[[linux_wiki:os_install_post_install]]

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
linux_wiki:os_install_post_install [2017/09/13 03:07]
billdozor [Post Install Script]
linux_wiki:os_install_post_install [2019/05/26 03:50] (current)
Line 418: Line 418:
 **Post install worker**: Perform the actual installations/​config work **Post install worker**: Perform the actual installations/​config work
 <code bash worker_postinstall.sh>​ <code bash worker_postinstall.sh>​
 +#!/bin/bash
 +# Name: worker_postinstall.sh
 +# Description:​ Post-install configuration worker script for Enterprise Linux 6/7
 +#              This script is meant to be launched via its parent script: postinstall.sh
 +# Last Updated: 2016-12-14
 +# Recent Changes:​-Fixed services section for EL7; 1 failed service no longer affects others.
 +#                -Clamd install/​config. Removed fallback for freshclam files. Updated services
 +#                section to be EL7 or other specific for target services.
 +###############################################################################################​
 +
 +function print_usage
 +{
 +echo
 +echo " Usage: postinstall.sh [-y]"
 +echo
 +echo " ​  This script(${0}),​ is a worker script that is meant to be launched"​
 +echo " ​  from the parent script: postinstall.sh."​
 +echo
 +echo " ​  ​Recommended action"​
 +echo " ​  1) Mount: mount -t nfs nfs-server:/​admin /mnt"
 +echo " ​  2) Execute parent script: /​mnt/​deploy/​postinstall.sh [-y]"
 +echo " ​     -y  => Yes, execute script without prompting."​
 +echo
 +exit 1
 +}
 +
 +function get_os_type
 +{
 +if [ -f /​etc/​system-release-cpe ];then
 +  distro=$(awk -F: '​{printf "​%s",​ $3}' /​etc/​system-release-cpe)
 +  major_version=$(awk -F: '​{printf "​%d",​ $5}' /​etc/​system-release-cpe)
 +elif [ -f /​etc/​redhat-release ];then
 +  distro=$(awk '​{printf "​%s",​ $1}' /​etc/​redhat-release)
 +  major_version=$(awk -F. '​{print $1}' /​etc/​redhat-release | awk '​{printf "​%d",​ $3}')
 +fi
 +
 +# ${distro,,} converts to lower case for comparison
 +if [[ ${distro,,} == "​centos"​ || ${distro,,} == "​oracle"​ ]]; then
 +  case $major_version in
 +    7)
 +      OSTYPE="​el7"​
 +    ;;
 +    6)
 +      OSTYPE="​el6"​
 +    ;;
 +    5)
 +      echo ">>​Error:​ ${distro} ${major_version} is deprecated."​
 +      exit 1
 +    ;;
 +    *)
 +      echo ">>​Error:​ Cannot determine ${distro} major version or version not supported (${major_version})."​
 +      exit 1
 +    ;;
 +  esac
 +else
 +  echo ">>​Error:​ Only CentOS and Oracle Linux are supported...exiting."​
 +  exit 1
 +fi
 +}
 +
 +#​=====================================
 +# Get Script Arguments
 +#​=====================================
 +# Reset POSIX variable in case it has been used previously in this shell
 +OPTIND=1
 +
 +# By default, do not force run script. Prompt for running or not.
 +force_run_script="​no"​
 +
 +while getopts "​hd:​y"​ opt; do
 +  case "​${opt}"​ in
 +    h) # -h (help) argument
 +      print_usage
 +      exit 0
 +    ;;
 +    d) # -d (directory path)
 +      base_path=${OPTARG}
 +    ;;
 +    y) # -y (yes to running script) argument
 +      force_run_script="​yes"​
 +    ;;
 +    *) # invalid argument
 +      print_usage
 +      exit 0
 +    ;;
 +  esac
 +done
 +
 +####​==================================
 +#### Main Starts Here
 +####​==================================
 +
 +# Ensure a base path of where we start is passed
 +if [ ! -d "​${base_path}"​ ]; then
 +  echo ">>​Error:​ Argument -d '​dir'​ expected and must be a directory."​
 +  print_usage
 +fi
 +
 +# Set variables used throughout the script
 +get_os_type
 +
 +#​====================================================================
 +# Confirm running the post install script
 +#​====================================================================
 +echo -e "​======================================================"​
 +echo -e "####​========= Post Install Configuration =========####"​
 +echo -e "​======================================================"​
 +echo
 +echo -e "​Warning:​ Run this on a fresh install only for initial setup."​
 +echo -e "​Detected Distro: ${distro} ${major_version}"​
 +echo -e "OS Family: ${OSTYPE}"​
 +echo -e "Using Base Path: ${base_path}"​
 +echo -e "​=>​Continue?​[y/​n]:​\c"​
 +
 +if [[ ${force_run_script} == "​no"​ ]]; then
 +  read run_script
 +elif [[ ${force_run_script} == "​yes"​ ]]; then
 +  echo -e " Force run script detected. Continuing..."​
 +  run_script="​y"​
 +else
 +  echo -e ">>​Error:​ Unknown value for force_run_script (${force_run_script}). Exiting..."​
 +  exit 1
 +fi
 +
 +if [[ ${run_script} != "​y"​ ]]; then
 +  echo -e "​\n>>​Will not run the post install script. Exiting..."​
 +  exit 1
 +fi
 +
 +#​===================================================================
 +# Remove some packages
 +#​===================================================================
