make install script rerun and add logrotate support.

Change-Id: I84526351f9aa4882d498601ebe9681e622909516
This commit is contained in:
xiaodongwang 2014-02-04 18:31:43 -08:00
parent 7bb1a48246
commit 2beaa6421e
30 changed files with 1074 additions and 358 deletions

23
bin/chef/addcookbooks.py Normal file → Executable file
View File

@ -1,10 +1,25 @@
#!/usr/bin/env python #!/usr/bin/env python
import logging
import os import os
import os.path import os.path
cookbooks = []
cookbook_dir = '/var/chef/cookbooks/' from compass.utils import flags
cmd = "knife cookbook upload --all --cookbook-path %s" % cookbook_dir from compass.utils import logsetting
os.system(cmd)
flags.add('cookbooks_dir',
help='chef cookbooks directory',
default='/var/chef/cookbooks')
if __name__ == '__main__':
flags.init()
logsetting.init()
cookbooks = []
cookbooks_dir = flags.OPTIONS.cookbooks_dir
logging.info('add cookbooks %s', cookbooks_dir)
cmd = "knife cookbook upload --all --cookbook-path %s" % cookbooks_dir
os.system(cmd)

42
bin/chef/adddatabags.py Normal file → Executable file
View File

@ -1,21 +1,37 @@
#!/usr/bin/env python #!/usr/bin/env python
import logging
import os import os
import os.path import os.path
databags = [] from compass.utils import flags
databag_dir = '/var/chef/databags' from compass.utils import logsetting
for item in os.listdir(databag_dir):
databags.append(item)
for databag in databags:
cmd = "knife data bag create %s" % databag
os.system(cmd)
databag_items = []
databagitem_dir = os.path.join(databag_dir, databag)
for item in os.listdir(databagitem_dir):
databag_items.append(os.path.join(databagitem_dir, item))
for databag_item in databag_items: flags.add('databags_dir',
cmd = 'knife data bag from file %s %s' % (databag, databag_item) help='chef databags directory',
default='/var/chef/databags')
if __name__ == '__main__':
flags.init()
logsetting.init()
databags = []
databags_dir = flags.OPTIONS.databags_dir
for item in os.listdir(databags_dir):
databags.append(item)
for databag in databags:
logging.info('add databag %s', databag)
cmd = "knife data bag create %s" % databag
os.system(cmd) os.system(cmd)
databag_items = []
databagitem_dir = os.path.join(databags_dir, databag)
for item in os.listdir(databagitem_dir):
databag_items.append(os.path.join(databagitem_dir, item))
for databag_item in databag_items:
logging.info('add databag item %s to databag %s',
databag_item, databag)
cmd = 'knife data bag from file %s %s' % (databag, databag_item)
os.system(cmd)

View File

@ -1,15 +1,29 @@
#!/usr/bin/env python #!/usr/bin/env python
import logging
import os import os
import os.path import os.path
rolelist = [] from compass.utils import flags
role_dir = '/var/chef/roles' from compass.utils import logsetting
for item in os.listdir(role_dir):
f = os.path.join(role_dir, item)
rolelist.append(f)
for role in rolelist:
cmd = "knife role from file %s" % role
os.system(cmd)
flags.add('roles_dir',
help='chef roles directory',
default='/var/chef/roles')
if __name__ == '__main__':
flags.init()
logsetting.init()
rolelist = []
roles_dir = flags.OPTIONS.roles_dir
for item in os.listdir(roles_dir):
role_file = os.path.join(roles_dir, item)
rolelist.append(role_file)
for role in rolelist:
logging.info('add role %s', role)
cmd = "knife role from file %s" % role
os.system(cmd)

