
+      echo "# Spacewalk - Check in to the Spacewalk Server via rhn_check" > /etc/cron.d/spacewalk-checkin
+      echo 'MAILTO=""' >> /etc/cron.d/spacewalk-checkin
+      echo "*/30 * * * * root /usr/sbin/rhn_check" >> /etc/cron.d/spacewalk-checkin
+      echo -e "\n>> Setting permissions on /etc/cron.d/spacewalk-checkin..."
+      chmod -v 600 /etc/cron.d/spacewalk-checkin
+    fi
+    ## Disable rhnsd (not needed because of cron job "spacewalk-checkin" ##
+    echo -e "\n>> Disabling rhnsd(not needed because of cron job 'spacewalk-checkin'..."
+    if [[ ${major_version} == "7" ]]; then
+      systemctl disable rhnsd
+      systemctl stop rhnsd
+    else
+      chkconfig rhnsd off
+      service rhnsd stop
+    fi
+    ## Add Custom GPG Key - If you created a custom Repo on Spacewalk ##
+    sw_custom_repo_gpgkey="http://${sw_server}/pub/repos/RPM-GPG-KEY-Custom"
+    echo -e "\n>> Adding Custom GPG key from: ${sw_custom_repo_gpgkey}"
+    rpm -v --import ${sw_custom_repo_gpgkey}
+    ## Deploy Config Files - If you are managing config files on Spacewalk ##
+    echo -e "\n->Deploying OS specific config files..."
+    for FILE in $(rhncfg-client list | awk /el${major_version}-os/'{print $3}'); do
+      rhncfg-client get ${FILE}
+    done
+    echo -e "\n->Deploying Base config files..."
+    for FILE in $(rhncfg-client list | awk /base/'{print $3}'); do
+      rhncfg-client get ${FILE}
+    done
+    ## Disable Old Repos ##
+    if [[ ${distro,,} == "centos" ]]; then
+      # Disable CentOS default system repos
+      echo -e "\n->Disabling default CentOS repos..."
+      for FILE in /etc/yum.repos.d/CentOS-*.repo; do
+        sed -i 's/enabled=1/enabled=0/' ${FILE}
+        sed -i '/gpgcheck/a enabled=0' ${FILE}
+      done
+    elif [[ ${distro,,} == "oracle" ]]; then
+      # Disable Oracle default system repos
+      echo -e "\n-> Disabling default Oracle repos..."
+      for FILE in /etc/yum.repos.d/public-yum-ol*.repo; do
+        sed -i 's/enabled=1/enabled=0/' ${FILE}
+        sed -i '/gpgcheck/a enabled=0' ${FILE}
+      done
+    fi
+    # Disable temporary epel repo
+    echo -e "\n->Disabling default epel repos..."
+    sed -i 's/enabled=1/enabled=0/' /etc/yum.repos.d/epel.repo
+    sed -i 's/enabled=1/enabled=0/' /etc/yum.repos.d/epel-testing.repo
+    # Show repos
+    echo -e "\n->Active repos are:"
+    yum repolist
+  elif [[ ${registration_return_code} -eq 255 ]]; then
+    echo -e "-> Registration encountered an error! (Return Code: ${registration_return_code})"
+    echo -e "\n-> To manually force registration(if that is the problem), copy/paste: rhnreg_ks --force --serverUrl=https://${sw_server}/XMLRPC --sslCACert=${sw_server_ca_installed} --activationkey=${sw_activation_key}"
+    echo -e "\n--> WARNING: This may create duplicate systems in Spacewalk."
+    echo -e "\n-> Once registered, manually complete the rest of the process: rhn-actions-control --enable-all; rhncfg-client get /etc/cron.d/spacewalk-checkin"
+    echo -e "-> Then disable non Base,Extra,Updates,and EPEL repos."
+    sw_registered="no"
+  else
+    # Registration was not successful
+    echo -e "-> Registration encountered an error! (Return Code: ${registration_return_code})"
+    echo -e "-> Will NOT install setup spacewalk-checkin job and disable default repos."