 +echo -e "​\n\n>>​Removing some packages..."​
 +
 +# If a Virtual Machine: Remove/​Disable biosdevname so network device naming
 +# doesn'​t change to port/slot naming convention
 +dmidecode | grep -i vmware > /dev/null
 +if [[ $? -eq 0 ]]; then
 +
 +  echo -e "​\n->​Checking for biosdevname..."​
 +  rpm -q biosdevname
 +
 +  if [ $? -eq 0 ]; then
 +    echo -e "​->​Removing biosdevname..."​
 +    yum -y remove biosdevname
 +
 +    # Disable the kernel option for biosdevname
 +    if [[ ${major_version} == "​7"​ ]]; then
 +      # check for "​net.ifnames=0 biosdevname=0"​ on the kernel options line
 +      if [[ $(grep GRUB_CMDLINE_LINUX /​etc/​default/​grub | grep -o "​net.ifnames=0 biosdevname=0"​ | wc -l) -eq 0 ]]; then
 +        echo -e "​->​Disabling biosdevname kernel option..."​
 +        # remove trailing quote (") and then append: net.ifnames=0 biosdevname=0"​
 +        sed -i -r -e "/​^GRUB_CMDLINE_LINUX/​s/​\"​$//"​ /​etc/​default/​grub
 +        sed -i -r -e "/​^GRUB_CMDLINE_LINUX/​s/​^(GRUB_CMDLINE_LINUX=\"​.*)/​\1 net.ifnames=0 biosdevname=0\"/​g"​ /​etc/​default/​grub
 +        grub2-mkconfig -o /​boot/​grub2/​grub.cfg
 +      fi
 +    else
 +      echo -e "​->​Disabling biosdevname kernel option..."​
 +      # append biosdevname=0 to the kernel lines
 +      sed -i -r -e "/​^\s+kernel/​s/​^(\s+kernel .*)/\1 biosdevname=0/​g"​ /​boot/​grub/​grub.conf
 +    fi
 +  fi
 +fi
 +## End of virtual machine check ##
 +
 +# Space separated list of packages to remove
 +remove_packages="​NetworkManager abrt setroubleshoot-server"​
 +
 +# Remove the packages
 +for package in ${remove_packages};​ do
 +  echo -e "​\n->​Checking for ${package}..."​
 +  rpm -q ${package}
 +  if [ $? -eq 0 ]; then
 +    echo -e "​->​Removing ${package}..."​
 +    yum -y remove ${package}
 +  fi
 +done
 +
 +#​====================================================================
 +# Temporary DNS Settings
 +#​====================================================================
 +echo -e "​\n\n>>​Setting temporary DNS settings to ensure a working config..."​
 +
 +echo "##== Temp Settings from worker_postinstall.sh ==##" > /​etc/​resolv.conf
 +echo "​search example.com"​ >> /​etc/​resolv.conf
 +echo "​options timeout:​1"​ >> /​etc/​resolv.conf
 +echo "​options attempts:​1"​ >> /​etc/​resolv.conf
 +echo "​nameserver ip.address.here"​ >> /​etc/​resolv.conf
 +echo "​nameserver ip.address.here"​ >> /​etc/​resolv.conf
 +echo "​nameserver ip.address.here"​ >> /​etc/​resolv.conf
 +
 +echo -e "​->​Settings are:"
 +cat /​etc/​resolv.conf
 +
 +echo -e "​\n>>​Removing interface DNS over rides..."​
 +sed -i '/​^DNS.*/​d'​ /​etc/​sysconfig/​network-scripts/​ifcfg-*
 +
 +#​====================================================================
 +# Register with Spacewalk - or other systems management app
 +#​====================================================================
 +
 +#​=========================
 +# Spacewalk Customization
 +#​=========================
 +
 +# Spacewalk server fqdn hostname
 +sw_server="​spacewalk.example.com"​
 +
 +# Spacewalk server'​s ssl ca rpm version and installed location
 +#(this is the package available at: https://​${sw_server}/​pub/​${sw_server_ca})
 +sw_server_ca="​rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm"​
 +sw_server_ca_installed="/​usr/​share/​rhn/​RHN-ORG-TRUSTED-SSL-CERT"​
 +
 +# Spacewalk server channel activation keys
 +sw_activation_key_centos6_32bit="​1-centos6_i386_key"​
 +sw_activation_key_centos6_64bit="​1-centos6_x86-64_key"​
 +sw_activation_key_centos7_64bit="​1-centos7_x86-64_key"​
 +sw_activation_key_oracle6_64bit="​1-oracle6_x86-64_key"​
 +sw_activation_key_oracle7_64bit="​1-oracle7_x86-64_key"​
 +
 +# Repos and GPG Keys
 +sw_client_repo_gpgkey="​http://​${sw_server}/​pub/​repos/​RPM-GPG-KEY-spacewalk-2015"​
 +sw_client_repo_el6="​http://​${sw_server}/​pub/​repos/​spacewalk-client-repo-2.4-3.el6.noarch.rpm"​
 +sw_client_repo_el7="​http://​${sw_server}/​pub/​repos/​spacewalk-client-repo-2.4-3.el7.noarch.rpm"​
 +
 +sw_epel_repo_el6_gpgkey="​http://​${sw_server}/​pub/​repos/​RPM-GPG-KEY-EPEL-6"​
 +sw_epel_repo_el7_gpgkey="​http://​${sw_server}/​pub/​repos/​RPM-GPG-KEY-EPEL-7"​
 +sw_epel_repo_el6="​http://​${sw_server}/​pub/​repos/​epel-release-latest-6.noarch.rpm"​
 +sw_epel_repo_el7="​http://​${sw_server}/​pub/​repos/​epel-release-latest-7.noarch.rpm"​
 +
 +#​======================
 +# End of Customization
 +#​======================
 +
 +echo -e "​\n\n>>​Registering with Spacewalk..."​
 +
 +## Pre-Register Checks ##
 +echo -e "​\n->​Performing pre-registration system checks..."​
 +
 +#Store system architecture so we aren't calling uname multiple times
 +system_arch=$(uname -i)
 +
 +if [[ ${system_arch} != "​x86_64"​ && ${system_arch} != "​i386"​ ]]; then
 +  echo -e "​->​Error:​ Only x86_64 or i386 architecture channels supported at this time."