View File

@ -5,6 +5,7 @@ import os
import os.path import os.path
import re import re
import shutil import shutil
import sys
from flask.ext.script import Manager from flask.ext.script import Manager
@ -69,9 +70,21 @@ def list_config():
print key, value print key, value
@app_manager.command
def checkdb():
"""check if db exists"""
if setting.DATABASE_TYPE == 'file':
if os.path.exists(setting.DATABASE_FILE):
sys.exit(0)
else:
sys.exit(1)
sys.exit(0)
@app_manager.command @app_manager.command
def createdb(): def createdb():
"Creates database from sqlalchemy models" """Creates database from sqlalchemy models"""
if setting.DATABASE_TYPE == 'file': if setting.DATABASE_TYPE == 'file':
if os.path.exists(setting.DATABASE_FILE): if os.path.exists(setting.DATABASE_FILE):
os.remove(setting.DATABASE_FILE) os.remove(setting.DATABASE_FILE)
@ -81,7 +94,7 @@ def createdb():
@app_manager.command @app_manager.command
def dropdb(): def dropdb():
"Drops database from sqlalchemy models" """Drops database from sqlalchemy models"""
database.drop_db() database.drop_db()
@ -115,14 +128,17 @@ def sync_from_installers():
roles_per_target_system = {} roles_per_target_system = {}
for adapter in adapters: for adapter in adapters:
target_systems.add(adapter['target_system']) target_systems.add(adapter['target_system'])
for target_system in target_systems: for target_system in target_systems:
roles_per_target_system[target_system] = manager.get_roles( roles_per_target_system[target_system] = manager.get_roles(
target_system) target_system)
with database.session() as session: with database.session() as session:
session.query(Adapter).delete() session.query(Adapter).delete()
session.query(Role).delete() session.query(Role).delete()
for adapter in adapters: for adapter in adapters:
session.add(Adapter(**adapter)) session.add(Adapter(**adapter))
for target_system, roles in roles_per_target_system.items(): for target_system, roles in roles_per_target_system.items():
for role in roles: for role in roles:
session.add(Role(**role)) session.add(Role(**role))

View File

@ -1,12 +1,6 @@
#!/bin/bash #!/bin/bash
let initial_run=0 /opt/compass/bin/manage_db.py checkdb
while [ $# -gt 0 ]; do if [[ "$?" == "0" ]]; then
case "$1" in
-i|--init) let initial_run=1; shift ;;
*) shift ;;
esac
done
if [ $initial_run -eq 0 ]; then
/opt/compass/bin/manage_db.py clean_clusters /opt/compass/bin/manage_db.py clean_clusters
fi fi
/opt/compass/bin/manage_db.py createdb /opt/compass/bin/manage_db.py createdb

View File

@ -64,10 +64,7 @@ class DnsCheck(base.BaseCheck):
if "listen-on port 53" in line and host_ip in line: if "listen-on port 53" in line and host_ip in line:
VAR_MAP["match_port"] = True VAR_MAP["match_port"] = True
if "allow-query" in line: if "allow-query" in line:
for subnet in ["127.0.0.0/8", for subnet in ["127.0.0.0/8"]:
"10.0.0.0/8",
"192.168.0.0/16",
"172.16.0.0/12"]:
if not subnet in line: if not subnet in line:
missing_query.append(subnet) missing_query.append(subnet)
f.close() f.close()

View File

@ -33,10 +33,14 @@ TO_CLUSTER_TRANSLATORS = {
'/credential/mysql/image', '/credential/mysql/image',
'/credential/mysql/metering', '/credential/mysql/metering',
'/credential/mysql/network', '/credential/mysql/network',
'/credential/mysql/super',
'/credential/mysql/volume', '/credential/mysql/volume',
] ]
)], )],
'/security/service_credentials/password': [KeyTranslator(
translated_keys=[
'/credential/mysql/super/password',
]
)],
'/networking/interfaces/management/nic': [KeyTranslator( '/networking/interfaces/management/nic': [KeyTranslator(
translated_keys=['/networking/control/interface'], translated_keys=['/networking/control/interface'],
)], )],

View File

@ -194,7 +194,7 @@ chef_EXPECTED = {
'metering': {'username': 'service', 'password': 'huawei'}, 'metering': {'username': 'service', 'password': 'huawei'},
'volume': {'username': 'service', 'password': 'huawei'}, 'volume': {'username': 'service', 'password': 'huawei'},
'dashboard': {'username': 'service', 'password': 'huawei'}, 'dashboard': {'username': 'service', 'password': 'huawei'},
'super': {'username': 'service', 'password': 'huawei'}, 'super': {'password': 'huawei'},
'identity': {'username': 'service', 'password': 'huawei'} 'identity': {'username': 'service', 'password': 'huawei'}
} }
}, },

