Differences
This shows you the differences between two versions of the page.
linux_wiki:os_install_post_install [2017/09/12 23:24] billdozor [Post Install Script: Worker] |
linux_wiki:os_install_post_install [2019/05/25 23:50] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== OS Install: Post Install ====== | ||
- | |||
- | **General Information** | ||
- | |||
- | After installing an OS via [[linux_wiki: | ||
- | |||
- | This page demonstrates how to create VM templates and kickstarts that will auto-execute scripts one time for a system' | ||
- | |||
- | **Checklist** | ||
- | * Distro(s): Enterprise Linux 6/7 | ||
- | * Other: NFS Server sharing a post install configuration script | ||
- | |||
- | ---- | ||
- | |||
- | ====== Firstboot ====== | ||
- | |||
- | * The firstboot script is executed once. | ||
- | * It is baked into the system via a VM template or kickstart. | ||
- | * It stays generic and calls other external scripts on remote admin systems to do the actual post install configuration. | ||
- | * It also reboots the system and sends an email once it has completed | ||
- | |||
- | ---- | ||
- | |||
- | ===== Firstboot: The script ===== | ||
- | |||
- | This script is meant to run once and then disable itself. It calls other post install script(s) to do the actual work. | ||
- | |||
- | / | ||
- | <code bash> | ||
- | #!/bin/bash | ||
- | # Name: firstboot.sh | ||
- | # Description: | ||
- | |||
- | #### Customize These Variables #### | ||
- | nfs_server=" | ||
- | nfs_server_share=" | ||
- | nfs_client_mountpoint="/ | ||
- | post_install_script=" | ||
- | post_install_log="/ | ||
- | |||
- | # Write a successful run file | ||
- | firstboot_ran_file="/ | ||
- | |||
- | # System Admins Group Email | ||
- | system_admins_email=' | ||
- | |||
- | # Reboot delay in minutes | ||
- | reboot_delay=" | ||
- | #### End of Customize Variables #### | ||
- | |||
- | # | ||
- | # Functions; Main Starts After | ||
- | # | ||
- | function check_os_type | ||
- | { | ||
- | ## Gather Distro and Major Version | ||
- | if [ -f / | ||
- | distro=$(awk -F: ' | ||
- | major_version=$(awk -F: ' | ||
- | elif [ -f / | ||
- | distro=$(awk ' | ||
- | major_version=$(awk -F. ' | ||
- | fi | ||
- | } | ||
- | |||
- | # | ||
- | # Main Program | ||
- | # | ||
- | |||
- | echo -e " | ||
- | echo -e "#### | ||
- | echo -e " | ||
- | |||
- | # Check to see if script has been run before | ||
- | if [[ -f ${firstboot_ran_file} ]]; then | ||
- | echo -e " | ||
- | echo -e " | ||
- | exit 1 | ||
- | fi | ||
- | |||
- | # Discover OS Type | ||
- | check_os_type | ||
- | |||
- | # Start rpcbind service | ||
- | if [[ ${major_version} == " | ||
- | systemctl start rpcbind | ||
- | else | ||
- | service rpcbind start | ||
- | fi | ||
- | |||
- | # Try to reach the NFS server 3 times | ||
- | for index in 1 2 3; do | ||
- | ping -c 1 ${nfs_server} &> /dev/null | ||
- | | ||
- | if [[ $? -eq 0 ]]; then | ||
- | # Successful ping, exit loop | ||
- | break | ||
- | else | ||
- | # Unsuccessful; | ||
- | echo -e " | ||
- | sleep 10 | ||
- | fi | ||
- | done | ||
- | |||
- | # Mount script location | ||
- | echo -e " | ||
- | mount -t nfs ${nfs_server_share} ${nfs_client_mountpoint} | ||
- | |||
- | # Execute post install script | ||
- | echo -e " | ||
- | ${post_install_script} | ||
- | |||
- | if [[ $? -eq 0 ]]; then | ||
- | echo -e " | ||
- | else | ||
- | echo -e " | ||
- | exit 1 | ||
- | fi | ||
- | |||
- | # | ||
- | # Call other post install scripts/ | ||
- | # | ||
- | |||
- | # Unmount nfs share | ||
- | echo -e " | ||
- | umount ${nfs_client_mountpoint} | ||
- | |||
- | #### Safeguards to prevent firstboot.sh from running more than once #### | ||
- | # Create firstboot-ran file | ||
- | echo -e " | ||
- | echo -e " | ||
- | chown -v root:root ${firstboot_ran_file} | ||
- | chmod -v 400 ${firstboot_ran_file} | ||
- | |||
- | # Make script not executable | ||
- | echo -e " | ||
- | chown -v root:root ${0} | ||
- | chmod -v 400 ${0} | ||
- | |||
- | # Disable auto execution | ||
- | if [[ ${major_version} == " | ||
- | systemctl disable firstboot.service | ||
- | else | ||
- | sed -i '/ | ||
- | fi | ||
- | #### End of Safeguards #### | ||