 +  register_with_spacewalk="​no"​
 +else
 +  if [[ ${distro,,} == "​centos"​ ]]; then
 +    case $major_version in
 +      7)
 +        ## CentOS 7 Register - Set spacewalk client repo, epel, activation key ##
 +        if [[ ${system_arch} != "​x86_64"​ ]]; then
 +          echo -e "​->​Error:​ Only ${distro} ${major_version} x86_64 architecture channels supported at this time."
 +          register_with_spacewalk="​no"​
 +        else
 +          sw_client_repo="​${sw_client_repo_el7}"​
 +          sw_epel_repo="​${sw_epel_repo_el7}"​
 +          sw_epel_repo_gpgkey="​${sw_epel_repo_el7_gpgkey}"​
 +          sw_activation_key="​${sw_activation_key_centos7_64bit}"​
 +          register_with_spacewalk="​yes"​
 +        fi
 +      ;;
 +      6)
 +        ## CentOS 6 Register - Set spacewalk client repo, epel, activation key ##
 +        sw_client_repo="​${sw_client_repo_el6}"​
 +        sw_epel_repo="​${sw_epel_repo_el6}"​
 +        sw_epel_repo_gpgkey="​${sw_epel_repo_el6_gpgkey}"​
 +
 +        if [[ ${system_arch} == "​x86_64"​ ]]; then
 +          sw_activation_key="​${sw_activation_key_centos6_64bit}"​
 +        else
 +          sw_activation_key="​${sw_activation_key_centos6_32bit}"​
 +        fi
 +        register_with_spacewalk="​yes"​
 +      ;;
 +      *)
 +        echo "-> Warning: No Spacewalk channel available for ${distro} ${major_version}."​
 +        register_with_spacewalk="​no"​
 +      ;;
 +    esac
 +  elif [[ ${distro,,} == "​oracle"​ ]]; then
 +    case ${major_version} in
 +      7)
 +        # Oracle 7 register - Set spacewalk client repo, epel, activation key ##
 +        if [[ ${system_arch} != "​x86_64"​ ]]; then
 +          echo -e "​->​Error:​ Only ${distro} ${major_version} x86_64 architecture channels supported at this time."
 +          register_with_spacewalk="​no"​
 +        else
 +          sw_client_repo="​${sw_client_repo_el7}"​
 +          sw_epel_repo="​${sw_epel_repo_el7}"​
 +          sw_epel_repo_gpgkey="​${sw_epel_repo_el7_gpgkey}"​
 +          sw_activation_key="​${sw_activation_key_oracle7_64bit}"​
 +          register_with_spacewalk="​yes"​
 +        fi
 +      ;;
 +      6)
 +        ## Oracle 6 register - Set spacewalk client repo, epel, activation key ##
 +        if [[ ${system_arch} != "​x86_64"​ ]]; then
 +          echo -e "​->​Error:​ Only ${distro} ${major_version} x86_64 architecture channels supported at this time."
 +          register_with_spacewalk="​no"​
 +        else
 +          sw_client_repo="​${sw_client_repo_el6}"​
 +          sw_epel_repo="​${sw_epel_repo_el6}"​
 +          sw_epel_repo_gpgkey="​${sw_epel_repo_el6_gpgkey}"​
 +          sw_activation_key="​${sw_activation_key_oracle6_64bit}"​
 +          register_with_spacewalk="​yes"​
 +        fi
 +      ;;
 +      *)
 +        echo "-> Warning: No Spacewalk channel available for ${distro} ${major_version}."​
 +        register_with_spacewalk="​no"​
 +      ;;
 +    esac
 +  else
 +    echo -e "-> Warning: ${distro} not supported. Only CentOS and Oracle channels available at this time."