View File

@ -244,7 +244,7 @@ chef_EXPECTED = {
'metering': {'username': 'service', 'password': 'huawei'}, 'metering': {'username': 'service', 'password': 'huawei'},
'volume': {'username': 'service', 'password': 'huawei'}, 'volume': {'username': 'service', 'password': 'huawei'},
'dashboard': {'username': 'service', 'password': 'huawei'}, 'dashboard': {'username': 'service', 'password': 'huawei'},
'super': {'username': 'service', 'password': 'huawei'}, 'super': {'password': 'huawei'},
'identity': {'username': 'service', 'password': 'huawei'} 'identity': {'username': 'service', 'password': 'huawei'}
} }
}, },

View File

@ -404,7 +404,7 @@ chef_EXPECTED = {
'metering': {'username': 'service', 'password': 'huawei'}, 'metering': {'username': 'service', 'password': 'huawei'},
'volume': {'username': 'service', 'password': 'huawei'}, 'volume': {'username': 'service', 'password': 'huawei'},
'dashboard': {'username': 'service', 'password': 'huawei'}, 'dashboard': {'username': 'service', 'password': 'huawei'},
'super': {'username': 'service', 'password': 'huawei'}, 'super': {'password': 'huawei'},
'identity': {'username': 'service', 'password': 'huawei'} 'identity': {'username': 'service', 'password': 'huawei'}
} }
}, },
@ -474,7 +474,7 @@ chef_EXPECTED = {
'metering': {'username': 'service', 'password': 'huawei'}, 'metering': {'username': 'service', 'password': 'huawei'},
'volume': {'username': 'service', 'password': 'huawei'}, 'volume': {'username': 'service', 'password': 'huawei'},
'dashboard': {'username': 'service', 'password': 'huawei'}, 'dashboard': {'username': 'service', 'password': 'huawei'},
'super': {'username': 'service', 'password': 'huawei'}, 'super': {'password': 'huawei'},
'identity': {'username': 'service', 'password': 'huawei'} 'identity': {'username': 'service', 'password': 'huawei'}
} }
}, },

View File

@ -1,45 +1,60 @@
#!/bin/bash #!/bin/bash
#
##export ipaddr=$(ifconfig $NIC | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}') # create backup dir
echo "$ipaddr $HOSTNAME" >> /etc/hosts sudo mkdir -p /root/backup/chef
sudo rpm -q chef-server
if [[ "$?" != "0" ]]; then
sudo rpm -Uvh $CHEF_SRV sudo rpm -Uvh $CHEF_SRV
if [[ "$?" != "0" ]]; then
# configure rsyslog echo "failed to rpm install $CHEF_SRV"
cp /etc/rsyslog.conf /root/backup/ exit 1
# update rsyslog.conf fi
sudo sed -i ' else
/#### GLOBAL DIRECTIVES ####/ i\ echo "chef-server has already installed"
\$WorkDirectory /var/lib/rsyslog\ fi
\
\# Added for chef logfiles\
\$template Chef_log,"/var/log/cobbler/anamon/%hostname%/chef-client.log"\
\$template Raw, "%rawmsg%"\
' /etc/rsyslog.conf
sudo sed -i '
/# ### begin forwarding rule ###/ i\
local3.* -?Chef_log\