- | |||
- | # Email notification of completion | ||
- | echo -e " | ||
- | echo -e "The firstboot script process has completed for: ' | ||
- | |||
- | # Allow some time for the email to be sent | ||
- | sleep 5 | ||
- | |||
- | # Reboot system | ||
- | shutdown -r +${reboot_delay} " | ||
- | |||
- | ---- | ||
- | |||
- | ===== Firstboot: CentOS 7 Service ===== | ||
- | |||
- | Firstboot will get executed on CentOS 7 via a custom systemd service unit. | ||
- | |||
- | Create the following service unit file: / | ||
- | <code bash> | ||
- | [Unit] | ||
- | Description=Auto-execute post install scripts | ||
- | After=network.target | ||
- | |||
- | [Service] | ||
- | ExecStart=/ | ||
- | |||
- | [Install] | ||
- | WantedBy=multi-user.target | ||
- | </ | ||
- | |||
- | ---- | ||
- | |||
- | ===== Firstboot: CentOS 6 Service ===== | ||
- | |||
- | CentOS 6 will make use of rc.local to execute the script. | ||
- | |||
- | Append to: / | ||
- | <code bash> | ||
- | / | ||
- | </ | ||
- | |||
- | ---- | ||
- | |||
- | ====== Auto Setup ====== | ||
- | |||
- | Now that we have a firstboot script and method of executing on boot(CentOS 7 service or CentOS 6 rc.local), the combination of the two can be added to VM templates or kickstarts for unattended execution. | ||
- | |||
- | ---- | ||
- | |||
- | ===== Auto Setup: VM Templates ===== | ||
- | |||
- | The modifications for auto execution need to be done on a new template that is a modification of your base VM template. | ||
- | |||
- | **Warning**: | ||
- | |||
- | * Deploy a new VM from your base template ([[linux_wiki: | ||
- | * Make the following modifications to the new system. | ||
- | * **CentOS 6**<code bash>## VM deployed from the base template ## | ||
- | |||
- | ## Create a script directory for root | ||
- | mkdir / | ||
- | |||
- | ## Mount NFS Server and Copy firstboot.sh to the VM | ||
- | mount -t nfs < | ||
- | cp -v / | ||
- | chown -Rv root:root / | ||
- | chmod -Rv 700 / | ||
- | |||
- | ## Create line in rc.local to auto execute firstboot script | ||
- | echo "/ | ||
- | |||
- | ## Unmount NFS server | ||
- | umount / | ||
- | * [[linux_wiki: | ||
- | * **CentOS 7**<code bash>## VM deployed from the base template ## | ||
- | |||
- | ## Create a script directory for root | ||
- | mkdir / | ||
- | |||
- | ## Mount NFS Server and Copy firstboot.sh to the VM | ||
- | mount -t nfs < | ||
- | cp -v / | ||
- | chown -Rv root:root / | ||
- | chmod -Rv 700 / | ||
- | |||
- | ## Copy firstboot.service unit to the VM | ||
- | cp -v / | ||
- | chown -v root:root / | ||
- | chmod -v 644 / | ||
- | systemctl enable firstboot.service | ||
- | |||
- | ## Unmount NFS server | ||
- | umount / | ||
- | * [[linux_wiki: | ||
- | |||
- | ---- | ||
- | |||
- | ===== Auto Setup: Kickstarts ===== | ||
- | |||
- | Kickstart files require a post install section to be edited in order for the firstboot script to be placed on a new system. | ||
- | |||
- | * [[linux_wiki: | ||
- | * Modify the " | ||
- | * **CentOS 6**<code bash> | ||
- | ( | ||
- | |||
- | ## Start rpcbind for NFS | ||
- | service rpcbind start | ||
- | |||
- | ## Mount NFS Server | ||
- | mount -vt nfs 10.1.2.3:/ | ||
- | |||
- | ## Create root's scripts directory | ||
- | mkdir / | ||
- | |||
- | ## Copy the firstboot script to the new directory | ||
- | cp -v / | ||
- | chown -Rv root:root / | ||
- | chmod -Rv 700 / | ||
- | |||
- | ## Create rc.local entry for auto execution on boot | ||
- | echo "/ | ||
- | |||
- | ## Unmount NFS Server | ||
- | umount -v /mnt | ||
- | ) | ||
- | %end</ | ||
- | * **CentOS 7**<code bash> | ||
- | ( | ||
- | |||
- | ## Start rpcbind for NFS | ||
- | systemctl start rpcbind | ||
- | |||
- | ## Mount NFS Server | ||
- | mount -vt nfs 10.1.2.3:/ | ||
- | |||
- | ## Create root's scripts directory | ||
- | mkdir / | ||
- | |||
- | ## Copy the firstboot script to the new directory | ||
- | cp -v / | ||
- | chown -Rv root:root / | ||
- | chmod -Rv 700 / | ||
- | |||
- | ## Copy the firstboot service for auto execution on boot | ||
- | cp -v / | ||
- | chown -v root:root / | ||
- | chmod -v 644 / | ||
- | |||
- | ## Enable firstboot service | ||
- | systemctl enable firstboot.service | ||