+    sw_registered="no"
+  fi
+else
+  echo -e "-> WARNING: Will NOT register system with Spacewalk."
+  sw_registered="no"
+fi
+## End Registration Process ##
+#====================================================================
+# Install system packages
+#====================================================================
+echo -e "\n\n>>Ensuring base system packages are installed..."
+yum -y install bash-completion bind-utils dmidecode iotop lsof mailx man mlocate nfs-utils openssh-clients perl psmisc rsync tcpdump vim-enhanced wget yum-utils
+echo -e "\n->Ensuring man pages are up to date..."
+if [[ ${major_version} == "7" ]]; then
+  mandb
+else
+  makewhatis
+fi
+echo -e "\n->Ensure lastlog exists..."
+touch /var/log/lastlog
+#====================================================================
+# Configure Grub
+#====================================================================
+echo -e "\n\n>>Configuring Grub..."
+echo -e "\n->Setting grub timeout to 3..."
+if [[ ${major_version} == "7" ]]; then
+  sed -i 's/^GRUB_TIMEOUT=[0-9]*/GRUB_TIMEOUT=3/' /etc/default/grub
+else
+  sed -i 's/^timeout=[0-9]*/timeout=3/' /boot/grub/grub.conf
+fi
+echo -e "\n->Removing 'hiddenmenu'..."
+if [[ ${major_version} == "7" ]]; then
+  echo -e "->Nothing to do for EL 7."
+else
+  sed -i '/hiddenmenu/d' /boot/grub/grub.conf
+fi
+echo -e "\n->No picture while booting..."
+if [[ ${major_version} == "7" ]]; then
+  sed -i 's/ rhgb//g' /etc/default/grub
+else
+  sed -i 's/ rhgb//g' /boot/grub/grub.conf
+fi
+echo -e "\n->No 'quiet' booting..."
+if [[ ${major_version} == "7" ]]; then
+  sed -i 's/ quiet//g' /etc/default/grub
+else
+  sed -i 's/ quiet//g' /boot/grub/grub.conf
+fi
+if [[ ${major_version} == "7" ]]; then
+  echo -e "\n->Generating grub config..."
+  grub2-mkconfig -o /boot/grub2/grub.cfg
+fi
+#====================================================================
+# Install and configure time protocol
+#====================================================================
+echo -e "\n\n>>Installing and configuring time protocol..."
+if [[ ${major_version} == "7" ]]; then
+  echo -e "\n->Removing NTP, installing Chrony..."
+  yum -y remove ntp
+  yum -y install chrony
+  time_config="chrony.conf"
+else
+  echo -e "\n->Installing NTP..."
+  yum -y install ntp
+  time_config="ntp.conf"
+fi
+echo -e "\n->Initial time sync..."
+if [[ ${major_version} == "7" ]]; then
+  echo -e "->Chrony automatically syncs time upon startup quickly; do nothing here."
+else
+  ntpd -gxq
+  sleep 1
+  ntpd -gxq
+  sleep 1
+  ntpd -gxq
+  sleep 1
+fi
+echo -e "\n->Starting and enabling the time service..."
+if [[ ${major_version} == "7" ]]; then
+  systemctl restart chronyd
+  systemctl enable chronyd
+else
+  service ntpd restart
+  chkconfig ntpd on
+fi
+#====================================================================
+# System Updates
+#====================================================================
+echo -e "\n\n>>Running system updates..."
+yum -y update
+#====================================================================
+# Configure OS settings
+#====================================================================
+echo -e "\n\n>>Configuring OS settings..."
+# Not in Spacewalk Config Channels
+echo -e "\n->Non-Spacewalk Managed configs (remove motd, at.allow, cron.allow)..."
+rm -fv /etc/motd
+\cp -v ${base_path}os-agnostic/etc/at.allow /etc/at.allow
+\cp -v ${base_path}os-agnostic/etc/cron.allow /etc/cron.allow
+# Ensure proper ownership and permissions
+chown -v root:root /etc/at.allow /etc/cron.allow
+chmod -v 600 /etc/at.allow /etc/cron.allow
+#====================================================================
+# Setup Mail
+#====================================================================
+echo -e "\n\n>>Configuring mail..."