 +    register_with_spacewalk="​no"​
 +  fi # end of distro == centos, elif oracle check
 +fi # end of architecture check
 +
 +## Begin Registration Process ##
 +if [[ ${register_with_spacewalk} == "​yes"​ ]]; then
 +  # Add Repos #
 +  echo -e "​\n->​Adding Spacewalk Client Repo..."​
 +  rpm -v --import ${sw_client_repo_gpgkey}
 +  rpm -ivh ${sw_client_repo}
 +
 +  echo -e "​\n->​Adding EPEL Repo..."​
 +  rpm -v --import ${sw_epel_repo_gpgkey}
 +  rpm -ivh ${sw_epel_repo}
 +
 +  echo -e "​\n->​Making yum cache..."​
 +  yum makecache fast
 +
 +  # Install Spacewalk'​s CA Cert #
 +  echo -e "​\n>>​ Installing ${sw_server}'​s trusted CA cert..."​
 +  rpm -ivh https://​${sw_server}/​pub/​${sw_server_ca}
 +
 +  echo -e "​\n->​Caching DNS lookup for mirrors.fedoraproject.org..."​
 +  dig mirrors.fedoraproject.org &> /dev/null
 +
 +  # Install Client Packages
 +  echo -e "​\n->​Installing rhn client packages..."​
 +  yum -y install rhn-client-tools rhn-check rhn-setup rhnsd m2crypto yum-rhn-plugin
 +
 +  # Register #
 +  echo -e "​\n>>​ Registering with ${sw_server}..."​
 +  rhnreg_ks --serverUrl=https://​${sw_server}/​XMLRPC --sslCACert=${sw_server_ca_installed} --activationkey=${sw_activation_key}
 +  registration_return_code=$?​
 +
 +  if [[ ${registration_return_code} -eq 0 ]]; then
 +    echo -e "​->​Registration successful."​
 +    sw_registered="​yes"​
 +
 +    # Show website
 +    echo -e "​->​System should now appear in the Spacewalk portal at: https://​${sw_server}/​rhn/​systems/​Registered.do"​
 +    sleep 2
 +
 +    # Install Config Management Packages
 +    echo -e "​\n->​Installing rhn configuration management client packages..."​
 +    yum -y install rhncfg rhncfg-actions rhncfg-client rhncfg-management
 +
 +    # Allow Spacewalk server to deploy config files
 +    echo -e "​\n->​Enabling Spacewalk server deploy control..."​
 +    rhn-actions-control --enable-all
 +
 +    # Deploy spacewalk-checkin cron job (runs rhn_check every 30 mins)
 +    echo -e "​\n>>​ Deploying /​etc/​cron.d/​spacewalk-checkin job..."​
 +    rhncfg-client get /​etc/​cron.d/​spacewalk-checkin
 +
 +    # If not successful, create a minimum job file
 +    grep --quiet "This Config Managed by Spacewalk"​ /​etc/​cron.d/​spacewalk-checkin
 +    if [[ $? -ne 0 ]]; then
 +      echo "# Spacewalk - Check in to the Spacewalk Server via rhn_check"​ > /​etc/​cron.d/​spacewalk-checkin
 +      echo '​MAILTO=""'​ >> /​etc/​cron.d/​spacewalk-checkin
 +      echo "*/30 * * * * root /​usr/​sbin/​rhn_check"​ >> /​etc/​cron.d/​spacewalk-checkin
 +
 +      echo -e "​\n>>​ Setting permissions on /​etc/​cron.d/​spacewalk-checkin..."​
 +      chmod -v 600 /​etc/​cron.d/​spacewalk-checkin
 +    fi
 +
 +    ## Disable rhnsd (not needed because of cron job "​spacewalk-checkin"​ ##
 +    echo -e "​\n>>​ Disabling rhnsd(not needed because of cron job '​spacewalk-checkin'​..."​
 +    if [[ ${major_version} == "​7"​ ]]; then
 +      systemctl disable rhnsd
 +      systemctl stop rhnsd
 +    else
 +      chkconfig rhnsd off
 +      service rhnsd stop
 +    fi
 +
 +    ## Add Custom GPG Key - If you created a custom Repo on Spacewalk ##
 +    sw_custom_repo_gpgkey="​http://​${sw_server}/​pub/​repos/​RPM-GPG-KEY-Custom"​
 +    echo -e "​\n>>​ Adding Custom GPG key from: ${sw_custom_repo_gpgkey}"​
 +    rpm -v --import ${sw_custom_repo_gpgkey}
 +
 +    ## Deploy Config Files - If you are managing config files on Spacewalk ##
 +
 +    echo -e "​\n->​Deploying OS specific config files..."​
 +    for FILE in $(rhncfg-client list | awk /​el${major_version}-os/'​{print $3}'); do
 +      rhncfg-client get ${FILE}
 +    done
 +
 +    echo -e "​\n->​Deploying Base config files..."​
 +    for FILE in $(rhncfg-client list | awk /​base/'​{print $3}'); do
 +      rhncfg-client get ${FILE}
 +    done
 +
 +
 +    ## Disable Old Repos ##
 +    if [[ ${distro,,} == "​centos"​ ]]; then
 +      # Disable CentOS default system repos
 +      echo -e "​\n->​Disabling default CentOS repos..."​
 +      for FILE in /​etc/​yum.repos.d/​CentOS-*.repo;​ do
 +        sed -i '​s/​enabled=1/​enabled=0/'​ ${FILE}
 +        sed -i '/​gpgcheck/​a enabled=0'​ ${FILE}
 +      done
 +    elif [[ ${distro,,} == "​oracle"​ ]]; then
 +      # Disable Oracle default system repos