- | |||
- | ## Unmount NFS Server | ||
- | umount -v /mnt | ||
- | ) | ||
- | %end</ | ||
- | |||
- | ---- | ||
- | |||
- | ====== Post Install Script ====== | ||
- | |||
- | * The post install script is what gets called via the firstboot script. | ||
- | * This script does all the heavy lifting (system updates, configuration, | ||
- | |||
- | ===== Post Install Script: Parent ===== | ||
- | |||
- | **Post install script**: Provide logging and error checking | ||
- | <code bash postinstall.sh> | ||
- | #!/bin/bash | ||
- | # Title: postinstall.sh | ||
- | # Description: | ||
- | # Last Updated: 2016-10-24 | ||
- | # Most Recent Changes: | ||
- | ####################################################################################### | ||
- | |||
- | function print_usage | ||
- | { | ||
- | echo | ||
- | echo " Usage: postinstall.sh [-y]" | ||
- | echo | ||
- | echo " | ||
- | echo | ||
- | echo " | ||
- | echo " | ||
- | echo " | ||
- | echo " | ||
- | echo | ||
- | exit 1 | ||
- | } | ||
- | |||
- | # | ||
- | # Get Script Arguments | ||
- | # | ||
- | # Reset POSIX variable in case it has been used previously in this shell | ||
- | OPTIND=1 | ||
- | |||
- | # By default, do not force run script. Prompt for running or not. | ||
- | force_run_script=" | ||
- | |||
- | while getopts " | ||
- | case " | ||
- | h) # -h (help) argument | ||
- | print_usage | ||
- | exit 0 | ||
- | ;; | ||
- | y) # -y (yes to running script) argument | ||
- | force_run_script=" | ||
- | ;; | ||
- | *) # invalid argument | ||
- | print_usage | ||
- | exit 0 | ||
- | ;; | ||
- | esac | ||
- | done | ||
- | |||
- | ## | ||
- | ## Pre-req checks | ||
- | ## | ||
- | |||
- | ## Ensure we are root ## | ||
- | if [[ $(id --user) -ne 0 ]]; then | ||
- | echo ">> | ||
- | exit 1 | ||
- | fi | ||
- | |||
- | ## | ||
- | ## Set Script Variables | ||
- | ## | ||
- | |||
- | # Set base path from executed command (relative or full path works) | ||
- | base_path=" | ||
- | |||
- | # Set log file and script locations | ||
- | postinstall_log="/ | ||
- | postinstall_worker=" | ||
- | |||
- | ## | ||
- | ## Setup Logging | ||
- | ## | ||
- | echo -e ">> | ||
- | |||
- | # Clear log and timestamp the beginning | ||
- | cat /dev/null > ${postinstall_log} | ||
- | echo -e "---- Log Started: $(date) ----\n" | ||
- | |||
- | ## | ||
- | ## Execute External Scripts | ||
- | ## | ||
- | # Start script, pass base path argument | ||
- | if [[ ${force_run_script} == " | ||
- | ${base_path}${postinstall_worker} -d ${base_path} 2>&1 | tee -a ${postinstall_log} | ||
- | elif [[ ${force_run_script} == " | ||
- | ${base_path}${postinstall_worker} -d ${base_path} -y 2>&1 | tee -a ${postinstall_log} | ||
- | else | ||
- | echo -e ">> | ||
- | exit 1 | ||
- | fi | ||
- | |||
- | ## | ||
- | ## Close Logs, Show Location | ||
- | ## | ||
- | # Ending timestamp | ||
- | echo -e " | ||
- | |||
- | # Reminder of where the log file is at | ||
- | echo -e " | ||
- | echo -e " | ||
- | </ | ||
- | |||
- | ===== Post Install Script: Worker ===== | ||
- | |||
- | **Post install worker**: Perform the actual installations/ | ||
- | <code bash worker_postinstall.sh> | ||
- | #!/bin/bash | ||
- | # Name: worker_postinstall.sh | ||
- | # Description: | ||
- | # This script is meant to be launched via its parent script: postinstall.sh | ||
- | # Last Updated: 2016-12-14 | ||
- | # Recent Changes: | ||
- | # -Clamd install/ | ||
- | # section to be EL7 or other specific for target services. | ||
- | ############################################################################################### | ||
- | |||
- | function print_usage | ||
- | { | ||
- | echo | ||
- | echo " Usage: postinstall.sh [-y]" | ||
- | echo | ||
- | echo " | ||
- | echo " | ||
- | echo | ||
- | echo " | ||
- | echo " | ||
- | echo " | ||
- | echo " | ||
- | echo | ||
- | exit 1 | ||
- | } | ||
- | |||
- | function get_os_type | ||
- | { | ||
- | if [ -f / | ||
- | distro=$(awk -F: ' | ||
- | major_version=$(awk -F: ' | ||
- | elif [ -f / | ||
- | distro=$(awk ' | ||
- | major_version=$(awk -F. ' | ||
- | fi | ||
- | |||
- | # ${distro,,} converts to lower case for comparison | ||
- | if [[ ${distro,,} == " | ||