+# Setup alias for root's mail
+mail_aliases='root: sysadmins@example.com'
+echo -e "\n->Setting the following root alias in /etc/aliases: ${mail_aliases}"
+sed -i -r -e "s/^#?root.*/${mail_aliases}/" /etc/aliases
+echo -e "\n->Rebuilding aliases.db..."
+newaliases
+# Determine if using postfix or sendmail, setup config
+echo -e "\n->Checking for postfix and sendmail packages..."
+rpm -q postfix
+postfix_installed="$?"
+rpm -q sendmail
+sendmail_installed="$?"
+if [[ ${postfix_installed} -eq 0 ]]; then
+  mail_client="postfix"
+  echo -e "\n->Detected mail client is: ${mail_client}. Configuring..."
+elif [[ ${sendmail_installed} -eq 0 ]]; then
+  mail_client="sendmail"
+  echo -e "\n->Detected mail client is: ${mail_client}. Configuring..."
+else
+  mail_client=""
+  echo -e "\n>>Error! Could not detect an installed postfix or sendmail config."
+fi
+if [[ ${mail_client} == "postfix" || ${mail_client} == "sendmail" ]]; then
+  echo -e "\n->Starting up mail client: ${mail_client}..."
+  if [[ ${major_version} == "7" ]]; then
+    systemctl start ${mail_client}
+    systemctl enable ${mail_client}
+  else
+    service ${mail_client} start
+    chkconfig ${mail_client} on
+  fi
+fi
+#====================================================================
+# Setup Authentication (IPA) - or other LDAP source
+#====================================================================
+echo -e "\n\n>>Configuring Authentication(IPA)..."
+echo -e "\n->Installing IPA Client packages..."
+yum -y install ipa-client
+case ${OSTYPE} in
+  "el7") # EL7 IPA Config
+    # Unattended install
+    echo -e "\n->Running IPA Unattended realm join..."
+    ipa-client-install --domain=example.com --server=ipaserver01.example.com --server=ipaserver02.example.com --mkhomedir --no-dns-sshfp --fixed-primary --hostname=$(hostname | sed 's/.example.com//' | tr '[:upper:]' '[:lower:]').example.com --no-ntp --principal autoenroll --password=<PASSWORD-HERE> --unattended --force-join
+    if [[ $? -ne 0 ]]; then
+      # ipa-client-install exited with a non-zero status
+      echo -e "->ERROR! ipa-client-install encountered an error! Is the host added to the IPA servers?"
+      echo -e "->WARNING: System not joined to IPA."
+    else
+      # ipa-client-install realm join was successful
+      # fix sshd config: ipa-client-install modifies sshd, breaking it if there are any Match statements
+      echo -e "\n->Redeploying sshd config and restart the service..."
+      rhncfg-client get /etc/ssh/sshd_config
+      systemctl restart sshd
+      echo -e "\n->Ensuring nscd/nslcd is disabled..."
+      systemctl stop nslcd nscd
+      systemctl disable nslcd nscd
+      echo -e "\n->Disabling ldap identification,ldap auth, and force legacy (sssd used instead)..."
+      authconfig --disableldap --disableldapauth --disableforcelegacy --update
+      echo -e "\n->Restarting sssd..."
+      systemctl restart sssd
+      echo -e "\n->Starting and enabling oddjobd..."
+      systemctl start oddjobd
+      systemctl enable oddjobd
+    fi
+  ;; # END of EL7 IPA Config
+  "el6") # EL6 IPA Config
+    # Unattended install
+    echo -e "\n->Running IPA Unattended realm join..."