 +      echo -e "​\n->​ Disabling default Oracle repos..."​
 +      for FILE in /​etc/​yum.repos.d/​public-yum-ol*.repo;​ do
 +        sed -i '​s/​enabled=1/​enabled=0/'​ ${FILE}
 +        sed -i '/​gpgcheck/​a enabled=0'​ ${FILE}
 +      done
 +    fi
 +
 +    # Disable temporary epel repo
 +    echo -e "​\n->​Disabling default epel repos..."​
 +    sed -i '​s/​enabled=1/​enabled=0/'​ /​etc/​yum.repos.d/​epel.repo
 +    sed -i '​s/​enabled=1/​enabled=0/'​ /​etc/​yum.repos.d/​epel-testing.repo
 +
 +    # Show repos
 +    echo -e "​\n->​Active repos are:"
 +    yum repolist
 +
 +  elif [[ ${registration_return_code} -eq 255 ]]; then
 +    echo -e "-> Registration encountered an error! (Return Code: ${registration_return_code})"​
 +    echo -e "​\n->​ To manually force registration(if that is the problem), copy/paste: rhnreg_ks --force --serverUrl=https://​${sw_server}/​XMLRPC --sslCACert=${sw_server_ca_installed} --activationkey=${sw_activation_key}"​
 +    echo -e "​\n-->​ WARNING: This may create duplicate systems in Spacewalk."​
 +    echo -e "​\n->​ Once registered, manually complete the rest of the process: rhn-actions-control --enable-all;​ rhncfg-client get /​etc/​cron.d/​spacewalk-checkin"​
 +    echo -e "-> Then disable non Base,​Extra,​Updates,​and EPEL repos."​
 +    sw_registered="​no"​
 +
 +  else
 +    # Registration was not successful
 +    echo -e "-> Registration encountered an error! (Return Code: ${registration_return_code})"​
 +    echo -e "-> Will NOT install setup spacewalk-checkin job and disable default repos."​
 +    sw_registered="​no"​
 +  fi
 +
 +else
 +  echo -e "-> WARNING: Will NOT register system with Spacewalk."​
 +  sw_registered="​no"​
 +fi
 +## End Registration Process ##
 +
 +#​====================================================================
 +# Install system packages
 +#​====================================================================
 +echo -e "​\n\n>>​Ensuring base system packages are installed..."​
 +yum -y install bash-completion bind-utils dmidecode iotop lsof mailx man mlocate nfs-utils openssh-clients perl psmisc rsync tcpdump vim-enhanced wget yum-utils
 +
 +echo -e "​\n->​Ensuring man pages are up to date..."​
 +if [[ ${major_version} == "​7"​ ]]; then
 +  mandb
 +else
 +  makewhatis
 +fi
 +
 +echo -e "​\n->​Ensure lastlog exists..."​
 +touch /​var/​log/​lastlog
 +
 +#​====================================================================
 +# Configure Grub
 +#​====================================================================
 +echo -e "​\n\n>>​Configuring Grub..."​
 +
 +echo -e "​\n->​Setting grub timeout to 3..."
 +if [[ ${major_version} == "​7"​ ]]; then
 +  sed -i '​s/​^GRUB_TIMEOUT=[0-9]*/​GRUB_TIMEOUT=3/'​ /​etc/​default/​grub
 +else
 +  sed -i '​s/​^timeout=[0-9]*/​timeout=3/'​ /​boot/​grub/​grub.conf
 +fi
 +
 +echo -e "​\n->​Removing '​hiddenmenu'​..."​
 +if [[ ${major_version} == "​7"​ ]]; then
 +  echo -e "​->​Nothing to do for EL 7."
 +else
 +  sed -i '/​hiddenmenu/​d'​ /​boot/​grub/​grub.conf
 +fi
 +
 +echo -e "​\n->​No picture while booting..."​
 +if [[ ${major_version} == "​7"​ ]]; then
 +  sed -i 's/ rhgb//​g'​ /​etc/​default/​grub
 +else
 +  sed -i 's/ rhgb//​g'​ /​boot/​grub/​grub.conf
 +fi
 +
 +echo -e "​\n->​No '​quiet'​ booting..."​
 +if [[ ${major_version} == "​7"​ ]]; then
 +  sed -i 's/ quiet//​g'​ /​etc/​default/​grub
 +else
 +  sed -i 's/ quiet//​g'​ /​boot/​grub/​grub.conf
 +fi
 +
 +if [[ ${major_version} == "​7"​ ]]; then
 +  echo -e "​\n->​Generating grub config..."​
 +  grub2-mkconfig -o /​boot/​grub2/​grub.cfg
 +fi
 +
 +#​====================================================================
 +# Install and configure time protocol
 +#​====================================================================
 +echo -e "​\n\n>>​Installing and configuring time protocol..."​
 +
 +if [[ ${major_version} == "​7"​ ]]; then
 +  echo -e "​\n->​Removing NTP, installing Chrony..."​
 +  yum -y remove ntp
 +  yum -y install chrony
 +  time_config="​chrony.conf"​
 +else
 +  echo -e "​\n->​Installing NTP..."​
 +  yum -y install ntp
 +  time_config="​ntp.conf"​
 +fi
 +
 +echo -e "​\n->​Initial time sync..."​
 +if [[ ${major_version} == "​7"​ ]]; then
 +  echo -e "​->​Chrony automatically syncs time upon startup quickly; do nothing here."