- | case $major_version in | ||
- | 7) | ||
- | OSTYPE=" | ||
- | ;; | ||
- | 6) | ||
- | OSTYPE=" | ||
- | ;; | ||
- | 5) | ||
- | echo ">> | ||
- | exit 1 | ||
- | ;; | ||
- | *) | ||
- | echo ">> | ||
- | exit 1 | ||
- | ;; | ||
- | esac | ||
- | else | ||
- | echo ">> | ||
- | exit 1 | ||
- | fi | ||
- | } | ||
- | |||
- | # | ||
- | # Get Script Arguments | ||
- | # | ||
- | # Reset POSIX variable in case it has been used previously in this shell | ||
- | OPTIND=1 | ||
- | |||
- | # By default, do not force run script. Prompt for running or not. | ||
- | force_run_script=" | ||
- | |||
- | while getopts " | ||
- | case " | ||
- | h) # -h (help) argument | ||
- | print_usage | ||
- | exit 0 | ||
- | ;; | ||
- | d) # -d (directory path) | ||
- | base_path=${OPTARG} | ||
- | ;; | ||
- | y) # -y (yes to running script) argument | ||
- | force_run_script=" | ||
- | ;; | ||
- | *) # invalid argument | ||
- | print_usage | ||
- | exit 0 | ||
- | ;; | ||
- | esac | ||
- | done | ||
- | |||
- | #### | ||
- | #### Main Starts Here | ||
- | #### | ||
- | |||
- | # Ensure a base path of where we start is passed | ||
- | if [ ! -d " | ||
- | echo ">> | ||
- | print_usage | ||
- | fi | ||
- | |||
- | # Set variables used throughout the script | ||
- | get_os_type | ||
- | |||
- | # | ||
- | # Confirm running the post install script | ||
- | # | ||
- | echo -e " | ||
- | echo -e "#### | ||
- | echo -e " | ||
- | echo | ||
- | echo -e " | ||
- | echo -e " | ||
- | echo -e "OS Family: ${OSTYPE}" | ||
- | echo -e "Using Base Path: ${base_path}" | ||
- | echo -e " | ||
- | |||
- | if [[ ${force_run_script} == " | ||
- | read run_script | ||
- | elif [[ ${force_run_script} == " | ||
- | echo -e " Force run script detected. Continuing..." | ||
- | run_script=" | ||
- | else | ||
- | echo -e ">> | ||
- | exit 1 | ||
- | fi | ||
- | |||
- | if [[ ${run_script} != " | ||
- | echo -e " | ||
- | exit 1 | ||
- | fi | ||
- | |||
- | # | ||
- | # Remove some packages | ||
- | # | ||
- | echo -e " | ||
- | |||
- | # If a Virtual Machine: Remove/ | ||
- | # doesn' | ||
- | dmidecode | grep -i vmware > /dev/null | ||
- | if [[ $? -eq 0 ]]; then | ||
- | |||
- | echo -e " | ||
- | rpm -q biosdevname | ||
- | |||
- | if [ $? -eq 0 ]; then | ||
- | echo -e " | ||
- | yum -y remove biosdevname | ||
- | |||
- | # Disable the kernel option for biosdevname | ||
- | if [[ ${major_version} == " | ||
- | # check for " | ||
- | if [[ $(grep GRUB_CMDLINE_LINUX / | ||
- | echo -e " | ||
- | # remove trailing quote (") and then append: net.ifnames=0 biosdevname=0" | ||
- | sed -i -r -e "/ | ||
- | sed -i -r -e "/ | ||
- | grub2-mkconfig -o / | ||
- | fi | ||
- | else | ||
- | echo -e " | ||
- | # append biosdevname=0 to the kernel lines | ||
- | sed -i -r -e "/ | ||
- | fi | ||
- | fi | ||
- | fi | ||
- | ## End of virtual machine check ## | ||
- | |||
- | # Space separated list of packages to remove | ||
- | remove_packages=" | ||
- | |||
- | # Remove the packages | ||
- | for package in ${remove_packages}; | ||
- | echo -e " | ||
- | rpm -q ${package} | ||
- | if [ $? -eq 0 ]; then | ||
- | echo -e " | ||
- | yum -y remove ${package} | ||
- | fi | ||
- | done | ||
- | |||
- | # | ||
- | # Temporary DNS Settings | ||
- | # | ||
- | echo -e " | ||
- | |||
- | echo "##== Temp Settings from worker_postinstall.sh ==##" > / | ||
- | echo " | ||
- | echo " | ||
- | echo " | ||
- | echo " | ||
- | echo " | ||
- | echo " | ||
- | |||
- | echo -e " | ||
- | cat / | ||
- | |||
- | echo -e " | ||
- | sed -i '/ | ||
- | |||
- | # | ||
- | # Register with Spacewalk - or other systems management app | ||
- | # | ||
- | |||
- | # | ||
- | # Spacewalk Customization | ||
- | # | ||
- | |||
- | # Spacewalk server fqdn hostname | ||
- | sw_server=" | ||
- | |||
- | # Spacewalk server' | ||
- | #(this is the package available at: https:// | ||
- | sw_server_ca=" | ||
- | sw_server_ca_installed="/ | ||
- | |||
- | # Spacewalk server channel activation keys | ||
- | sw_activation_key_centos6_32bit=" | ||
- | sw_activation_key_centos6_64bit=" | ||
- | sw_activation_key_centos7_64bit=" | ||
- | sw_activation_key_oracle6_64bit=" | ||
- | sw_activation_key_oracle7_64bit=" | ||