+    ipa-client-install --domain=example.com --server=ipaserver02.example.com --server=ipaserver01.example.com --mkhomedir --no-dns-sshfp --fixed-primary --hostname=$(hostname | sed 's/.example.com//' | tr '[:upper:]' '[:lower:]').example.com --no-ntp --principal autoenroll --password=<PASSWORD-HERE> --unattended --force-join
+    if [[ $? -ne 0 ]]; then
+      # ipa-client-install exited with a non-zero status
+      echo -e "->ERROR! ipa-client-install encountered an error! Is the host added to the IPA servers?"
+      echo -e "->WARNING: System not joined to IPA."
+    else
+      # ipa-client-install realm join was successful
+      # fix sshd config: ipa-client-install modifies sshd, breaking it if there are any Match statements
+      echo -e "\n->Redeploying sshd config and restart the service..."
+      rhncfg-client get /etc/ssh/sshd_config
+      service sshd restart
+      echo -e "\n->Ensuring nscd/nslcd is disabled..."
+      service nslcd stop
+      service nscd stop
+      chkconfig nslcd off
+      chkconfig nscd off
+      echo -e "\n->Disabling ldap identification,ldap auth, and force legacy (sssd used instead)..."
+      authconfig --disableldap --disableldapauth --disableforcelegacy --update
+      echo -e "\n->Restarting sssd..."
+      service sssd restart
+      echo -e "\n->Starting and enabling oddjobd..."
+      service messagebus start
+      service oddjobd start
+      chkconfig messagebus on
+      chkconfig oddjobd on
+      echo -e "\n->Adding client idle timeout to sssd.conf (cron fix for EL6 bug)..."
+      if [[ $(grep client_idle_timeout /etc/sssd/sssd.conf) ]]; then
+        echo -e "->Client idle timeout found in sssd.conf, will not append"
+      else
+        sed -i '/services = nss, sudo, pam, ssh/ a\client_idle_timeout=75' /etc/sssd/sssd.conf
+        service sssd restart
+        service crond restart
+      fi
+    fi
+  ;; # END of EL6 IPA Config
+esac
+#====================================================================
+# Setup monitoring client
+#====================================================================
+# Install and configure system monitoring client here
+#====================================================================
+# Install Extra System Packages, EPEL Repo, and EPEL Packages
+#====================================================================
+echo -e "\n\n>>Installing extra packages..."
+# Space separated package list
+SYS_PKGS="sysstat"
+echo -e "\n->Installing extra system packages: ${SYS_PKGS}"
+yum -y install ${SYS_PKGS}
+# Check to see if Spacewalk has registered the EPEL repo
+echo -e "\n->Checking for Spacewalk EPEL repo..."
+yum repolist | grep ".*_epel"
+epel_added="$?"
+if [[ ${epel_added} -eq 0 ]]; then
+  # EPEL repo was found in yum repolist
+  echo -e "\n->EPEL repo detected. Will not add again."
+else
+  # EPEL repo was NOT found in yum repolist; Add EPEL Repo
+  echo -e "\n->EPEL repo not found; Adding EPEL repo..."
+  yum -y install epel-release
+  echo -e "\n->Caching mirrors.fedoraproject.org with dig...\n"
+  dig mirrors.fedoraproject.org > /dev/null
+  echo -e "\n->Listing repos to build cache..."
+  yum repolist
+  if [ $? -eq 1 ]; then
+    echo -e "\n->Repo list error...attempting to fix."
+    yum clean all
+    yum repolist
+    if [ $? -eq 1 ]; then
+      echo -e "\n->STILL repolist error...probably because of EPEL. Trying to reinstall..."
+      yum -y remove epel-release
+      yum clean all
+      yum -y install epel-release
+      echo -e "\n->Caching mirrors.fedoraproject.org with dig...\n"
+      dig mirrors.fedoraproject.org > /dev/null
+      echo -e "\n->Listing repos to build cache..."
+      yum repolist
+    fi
+  fi
+fi # end of yum repolist grep
+# Space separated package list
+EPEL_PKGS="clamav clamav-update iperf"
+echo -e "\n->Installing EPEL packages: ${EPEL_PKGS}"
+yum -y install ${EPEL_PKGS}
+#====================================================================
+# Configure Extra Packages
+#====================================================================
+echo -e "\n\n>>Configuring extra packages..."