' /etc/rsyslog.conf
sudo sed -i 's/^#$ModLoad[ \t]\+imtcp/$ModLoad imtcp/g' /etc/rsyslog.conf
sudo sed -i '/$InputTCPServerRun/c\$InputTCPServerRun 514' /etc/rsyslog.conf
sudo service rsyslog restart
# configure chef-server # configure chef-server
sudo mkdir /root/backup/chef-server sudo chef-server-ctl cleanse
sudo cp /opt/chef-server/embedded/conf/nginx.conf /root/backup/chef-server/ mkdir -p /etc/chef-server
sudo sed -i 's/listen\([ \t]\+\)80;/listen\18080;/g' /opt/chef-server/embedded/conf/nginx.conf sudo cp -rn /etc/chef-server/chef-server.rb /root/backup/chef/
sudo rm -f /etc/chef-server/chef-server.rb
sudo cp -rf $COMPASSDIR/misc/chef-server/chef-server.rb /etc/chef-server/chef-server.rb
sudo chmod 644 /etc/chef-server/chef-server.rb
sudo chef-server-ctl reconfigure sudo chef-server-ctl reconfigure
sudo cp /var/opt/chef-server/nginx/etc/nginx.conf /root/backup/chef-server/etc-nginx.conf
sudo sed -i 's/listen\([ \t]\+\)80;/listen\18080;/g' /var/opt/chef-server/nginx/etc/nginx.conf
sudo chef-server-ctl restart
sudo chef-server-ctl test sudo chef-server-ctl test
if [[ "$?" != "0" ]]; then
echo "chef-server-ctl test failed"
exit 1
fi
# configure chef client and knife # configure chef client and knife
sudo curl -L http://www.opscode.com/chef/install.sh | sudo bash rpm -q chef
if [[ "$?" != "0" ]]; then
sudo wget -c --progress=bar:force -O /tmp/chef_install.sh http://www.opscode.com/chef/install.sh
if [[ "$?" != "0" ]]; then
echo "failed to download chef install script"
exit 1
else
echo "chef install script is downloaded"
fi
sudo chmod 755 /tmp/chef_install.sh
sudo /tmp/chef_install.sh
if [[ "$?" != "0" ]]; then
echo "chef install failed"
exit 1
else
echo "chef is installed"
fi
else
echo "chef has already installed"
fi
sudo mkdir ~/.chef sudo mkdir -p ~/.chef
sudo knife configure -y -i --defaults -r ~/chef-repo -s https://localhost:443 -u $USER --admin-client-name admin --admin-client-key /etc/chef-server/admin.pem --validation-client-name chef-validator --validation-key /etc/chef-server/chef-validator.pem <<EOF sudo knife configure -y -i --defaults -r ~/chef-repo -s https://localhost:443 -u $USER --admin-client-name admin --admin-client-key /etc/chef-server/admin.pem --validation-client-name chef-validator --validation-key /etc/chef-server/chef-validator.pem <<EOF
root1234 $CHEF_PASSWORD
EOF EOF
sudo sed -i "/node_name/c\node_name \'admin\'" /$USER/.chef/knife.rb sudo sed -i "/node_name/c\node_name \'admin\'" /$USER/.chef/knife.rb
sudo sed -i "/client_key/c\client_key \'\/etc\/chef-server\/admin.pem\'" /$USER/.chef/knife.rb sudo sed -i "/client_key/c\client_key \'\/etc\/chef-server\/admin.pem\'" /$USER/.chef/knife.rb