- | |||
- | # Repos and GPG Keys | ||
- | sw_client_repo_gpgkey=" | ||
- | sw_client_repo_el6=" | ||
- | sw_client_repo_el7=" | ||
- | |||
- | sw_epel_repo_el6_gpgkey=" | ||
- | sw_epel_repo_el7_gpgkey=" | ||
- | sw_epel_repo_el6=" | ||
- | sw_epel_repo_el7=" | ||
- | |||
- | # | ||
- | # End of Customization | ||
- | # | ||
- | |||
- | echo -e " | ||
- | |||
- | ## Pre-Register Checks ## | ||
- | echo -e " | ||
- | |||
- | #Store system architecture so we aren't calling uname multiple times | ||
- | system_arch=$(uname -i) | ||
- | |||
- | if [[ ${system_arch} != " | ||
- | echo -e " | ||
- | register_with_spacewalk=" | ||
- | else | ||
- | if [[ ${distro,,} == " | ||
- | case $major_version in | ||
- | 7) | ||
- | ## CentOS 7 Register - Set spacewalk client repo, epel, activation key ## | ||
- | if [[ ${system_arch} != " | ||
- | echo -e " | ||
- | register_with_spacewalk=" | ||
- | else | ||
- | sw_client_repo=" | ||
- | sw_epel_repo=" | ||
- | sw_epel_repo_gpgkey=" | ||
- | sw_activation_key=" | ||
- | register_with_spacewalk=" | ||
- | fi | ||
- | ;; | ||
- | 6) | ||
- | ## CentOS 6 Register - Set spacewalk client repo, epel, activation key ## | ||
- | sw_client_repo=" | ||
- | sw_epel_repo=" | ||
- | sw_epel_repo_gpgkey=" | ||
- | |||
- | if [[ ${system_arch} == " | ||
- | sw_activation_key=" | ||
- | else | ||
- | sw_activation_key=" | ||
- | fi | ||
- | register_with_spacewalk=" | ||
- | ;; | ||
- | *) | ||
- | echo "-> Warning: No Spacewalk channel available for ${distro} ${major_version}." | ||
- | register_with_spacewalk=" | ||
- | ;; | ||
- | esac | ||
- | elif [[ ${distro,,} == " | ||
- | case ${major_version} in | ||
- | 7) | ||
- | # Oracle 7 register - Set spacewalk client repo, epel, activation key ## | ||
- | if [[ ${system_arch} != " | ||
- | echo -e " | ||
- | register_with_spacewalk=" | ||
- | else | ||
- | sw_client_repo=" | ||
- | sw_epel_repo=" | ||
- | sw_epel_repo_gpgkey=" | ||
- | sw_activation_key=" | ||
- | register_with_spacewalk=" | ||
- | fi | ||
- | ;; | ||
- | 6) | ||
- | ## Oracle 6 register - Set spacewalk client repo, epel, activation key ## | ||
- | if [[ ${system_arch} != " | ||
- | echo -e " | ||
- | register_with_spacewalk=" | ||
- | else | ||
- | sw_client_repo=" | ||
- | sw_epel_repo=" | ||
- | sw_epel_repo_gpgkey=" | ||
- | sw_activation_key=" | ||
- | register_with_spacewalk=" | ||
- | fi | ||
- | ;; | ||
- | *) | ||
- | echo "-> Warning: No Spacewalk channel available for ${distro} ${major_version}." | ||
- | register_with_spacewalk=" | ||
- | ;; | ||
- | esac | ||
- | else | ||
- | echo -e "-> Warning: ${distro} not supported. Only CentOS and Oracle channels available at this time." | ||
- | register_with_spacewalk=" | ||
- | fi # end of distro == centos, elif oracle check | ||
- | fi # end of architecture check | ||
- | |||
- | ## Begin Registration Process ## | ||
- | if [[ ${register_with_spacewalk} == " | ||
- | # Add Repos # | ||
- | echo -e " | ||
- | rpm -v --import ${sw_client_repo_gpgkey} | ||
- | rpm -ivh ${sw_client_repo} | ||
- | |||
- | echo -e " | ||
- | rpm -v --import ${sw_epel_repo_gpgkey} | ||
- | rpm -ivh ${sw_epel_repo} | ||
- | |||
- | echo -e " | ||
- | yum makecache fast | ||
- | |||
- | # Install Spacewalk' | ||
- | echo -e " | ||
- | rpm -ivh https:// | ||
- | |||
- | echo -e " | ||
- | dig mirrors.fedoraproject.org &> /dev/null | ||
- | |||
- | # Install Client Packages | ||
- | echo -e " | ||
- | yum -y install rhn-client-tools rhn-check rhn-setup rhnsd m2crypto yum-rhn-plugin | ||
- | |||
- | # Register # | ||
- | echo -e " | ||
- | rhnreg_ks --serverUrl=https:// | ||
- | registration_return_code=$? | ||
- | |||
- | if [[ ${registration_return_code} -eq 0 ]]; then | ||
- | echo -e " | ||
- | sw_registered=" | ||
- | |||
- | # Show website | ||
- | echo -e " | ||
- | sleep 2 | ||
- | |||
- | # Install Config Management Packages | ||
- | echo -e " | ||
- | yum -y install rhncfg rhncfg-actions rhncfg-client rhncfg-management | ||
- | |||
- | # Allow Spacewalk server to deploy config files | ||
- | echo -e " | ||
- | rhn-actions-control --enable-all | ||
- | |||
- | # Deploy spacewalk-checkin cron job (runs rhn_check every 30 mins) | ||