+echo -e "\n->Removing 'REMOVE ME' lines from /etc/sysconfig/freshclam..."
+if [[ -f /etc/sysconfig/freshclam ]]; then
+  sed -i '/REMOVE ME/d' /etc/sysconfig/freshclam
+else
+  echo -e "->Skipping => /etc/sysconfig/freshclam does not exist."
+fi
+#====================================================================
+# System Services --- Startup
+#====================================================================
+echo -e "\n\n>>Starting some services..."
+# Space separated services list
+SERVICES_START="auditd clamd"
+SERVICES_START_EL7="auditd clamd@scan"
+if [[ ${major_version} == "7" ]]; then
+  echo -e "\n->Attempting to start: ${SERVICES_START_EL7}"
+  for SYSTEM_SERVICE in ${SERVICES_START_EL7}; do
+    systemctl start ${SYSTEM_SERVICE}
+  done
+else
+  echo -e "\n->Attempting to start: ${SERVICES_START}"
+  for SYSTEM_SERVICE in ${SERVICES_START}; do
+    service ${SYSTEM_SERVICE} start
+  done
+fi
+#====================================================================
+# System Services --- Enable on boot
+#====================================================================
+echo -e "\n\n>>Enabling some services..."
+# Space separated services list
+SERVICES_ON="auditd clamd oddjobd ${mail_client}"
+SERVICES_ON_EL7="auditd clamd@scan oddjobd ${mail_client}"
+if [[ ${major_version} == "7" ]]; then
+  echo -e "\n->Attempting to enable: ${SERVICES_ON_EL7}"
+  for SYSTEM_SERVICE in ${SERVICES_ON_EL7}; do
+    systemctl enable ${SYSTEM_SERVICE}
+  done
+else
+  echo -e "\n->Attempting to enable: ${SERVICES_ON}"
+  for SYSTEM_SERVICE in ${SERVICES_ON}; do
+    chkconfig ${SYSTEM_SERVICE} on
+  done
+fi
+#====================================================================
+# System Services --- Stop
+#====================================================================
+echo -e "\n\n>>Stopping some services..."
+# Space separated services list
+SERVICES_STOP="kdump saslauthd"
+SERVICES_STOP_EL7="kdump saslauthd"
+if [[ ${major_version} == "7" ]]; then
+  echo -e "\n->Attempting to stop: ${SERVICES_STOP_EL7}"
+  for SYSTEM_SERVICE in ${SERVICES_STOP_EL7}; do
+    systemctl stop ${SYSTEM_SERVICE}
+  done
+else
+  echo -e "\n->Attempting to stop: ${SERVICES_STOP}"
+  for SYSTEM_SERVICE in ${SERVICES_STOP}; do
+    service ${SYSTEM_SERVICE} stop
+  done
+fi
+#====================================================================
+# System Services --- Disable
+#====================================================================
+echo -e "\n\n>>Disabling some services..."
+# Space separated services list
+SERVICES_OFF="kdump saslauthd"
+SERVICES_OFF_EL7="kdump saslauthd"
+if [[ ${major_version} == "7" ]]; then
+  echo -e "\n->Attempting to disable: ${SERVICES_OFF_EL7}"
+  for SYSTEM_SERVICE in ${SERVICES_OFF_EL7}; do
+    systemctl disable ${SYSTEM_SERVICE}
+  done
+else
+  echo -e "\n->Attempting to disable: ${SERVICES_OFF}"
+  for SYSTEM_SERVICE in ${SERVICES_OFF}; do
+    chkconfig ${SYSTEM_SERVICE} off
+  done
+fi
+#====================================================================
+# Post Installation Completed
+#====================================================================
+echo -e "\n\n#=================================================================="
+echo "# Post Install Configuration Completed. - A reboot is recommended."
+echo "#=================================================================="
+exit 0
 </code>
 ----