View File

@ -1,163 +1,287 @@
#!/bin/bash #!/bin/bash
#
echo "Installing cobbler related packages" echo "Installing cobbler related packages"
sudo yum -y install cobbler cobbler-web createrepo mkisofs python-cheetah python-simplejson python-urlgrabber PyYAML Django cman debmirror pykickstart -y sudo yum -y install cobbler cobbler-web createrepo mkisofs python-cheetah python-simplejson python-urlgrabber PyYAML Django cman debmirror pykickstart -y
if [[ "$?" != "0" ]]; then
echo "failed to install cobbler related packages"
exit 1
else
echo "cobbler related packages are installed"
fi
sudo chkconfig cobblerd on sudo chkconfig cobblerd on
# create backup dir # create backup dir
sudo mkdir /root/backup # create backup folder sudo mkdir -p /root/backup/cobbler
# configure ntp # update httpd conf
sudo cp /etc/ntp.conf /root/backup/ sudo cp -rn /etc/httpd/conf.d /root/backup/cobbler/
# update ntp.conf sudo rm -f /etc/httpd/conf.d/cobbler_web.conf
sudo sed -i 's/^#server[ \t]\+127.127.1.0/server 127.127.1.0/g' /etc/ntp.conf sudo cp -rf $COMPASSDIR/misc/apache/cobbler_web.conf /etc/httpd/conf.d/cobbler_web.conf
sudo service ntpd stop chmod 644 /etc/httpd/conf.d/cobbler_web.conf
sudo ntpdate 0.centos.pool.ntp.org sudo rm -rf /etc/httpd/conf.d/ssl.conf
sudo service ntpd start sudo cp -rf $COMPASSDIR/misc/apache/ssl.conf /etc/httpd/conf.d/ssl.conf
chmod 644 /etc/httpd/conf.d/ssl.conf
# configure xinetd # disable selinux
sudo cp /etc/xinetd.d/tftp /root/backup/ sudo mkdir -p /root/backup/selinux
sudo sed -i 's/disable\([ \t]\+\)=\([ \t]\+\)yes/disable\1=\2no/g' /etc/xinetd.d/tftp sudo cp -rn /etc/selinux/config /root/backup/selinux/
sudo service xinetd restart
##export ipaddr=$(ifconfig $NIC | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}')
export cobbler_passwd=$(openssl passwd -1 -salt 'huawei' '123456')
# configure dhcpd
##SUBNET=${SUBNET:-$(ipcalc $(ip address| grep "global $NIC" |cut -f 6 -d ' ') -n|cut -f 2 -d '=')}
##OPTION_ROUTER=${OPTION_ROUTER:-$(ifconfig $NIC | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}')}
##IP_RANGE=${IP_RANGE:-$(echo "$(echo "$ipaddr"|cut -f 1 -d '.').$(echo "$ipaddr"|cut -f 2 -d '.').$(echo "$ipaddr"|cut -f 3 -d '.').100 $(echo "$ipaddr"|cut -f 1 -d '.').$(echo "$ipaddr"|cut -f 2 -d '.').$(echo "$ipaddr"|cut -f 3 -d '.').254")}
##NEXTSERVER=${NEXTSERVER:-$ipaddr}
sudo mkdir /root/backup/cobbler
sudo cp /etc/cobbler/settings /root/backup/cobbler/
sudo cp /etc/cobbler/dhcp.template /root/backup/cobbler/
# Dumps the variables to dhcp template
subnet=$(ipcalc $SUBNET -n |cut -f 2 -d '=')
sudo sed -i "s/subnet 192.168.1.0 netmask 255.255.255.0/subnet $subnet netmask $netmask/g" /etc/cobbler/dhcp.template
sudo sed -i "/option routers[ \t]\+[a-zA-Z0-9]\+.[a-zA-Z0-9]\+.[a-zA-Z0-9]\+.[a-zA-Z0-9]\+/c\ option routers $OPTION_ROUTER;" /etc/cobbler/dhcp.template
sudo sed -i "s/option subnet-mask[ \t]\+255.255.255.0/option subnet-mask $netmask/g" /etc/cobbler/dhcp.template
sudo sed -i "/option domain-name-servers/c\ option domain-name-servers $ipaddr;" /etc/cobbler/dhcp.template
sudo sed -i "/range dynamic-bootp/c\ range dynamic-bootp $IP_RANGE;" /etc/cobbler/dhcp.template
sudo sed -i 's/^\([ \t]*\).*fixed-address.*$/\1#pass/g' /etc/cobbler/dhcp.template
sudo sed -i "/allow bootp/a deny unknown-clients;\nlocal-address $ipaddr;" /etc/cobbler/dhcp.template
# Set up other setting options in cobbler/settings
sudo sed -i "/next_server/c\next_server: $NEXTSERVER" /etc/cobbler/settings
sudo sed -i "s/server:[ \t]\+127.0.0.1/server: $ipaddr/g" /etc/cobbler/settings