- | echo -e " | ||
- | rhncfg-client get / | ||
- | |||
- | # If not successful, create a minimum job file | ||
- | grep --quiet "This Config Managed by Spacewalk" | ||
- | if [[ $? -ne 0 ]]; then | ||
- | echo "# Spacewalk - Check in to the Spacewalk Server via rhn_check" | ||
- | echo ' | ||
- | echo "*/30 * * * * root / | ||
- | |||
- | echo -e " | ||
- | chmod -v 600 / | ||
- | fi | ||
- | |||
- | ## Disable rhnsd (not needed because of cron job " | ||
- | echo -e " | ||
- | if [[ ${major_version} == " | ||
- | systemctl disable rhnsd | ||
- | systemctl stop rhnsd | ||
- | else | ||
- | chkconfig rhnsd off | ||
- | service rhnsd stop | ||
- | fi | ||
- | |||
- | ## Add Custom GPG Key - If you created a custom Repo on Spacewalk ## | ||
- | sw_custom_repo_gpgkey=" | ||
- | echo -e " | ||
- | rpm -v --import ${sw_custom_repo_gpgkey} | ||
- | |||
- | ## Deploy Config Files - If you are managing config files on Spacewalk ## | ||
- | |||
- | echo -e " | ||
- | for FILE in $(rhncfg-client list | awk / | ||
- | rhncfg-client get ${FILE} | ||
- | done | ||
- | |||
- | echo -e " | ||
- | for FILE in $(rhncfg-client list | awk / | ||
- | rhncfg-client get ${FILE} | ||
- | done | ||
- | |||
- | |||
- | ## Disable Old Repos ## | ||
- | if [[ ${distro,,} == " | ||
- | # Disable CentOS default system repos | ||
- | echo -e " | ||
- | for FILE in / | ||
- | sed -i ' | ||
- | sed -i '/ | ||
- | done | ||
- | elif [[ ${distro,,} == " | ||
- | # Disable Oracle default system repos | ||
- | echo -e " | ||
- | for FILE in / | ||
- | sed -i ' | ||
- | sed -i '/ | ||
- | done | ||
- | fi | ||
- | |||
- | # Disable temporary epel repo | ||
- | echo -e " | ||
- | sed -i ' | ||
- | sed -i ' | ||
- | |||
- | # Show repos | ||
- | echo -e " | ||
- | yum repolist | ||
- | |||
- | elif [[ ${registration_return_code} -eq 255 ]]; then | ||
- | echo -e "-> Registration encountered an error! (Return Code: ${registration_return_code})" | ||
- | echo -e " | ||
- | echo -e " | ||
- | echo -e " | ||
- | echo -e "-> Then disable non Base, | ||
- | sw_registered=" | ||
- | |||
- | else | ||
- | # Registration was not successful | ||
- | echo -e "-> Registration encountered an error! (Return Code: ${registration_return_code})" | ||
- | echo -e "-> Will NOT install setup spacewalk-checkin job and disable default repos." | ||
- | sw_registered=" | ||
- | fi | ||
- | |||
- | else | ||
- | echo -e "-> WARNING: Will NOT register system with Spacewalk." | ||
- | sw_registered=" | ||
- | fi | ||
- | ## End Registration Process ## | ||
- | |||
- | # | ||
- | # Install system packages | ||
- | # | ||
- | echo -e " | ||
- | yum -y install bash-completion bind-utils dmidecode iotop lsof mailx man mlocate nfs-utils openssh-clients perl psmisc rsync tcpdump vim-enhanced wget yum-utils | ||
- | |||
- | echo -e " | ||
- | if [[ ${major_version} == " | ||
- | mandb | ||
- | else | ||
- | makewhatis | ||
- | fi | ||
- | |||
- | echo -e " | ||
- | touch / | ||
- | |||
- | # | ||
- | # Configure Grub | ||
- | # | ||
- | echo -e " | ||
- | |||
- | echo -e " | ||
- | if [[ ${major_version} == " | ||
- | sed -i ' | ||
- | else | ||
- | sed -i ' | ||
- | fi | ||
- | |||
- | echo -e " | ||
- | if [[ ${major_version} == " | ||
- | echo -e " | ||
- | else | ||
- | sed -i '/ | ||
- | fi | ||
- | |||
- | echo -e " | ||
- | if [[ ${major_version} == " | ||
- | sed -i 's/ rhgb// | ||
- | else | ||
- | sed -i 's/ rhgb// | ||
- | fi | ||
- | |||
- | echo -e " | ||
- | if [[ ${major_version} == " | ||
- | sed -i 's/ quiet// | ||
- | else | ||
- | sed -i 's/ quiet// | ||
- | fi | ||
- | |||
- | if [[ ${major_version} == " | ||
- | echo -e " | ||
- | grub2-mkconfig -o / | ||
- | fi | ||
- | |||
- | # | ||
- | # Install and configure time protocol | ||
- | # | ||
- | echo -e " | ||
- | |||
- | if [[ ${major_version} == " | ||
- | echo -e " | ||
- | yum -y remove ntp | ||
- | yum -y install chrony | ||
- | time_config=" | ||
- | else | ||
- | echo -e " | ||
- | yum -y install ntp | ||
- | time_config=" | ||
- | fi | ||
- | |||
- | echo -e " | ||
- | if [[ ${major_version} == " | ||
- | echo -e " | ||
- | else | ||
- | ntpd -gxq | ||
- | sleep 1 | ||
- | ntpd -gxq | ||
- | sleep 1 | ||