 +else
 +  ntpd -gxq
 +  sleep 1
 +  ntpd -gxq
 +  sleep 1
 +  ntpd -gxq
 +  sleep 1
 +fi
 +
 +echo -e "​\n->​Starting and enabling the time service..."​
 +if [[ ${major_version} == "​7"​ ]]; then
 +  systemctl restart chronyd
 +  systemctl enable chronyd
 +else
 +  service ntpd restart
 +  chkconfig ntpd on
 +fi
 +
 +#​====================================================================
 +# System Updates
 +#​====================================================================
 +echo -e "​\n\n>>​Running system updates..."​
 +yum -y update
 +
 +#​====================================================================
 +# Configure OS settings
 +#​====================================================================
 +echo -e "​\n\n>>​Configuring OS settings..."​
 +
 +# Not in Spacewalk Config Channels
 +echo -e "​\n->​Non-Spacewalk Managed configs (remove motd, at.allow, cron.allow)..."​
 +rm -fv /etc/motd
 +\cp -v ${base_path}os-agnostic/​etc/​at.allow /​etc/​at.allow
 +\cp -v ${base_path}os-agnostic/​etc/​cron.allow /​etc/​cron.allow
 +
 +# Ensure proper ownership and permissions
 +chown -v root:root /​etc/​at.allow /​etc/​cron.allow
 +chmod -v 600 /​etc/​at.allow /​etc/​cron.allow
 +
 +#​====================================================================
 +# Setup Mail
 +#​====================================================================
 +echo -e "​\n\n>>​Configuring mail..."​
 +
 +# Setup alias for root's mail
 +mail_aliases='​root:​ sysadmins@example.com'​
 +echo -e "​\n->​Setting the following root alias in /​etc/​aliases:​ ${mail_aliases}"​
 +sed -i -r -e "​s/​^#?​root.*/​${mail_aliases}/"​ /​etc/​aliases
 +
 +echo -e "​\n->​Rebuilding aliases.db..."​
 +newaliases
 +
 +# Determine if using postfix or sendmail, setup config
 +echo -e "​\n->​Checking for postfix and sendmail packages..."​
 +rpm -q postfix
 +postfix_installed="​$?"​
 +rpm -q sendmail
 +sendmail_installed="​$?"​
 +
 +if [[ ${postfix_installed} -eq 0 ]]; then
 +  mail_client="​postfix"​
 +  echo -e "​\n->​Detected mail client is: ${mail_client}. Configuring..."​
 +
 +elif [[ ${sendmail_installed} -eq 0 ]]; then
 +  mail_client="​sendmail"​
 +  echo -e "​\n->​Detected mail client is: ${mail_client}. Configuring..."​
 +
 +else
 +  mail_client=""​
 +  echo -e "​\n>>​Error! Could not detect an installed postfix or sendmail config."​
 +fi
 +
 +if [[ ${mail_client} == "​postfix"​ || ${mail_client} == "​sendmail"​ ]]; then
 +  echo -e "​\n->​Starting up mail client: ${mail_client}..."​
 +
 +  if [[ ${major_version} == "​7"​ ]]; then
 +    systemctl start ${mail_client}
 +    systemctl enable ${mail_client}
 +  else
 +    service ${mail_client} start
 +    chkconfig ${mail_client} on
 +  fi
 +fi
 +
 +#​====================================================================
 +# Setup Authentication (IPA) - or other LDAP source
 +#​====================================================================
 +echo -e "​\n\n>>​Configuring Authentication(IPA)..."​
 +
 +echo -e "​\n->​Installing IPA Client packages..."​
 +yum -y install ipa-client
 +
 +case ${OSTYPE} in
 +  "​el7"​) # EL7 IPA Config
 +
 +    # Unattended install
 +    echo -e "​\n->​Running IPA Unattended realm join..."​
 +    ipa-client-install --domain=example.com --server=ipaserver01.example.com --server=ipaserver02.example.com --mkhomedir --no-dns-sshfp --fixed-primary --hostname=$(hostname | sed '​s/​.example.com//'​ | tr '​[:​upper:​]'​ '​[:​lower:​]'​).example.com --no-ntp --principal autoenroll --password=<​PASSWORD-HERE>​ --unattended --force-join
 +
 +    if [[ $? -ne 0 ]]; then
 +      # ipa-client-install exited with a non-zero status
 +      echo -e "​->​ERROR! ipa-client-install encountered an error! Is the host added to the IPA servers?"​
 +      echo -e "​->​WARNING:​ System not joined to IPA."