sudo sed -i 's/manage_dhcp:[ \t]\+0/manage_dhcp: 1/g' /etc/cobbler/settings
sudo sed -i 's/manage_dns:[ \t]\+0/manage_dns: 1/g' /etc/cobbler/settings
sudo sed -i 's/manage_tftpd:[ \t]\+0/manage_tftpd: 1/g' /etc/cobbler/settings
sudo sed -i 's/anamon_enabled:[ \t]\+0/anamon_enabled: 1/g' /etc/cobbler/settings
sudo sed -i "s/default_name_servers:.*/default_name_servers: \['$ipaddr'\]/g" /etc/cobbler/settings
sudo sed -i 's/enable_menu:[ \t]\+1/enable_menu: 0/g' /etc/cobbler/settings
domains=$(echo $NAMESERVER_DOMAINS | sed "s/,/','/g")
sudo sed -i "s/manage_forward_zones:.*/manage_forward_zones: \['$domains'\]/g" /etc/cobbler/settings
sudo sed -i 's/pxe_just_once:[ \t]\+0/pxe_just_once: 1/g' /etc/cobbler/settings
sudo sed -i "s,^default_password_crypted:[ \t]\+\"\(.*\)\",default_password_crypted: \"$cobbler_passwd\",g" /etc/cobbler/settings
sudo sed -i 's/^RewriteRule/# RewriteRule/g' /etc/httpd/conf.d/cobbler_web.conf
sudo sed -i 's/^Listen\([ \t]\+\)443/Listen\1445/g' /etc/httpd/conf.d/ssl.conf
sudo sed -i 's/^<VirtualHost\(.*\):443>/<VirtualHost\1:445>/g' /etc/httpd/conf.d/ssl.conf
sudo mkdir /root/backup/selinux
sudo cp /etc/selinux/config /root/backup/selinux/
sudo sed -i '/SELINUX/s/enforcing/disabled/' /etc/selinux/config sudo sed -i '/SELINUX/s/enforcing/disabled/' /etc/selinux/config
sudo cp /etc/cobbler/modules.conf /root/backup/cobbler/ # update cobbler settings
sudo sed -i 's/module\([ \t]\+\)=\([ \t]\+\)authn_denyall/module\1=\2authn_configfile/g' /etc/cobbler/modules.conf sudo cp -rn /etc/cobbler/settings /root/backup/cobbler/
sudo rm -f /etc/cobbler/settings
sudo cp -rf $ADAPTER_HOME/cobbler/conf/settings /etc/cobbler/settings
sudo sed -i "s/next_server:[ \t]*\$next_server/next_server: $NEXTSERVER/g" /etc/cobbler/settings
sudo sed -i "s/server:[ \t]*\$ipaddr/server: $ipaddr/g" /etc/cobbler/settings
sudo sed -i "s/default_name_servers:[ \t]*\['\$ipaddr'\]/default_name_servers: \['$ipaddr'\]/g" /etc/cobbler/settings
domains=$(echo $NAMESERVER_DOMAINS | sed "s/,/','/g")
sudo sed -i "s/manage_forward_zones:[ \t]*\[\]/manage_forward_zones: \['$domains'\]/g" /etc/cobbler/settings
export cobbler_passwd=$(openssl passwd -1 -salt 'huawei' '123456')
sudo sed -i "s,^default_password_crypted:[ \t]\+\"\(.*\)\",default_password_crypted: \"$cobbler_passwd\",g" /etc/cobbler/settings
sudo chmod 644 /etc/cobbler/settings
# update dhcp.template
sudo cp -rn /etc/cobbler/dhcp.template /root/backup/cobbler/
sudo rm -f /etc/cobbler/dhcp.template
sudo cp -rf $ADAPTER_HOME/cobbler/conf/dhcp.template /etc/cobbler/dhcp.template
subnet=$(ipcalc $SUBNET -n |cut -f 2 -d '=')
sudo sed -i "s/subnet \$subnet netmask \$netmask/subnet $subnet netmask $netmask/g" /etc/cobbler/dhcp.template
sudo sed -i "s/option routers \$gateway/option routers $OPTION_ROUTER/g" /etc/cobbler/dhcp.template
sudo sed -i "s/option subnet-mask \$netmask/option subnet-mask $netmask/g" /etc/cobbler/dhcp.template
sudo sed -i "s/option domain-name-servers \$ipaddr/option domain-name-servers $ipaddr/g" /etc/cobbler/dhcp.template
sudo sed -i "s/range dynamic-bootp \$ip_range/range dynamic-bootp $IP_RANGE/g" /etc/cobbler/dhcp.template
sudo sed -i "s/local-address \$ipaddr/local-address $ipaddr/g" /etc/cobbler/dhcp.template
sudo chmod 644 /etc/cobbler/dhcp.template
# update tftpd.template
sudo cp -rn /etc/cobbler/tftpd.template /root/backup/cobbler/
sudo rm -f /etc/cobbler/tftpd.template
sudo cp -rf $ADAPTER_HOME/cobbler/conf/tftpd.template /etc/cobbler/tftpd.template
sudo chmod 644 /etc/cobbler/tftpd.template