- | ntpd -gxq | ||
- | sleep 1 | ||
- | fi | ||
- | |||
- | echo -e " | ||
- | if [[ ${major_version} == " | ||
- | systemctl restart chronyd | ||
- | systemctl enable chronyd | ||
- | else | ||
- | service ntpd restart | ||
- | chkconfig ntpd on | ||
- | fi | ||
- | |||
- | # | ||
- | # System Updates | ||
- | # | ||
- | echo -e " | ||
- | yum -y update | ||
- | |||
- | # | ||
- | # Configure OS settings | ||
- | # | ||
- | echo -e " | ||
- | |||
- | # Not in Spacewalk Config Channels | ||
- | echo -e " | ||
- | rm -fv /etc/motd | ||
- | \cp -v ${base_path}os-agnostic/ | ||
- | \cp -v ${base_path}os-agnostic/ | ||
- | |||
- | # Ensure proper ownership and permissions | ||
- | chown -v root:root / | ||
- | chmod -v 600 / | ||
- | |||
- | # | ||
- | # Setup Mail | ||
- | # | ||
- | echo -e " | ||
- | |||
- | # Setup alias for root's mail | ||
- | mail_aliases=' | ||
- | echo -e " | ||
- | sed -i -r -e " | ||
- | |||
- | echo -e " | ||
- | newaliases | ||
- | |||
- | # Determine if using postfix or sendmail, setup config | ||
- | echo -e " | ||
- | rpm -q postfix | ||
- | postfix_installed=" | ||
- | rpm -q sendmail | ||
- | sendmail_installed=" | ||
- | |||
- | if [[ ${postfix_installed} -eq 0 ]]; then | ||
- | mail_client=" | ||
- | echo -e " | ||
- | |||
- | elif [[ ${sendmail_installed} -eq 0 ]]; then | ||
- | mail_client=" | ||
- | echo -e " | ||
- | |||
- | else | ||
- | mail_client="" | ||
- | echo -e " | ||
- | fi | ||
- | |||
- | if [[ ${mail_client} == " | ||
- | echo -e " | ||
- | |||
- | if [[ ${major_version} == " | ||
- | systemctl start ${mail_client} | ||
- | systemctl enable ${mail_client} | ||
- | else | ||
- | service ${mail_client} start | ||
- | chkconfig ${mail_client} on | ||
- | fi | ||
- | fi | ||
- | |||
- | # | ||
- | # Setup Authentication (IPA) - or other LDAP source | ||
- | # | ||
- | echo -e " | ||
- | |||
- | echo -e " | ||
- | yum -y install ipa-client | ||
- | |||
- | case ${OSTYPE} in | ||
- | " | ||
- | |||
- | # Unattended install | ||
- | echo -e " | ||
- | ipa-client-install --domain=example.com --server=ipaserver01.example.com --server=ipaserver02.example.com --mkhomedir --no-dns-sshfp --fixed-primary --hostname=$(hostname | sed ' | ||
- | |||
- | if [[ $? -ne 0 ]]; then | ||
- | # ipa-client-install exited with a non-zero status | ||
- | echo -e " | ||
- | echo -e " | ||
- | else | ||
- | # ipa-client-install realm join was successful | ||
- | |||
- | # fix sshd config: ipa-client-install modifies sshd, breaking it if there are any Match statements | ||
- | echo -e " | ||
- | rhncfg-client get / | ||
- | systemctl restart sshd | ||
- | |||
- | echo -e " | ||
- | systemctl stop nslcd nscd | ||
- | systemctl disable nslcd nscd | ||
- | |||
- | echo -e " | ||
- | authconfig --disableldap --disableldapauth --disableforcelegacy --update | ||
- | |||
- | echo -e " | ||
- | systemctl restart sssd | ||
- | |||
- | echo -e " | ||
- | systemctl start oddjobd | ||
- | systemctl enable oddjobd | ||
- | fi | ||
- | |||
- | ;; # END of EL7 IPA Config | ||
- | |||
- | " | ||
- | |||
- | # Unattended install | ||
- | echo -e " | ||
- | ipa-client-install --domain=example.com --server=ipaserver02.example.com --server=ipaserver01.example.com --mkhomedir --no-dns-sshfp --fixed-primary --hostname=$(hostname | sed ' | ||
- | |||
- | if [[ $? -ne 0 ]]; then | ||
- | # ipa-client-install exited with a non-zero status | ||
- | echo -e " | ||
- | echo -e " | ||
- | else | ||
- | # ipa-client-install realm join was successful | ||
- | |||
- | # fix sshd config: ipa-client-install modifies sshd, breaking it if there are any Match statements | ||
- | echo -e " | ||
- | rhncfg-client get / | ||
- | service sshd restart | ||
- | |||
- | echo -e " | ||
- | service nslcd stop | ||
- | service nscd stop | ||
- | chkconfig nslcd off | ||
- | chkconfig nscd off | ||
- | |||
- | echo -e " | ||
- | authconfig --disableldap --disableldapauth --disableforcelegacy --update | ||
- | |||
- | echo -e " | ||
- | service sssd restart | ||
- | |||
- | echo -e " | ||
- | service messagebus start | ||
- | service oddjobd start | ||
- | chkconfig messagebus on | ||
- | chkconfig oddjobd on | ||
- | |||
- | echo -e " | ||