 +    else
 +      # ipa-client-install realm join was successful
 +
 +      # fix sshd config: ipa-client-install modifies sshd, breaking it if there are any Match statements
 +      echo -e "​\n->​Redeploying sshd config and restart the service..."​
 +      rhncfg-client get /​etc/​ssh/​sshd_config
 +      systemctl restart sshd
 +
 +      echo -e "​\n->​Ensuring nscd/nslcd is disabled..."​
 +      systemctl stop nslcd nscd
 +      systemctl disable nslcd nscd
 +
 +      echo -e "​\n->​Disabling ldap identification,​ldap auth, and force legacy (sssd used instead)..."​
 +      authconfig --disableldap --disableldapauth --disableforcelegacy --update
 +
 +      echo -e "​\n->​Restarting sssd..."​
 +      systemctl restart sssd
 +
 +      echo -e "​\n->​Starting and enabling oddjobd..."​
 +      systemctl start oddjobd
 +      systemctl enable oddjobd
 +    fi
 +
 +  ;; # END of EL7 IPA Config
 +
 +  "​el6"​) # EL6 IPA Config
 +
 +    # Unattended install
 +    echo -e "​\n->​Running IPA Unattended realm join..."​
 +    ipa-client-install --domain=example.com --server=ipaserver02.example.com --server=ipaserver01.example.com --mkhomedir --no-dns-sshfp --fixed-primary --hostname=$(hostname | sed '​s/​.example.com//'​ | tr '​[:​upper:​]'​ '​[:​lower:​]'​).example.com --no-ntp --principal autoenroll --password=<​PASSWORD-HERE>​ --unattended --force-join
 +
 +    if [[ $? -ne 0 ]]; then
 +      # ipa-client-install exited with a non-zero status
 +      echo -e "​->​ERROR! ipa-client-install encountered an error! Is the host added to the IPA servers?"​
 +      echo -e "​->​WARNING:​ System not joined to IPA."
 +    else
 +      # ipa-client-install realm join was successful
 +
 +      # fix sshd config: ipa-client-install modifies sshd, breaking it if there are any Match statements
 +      echo -e "​\n->​Redeploying sshd config and restart the service..."​
 +      rhncfg-client get /​etc/​ssh/​sshd_config
 +      service sshd restart
 +
 +      echo -e "​\n->​Ensuring nscd/nslcd is disabled..."​
 +      service nslcd stop
 +      service nscd stop
 +      chkconfig nslcd off
 +      chkconfig nscd off
 +
 +      echo -e "​\n->​Disabling ldap identification,​ldap auth, and force legacy (sssd used instead)..."​
 +      authconfig --disableldap --disableldapauth --disableforcelegacy --update
 +
 +      echo -e "​\n->​Restarting sssd..."​
 +      service sssd restart
 +
 +      echo -e "​\n->​Starting and enabling oddjobd..."​
 +      service messagebus start
 +      service oddjobd start
 +      chkconfig messagebus on
 +      chkconfig oddjobd on
 +
 +      echo -e "​\n->​Adding client idle timeout to sssd.conf (cron fix for EL6 bug)..."​
 +      if [[ $(grep client_idle_timeout /​etc/​sssd/​sssd.conf) ]]; then
 +        echo -e "​->​Client idle timeout found in sssd.conf, will not append"​
 +      else
 +        sed -i '/​services = nss, sudo, pam, ssh/ a\client_idle_timeout=75'​ /​etc/​sssd/​sssd.conf
 +        service sssd restart
 +        service crond restart
 +      fi
 +
 +    fi
 +
 +  ;; # END of EL6 IPA Config
 +
 +esac
 +
 +#​====================================================================
 +# Setup monitoring client
 +#​====================================================================
 +
 +# Install and configure system monitoring client here
 +
 +#​====================================================================
 +# Install Extra System Packages, EPEL Repo, and EPEL Packages
 +#​====================================================================
 +echo -e "​\n\n>>​Installing extra packages..."​
 +
 +# Space separated package list
 +SYS_PKGS="​sysstat"​
 +echo -e "​\n->​Installing extra system packages: ${SYS_PKGS}"​
 +yum -y install ${SYS_PKGS}
 +
 +# Check to see if Spacewalk has registered the EPEL repo
 +echo -e "​\n->​Checking for Spacewalk EPEL repo..."​
 +yum repolist | grep "​.*_epel"​
 +epel_added="​$?"​
 +
 +if [[ ${epel_added} -eq 0 ]]; then
 +  # EPEL repo was found in yum repolist
 +  echo -e "​\n->​EPEL repo detected. Will not add again."​
 +else
 +  # EPEL repo was NOT found in yum repolist; Add EPEL Repo
 +  echo -e "​\n->​EPEL repo not found; Adding EPEL repo..."​
 +  yum -y install epel-release
 +
 +  echo -e "​\n->​Caching mirrors.fedoraproject.org with dig...\n"​
 +  dig mirrors.fedoraproject.org > /dev/null
 +
 +  echo -e "​\n->​Listing repos to build cache..."​
 +  yum repolist
 +  if [ $? -eq 1 ]; then
 +    echo -e "​\n->​Repo list error...attempting to fix."
 +    yum clean all
 +
 +    yum repolist
 +    if [ $? -eq 1 ]; then
 +      echo -e "​\n->​STILL repolist error...probably because of EPEL. Trying to reinstall..."​
 +      yum -y remove epel-release
 +      yum clean all
 +      yum -y install epel-release
 +
 +      echo -e "​\n->​Caching mirrors.fedoraproject.org with dig...\n"​
 +      dig mirrors.fedoraproject.org > /dev/null
 +      echo -e "​\n->​Listing repos to build cache..."​
 +      yum repolist
 +    fi
 +  fi
 +fi # end of yum repolist grep
 +
 +# Space separated package list
 +EPEL_PKGS="​clamav clamav-update iperf"
 +echo -e "​\n->​Installing EPEL packages: ${EPEL_PKGS}"​
 +yum -y install ${EPEL_PKGS}
 +
 +#​====================================================================
 +# Configure Extra Packages
 +#​====================================================================
 +echo -e "​\n\n>>​Configuring extra packages..."​
 +
 +echo -e "​\n->​Removing '​REMOVE ME' lines from /​etc/​sysconfig/​freshclam..."​
 +if [[ -f /​etc/​sysconfig/​freshclam ]]; then
 +  sed -i '/​REMOVE ME/d' /​etc/​sysconfig/​freshclam
 +else
 +  echo -e "​->​Skipping => /​etc/​sysconfig/​freshclam does not exist."​
 +fi
 +
 +#​====================================================================
 +# System Services --- Startup
 +#​====================================================================
 +echo -e "​\n\n>>​Starting some services..."​
 +
 +# Space separated services list
 +SERVICES_START="​auditd clamd"
 +SERVICES_START_EL7="​auditd clamd@scan"​
 +
 +if [[ ${major_version} == "​7"​ ]]; then
 +  echo -e "​\n->​Attempting to start: ${SERVICES_START_EL7}"​
 +  for SYSTEM_SERVICE in ${SERVICES_START_EL7};​ do
 +    systemctl start ${SYSTEM_SERVICE}
 +  done
 +else
 +  echo -e "​\n->​Attempting to start: ${SERVICES_START}"​
 +  for SYSTEM_SERVICE in ${SERVICES_START};​ do
 +    service ${SYSTEM_SERVICE} start
 +  done
 +fi
 +
 +#​====================================================================
 +# System Services --- Enable on boot
 +#​====================================================================
 +echo -e "​\n\n>>​Enabling some services..."​
 +
 +# Space separated services list
 +SERVICES_ON="​auditd clamd oddjobd ${mail_client}"​
 +SERVICES_ON_EL7="​auditd clamd@scan oddjobd ${mail_client}"​
 +
 +if [[ ${major_version} == "​7"​ ]]; then
 +  echo -e "​\n->​Attempting to enable: ${SERVICES_ON_EL7}"​
 +  for SYSTEM_SERVICE in ${SERVICES_ON_EL7};​ do
 +    systemctl enable ${SYSTEM_SERVICE}
 +  done
 +else
 +  echo -e "​\n->​Attempting to enable: ${SERVICES_ON}"​
 +  for SYSTEM_SERVICE in ${SERVICES_ON};​ do
 +    chkconfig ${SYSTEM_SERVICE} on
 +  done
 +fi
 +
 +#​====================================================================
 +# System Services --- Stop
 +#​====================================================================
 +echo -e "​\n\n>>​Stopping some services..."​
 +
 +# Space separated services list
 +SERVICES_STOP="​kdump saslauthd"​
 +SERVICES_STOP_EL7="​kdump saslauthd"​
 +
 +if [[ ${major_version} == "​7"​ ]]; then
 +  echo -e "​\n->​Attempting to stop: ${SERVICES_STOP_EL7}"​
 +  for SYSTEM_SERVICE in ${SERVICES_STOP_EL7};​ do
 +    systemctl stop ${SYSTEM_SERVICE}
 +  done
 +else
 +  echo -e "​\n->​Attempting to stop: ${SERVICES_STOP}"​
 +  for SYSTEM_SERVICE in ${SERVICES_STOP};​ do
 +    service ${SYSTEM_SERVICE} stop
 +  done
 +fi
 +
 +#​====================================================================
 +# System Services --- Disable
 +#​====================================================================
 +echo -e "​\n\n>>​Disabling some services..."​
 +
 +# Space separated services list
 +SERVICES_OFF="​kdump saslauthd"​
 +SERVICES_OFF_EL7="​kdump saslauthd"​
 +
 +if [[ ${major_version} == "​7"​ ]]; then
 +  echo -e "​\n->​Attempting to disable: ${SERVICES_OFF_EL7}"​
 +  for SYSTEM_SERVICE in ${SERVICES_OFF_EL7};​ do
 +    systemctl disable ${SYSTEM_SERVICE}
 +  done
 +else
 +  echo -e "​\n->​Attempting to disable: ${SERVICES_OFF}"​
 +  for SYSTEM_SERVICE in ${SERVICES_OFF};​ do
 +    chkconfig ${SYSTEM_SERVICE} off
 +  done
 +fi
 +
 +#​====================================================================
 +# Post Installation Completed
 +#​====================================================================
 +echo -e "​\n\n#​=================================================================="​
 +echo "# Post Install Configuration Completed. - A reboot is recommended."​
 +echo "#​=================================================================="​
 +exit 0
 </​code>​ </​code>​
  
 ---- ----
  
  • linux_wiki/os_install_post_install.txt
  • Last modified: 2019/05/26 03:50
  • (external edit)