- | if [[ $(grep client_idle_timeout / | ||
- | echo -e " | ||
- | else | ||
- | sed -i '/ | ||
- | service sssd restart | ||
- | service crond restart | ||
- | fi | ||
- | |||
- | fi | ||
- | |||
- | ;; # END of EL6 IPA Config | ||
- | |||
- | esac | ||
- | |||
- | # | ||
- | # Setup monitoring client | ||
- | # | ||
- | |||
- | # Install and configure system monitoring client here | ||
- | |||
- | # | ||
- | # Install Extra System Packages, EPEL Repo, and EPEL Packages | ||
- | # | ||
- | echo -e " | ||
- | |||
- | # Space separated package list | ||
- | SYS_PKGS=" | ||
- | echo -e " | ||
- | yum -y install ${SYS_PKGS} | ||
- | |||
- | # Check to see if Spacewalk has registered the EPEL repo | ||
- | echo -e " | ||
- | yum repolist | grep " | ||
- | epel_added=" | ||
- | |||
- | if [[ ${epel_added} -eq 0 ]]; then | ||
- | # EPEL repo was found in yum repolist | ||
- | echo -e " | ||
- | else | ||
- | # EPEL repo was NOT found in yum repolist; Add EPEL Repo | ||
- | echo -e " | ||
- | yum -y install epel-release | ||
- | |||
- | echo -e " | ||
- | dig mirrors.fedoraproject.org > /dev/null | ||
- | |||
- | echo -e " | ||
- | yum repolist | ||
- | if [ $? -eq 1 ]; then | ||
- | echo -e " | ||
- | yum clean all | ||
- | |||
- | yum repolist | ||
- | if [ $? -eq 1 ]; then | ||
- | echo -e " | ||
- | yum -y remove epel-release | ||
- | yum clean all | ||
- | yum -y install epel-release | ||
- | |||
- | echo -e " | ||
- | dig mirrors.fedoraproject.org > /dev/null | ||
- | echo -e " | ||
- | yum repolist | ||
- | fi | ||
- | fi | ||
- | fi # end of yum repolist grep | ||
- | |||
- | # Space separated package list | ||
- | EPEL_PKGS=" | ||
- | echo -e " | ||
- | yum -y install ${EPEL_PKGS} | ||
- | |||
- | # | ||
- | # Configure Extra Packages | ||
- | # | ||
- | echo -e " | ||
- | |||
- | echo -e " | ||
- | if [[ -f / | ||
- | sed -i '/ | ||
- | else | ||
- | echo -e " | ||
- | fi | ||
- | |||
- | # | ||
- | # System Services --- Startup | ||
- | # | ||
- | echo -e " | ||
- | |||
- | # Space separated services list | ||
- | SERVICES_START=" | ||
- | SERVICES_START_EL7=" | ||
- | |||
- | if [[ ${major_version} == " | ||
- | echo -e " | ||
- | for SYSTEM_SERVICE in ${SERVICES_START_EL7}; | ||
- | systemctl start ${SYSTEM_SERVICE} | ||
- | done | ||
- | else | ||
- | echo -e " | ||
- | for SYSTEM_SERVICE in ${SERVICES_START}; | ||
- | service ${SYSTEM_SERVICE} start | ||
- | done | ||
- | fi | ||
- | |||
- | # | ||
- | # System Services --- Enable on boot | ||
- | # | ||
- | echo -e " | ||
- | |||
- | # Space separated services list | ||
- | SERVICES_ON=" | ||
- | SERVICES_ON_EL7=" | ||
- | |||
- | if [[ ${major_version} == " | ||
- | echo -e " | ||
- | for SYSTEM_SERVICE in ${SERVICES_ON_EL7}; | ||
- | systemctl enable ${SYSTEM_SERVICE} | ||
- | done | ||
- | else | ||
- | echo -e " | ||
- | for SYSTEM_SERVICE in ${SERVICES_ON}; | ||
- | chkconfig ${SYSTEM_SERVICE} on | ||
- | done | ||
- | fi | ||
- | |||
- | # | ||
- | # System Services --- Stop | ||
- | # | ||
- | echo -e " | ||
- | |||
- | # Space separated services list | ||
- | SERVICES_STOP=" | ||
- | SERVICES_STOP_EL7=" | ||
- | |||
- | if [[ ${major_version} == " | ||
- | echo -e " | ||
- | for SYSTEM_SERVICE in ${SERVICES_STOP_EL7}; | ||
- | systemctl stop ${SYSTEM_SERVICE} | ||
- | done | ||
- | else | ||
- | echo -e " | ||
- | for SYSTEM_SERVICE in ${SERVICES_STOP}; | ||
- | service ${SYSTEM_SERVICE} stop | ||
- | done | ||
- | fi | ||
- | |||
- | # | ||
- | # System Services --- Disable | ||
- | # | ||
- | echo -e " | ||
- | |||
- | # Space separated services list | ||
- | SERVICES_OFF=" | ||
- | SERVICES_OFF_EL7=" | ||
- | |||
- | if [[ ${major_version} == " | ||
- | echo -e " | ||
- | for SYSTEM_SERVICE in ${SERVICES_OFF_EL7}; | ||
- | systemctl disable ${SYSTEM_SERVICE} | ||
- | done | ||
- | else | ||
- | echo -e " | ||
- | for SYSTEM_SERVICE in ${SERVICES_OFF}; | ||
- | chkconfig ${SYSTEM_SERVICE} off | ||
- | done | ||
- | fi | ||
- | |||
- | # | ||
- | # Post Installation Completed | ||
- | # | ||
- | echo -e " | ||
- | echo "# Post Install Configuration Completed. - A reboot is recommended." | ||
- | echo "# | ||
- | exit 0 | ||
- | </ | ||
- | |||
- | ---- | ||