# update named.template
sudo cp -rn /etc/cobbler/named.template /root/backup/cobbler/
sudo rm -f /etc/cobbler/named.template
sudo cp -rf $ADAPTER_HOME/cobbler/conf/named.template /etc/cobbler/named.template
sudo sed -i "s/listen-on port 53 { \$ipaddr; }/listen-on port 53 \{ $ipaddr; \}/g" /etc/cobbler/named.template
subnet_escaped=$(echo $SUBNET | sed -e 's/[\/&]/\\&/g')
sudo sed -i "s/allow-query { 127.0.0.0\/8; \$subnet; }/allow-query \{ 127.0.0.0\/8; $subnet_escaped; \}/g" /etc/cobbler/named.template
sudo chmod 644 /etc/cobbler/named.template
# update zone.template
sudo cp -rn /etc/cobbler/zone.template /root/backup/cobbler/
sudo rm -f /etc/cobbler/zone.template
sudo cp -rf $ADAPTER_HOME/cobbler/conf/zone.template /etc/cobbler/zone.template
sudo sed -i "s/\$hostname IN A \$ipaddr/$HOSTNAME IN A $ipaddr/g" /etc/cobbler/zone.template
sudo chmod 644 /etc/cobbler/zone.template
# update modules.conf
sudo cp -rn /etc/cobbler/modules.conf /root/backup/cobbler/
sudo rm -f /etc/cobbler/modules.conf
sudo cp -rf $ADAPTER_HOME/cobbler/conf/modules.conf /etc/cobbler/modules.conf
sudo chmod 644 /etc/cobbler/modules.conf
echo "setting up cobbler web password: default user is cobbler" echo "setting up cobbler web password: default user is cobbler"
CBLR_USER=${CBLR_USER:-"cobbler"} CBLR_USER=${CBLR_USER:-"cobbler"}
CBLR_PASSWD=${CBLR_PASSWD:-"cobbler"} CBLR_PASSWD=${CBLR_PASSWD:-"cobbler"}
(echo -n "$CBLR_USER:Cobbler:" && echo -n "$CBLR_USER:Cobbler:$CBLR_PASSWD" | md5sum - | cut -d' ' -f1) >> /etc/cobbler/users.digest (echo -n "$CBLR_USER:Cobbler:" && echo -n "$CBLR_USER:Cobbler:$CBLR_PASSWD" | md5sum - | cut -d' ' -f1) > /etc/cobbler/users.digest
sudo sed -i "s/listen-on[ \t]\+.*;/listen-on port 53 \{ $ipaddr; \};/g" /etc/cobbler/named.template # update cobbler config
subnet_escaped=$(echo $SUBNET | sed -e 's/[\/&]/\\&/g') sudo cp -rn /var/lib/cobbler/snippets /root/backup/cobbler/
sudo sed -i "s/allow-query[ \t]\+.*/allow-query\t\{ 127.0.0.0\/8; 10.0.0.0\/8; 192.168.0.0\/16; 172.16.0.0\/12; $subnet_escaped; \};/g" /etc/cobbler/named.template sudo cp -rn /var/lib/cobbler/kickstarts/ /root/backup/cobbler/
sudo rm -rf /var/lib/cobbler/snippets/*
sudo cp -rf $ADAPTER_HOME/cobbler/snippets/* /var/lib/cobbler/snippets/
sudo chmod 777 /var/lib/cobbler/snippets
sudo chmod 666 /var/lib/cobbler/snippets/*
sudo sed -i "s/# \$compass_ip \$compass_hostname/$ipaddr $HOSTNAME/g" /var/lib/cobbler/snippets/hosts
sudo rm -f /var/lib/cobbler/kickstarts/default.ks
sudo cp -rf $ADAPTER_HOME/cobbler/kickstarts/default.ks /var/lib/cobbler/kickstarts/
sudo chmod 666 /var/lib/cobbler/kickstarts/default.ks
echo "$HOSTNAME IN A $ipaddr" >> /etc/cobbler/zone.template sudo cp -rn /etc/xinetd.d /root/backup/
sudo cp /etc/xinetd.d/rsync /root/backup/
sudo sed -i 's/disable\([ \t]\+\)=\([ \t]\+\)yes/disable\1=\2no/g' /etc/xinetd.d/rsync sudo sed -i 's/disable\([ \t]\+\)=\([ \t]\+\)yes/disable\1=\2no/g' /etc/xinetd.d/rsync
sudo sed -i 's/^@dists=/# @dists=/g' /etc/debmirror.conf sudo sed -i 's/^@dists=/# @dists=/g' /etc/debmirror.conf
sudo sed -i 's/^@arches=/# @arches=/g' /etc/debmirror.conf sudo sed -i 's/^@arches=/# @arches=/g' /etc/debmirror.conf
echo "disable iptables" echo "disable iptables"
sudo service iptables stop sudo service iptables stop
sudo service iptables status
if [[ "$?" == "0" ]]; then
echo "iptables is running"
exit 1
fi
echo "disable selinux temporarily" echo "disable selinux temporarily"
echo 0 > /selinux/enforce echo 0 > /selinux/enforce
echo "Checking if httpd is running" sudo service httpd restart
sudo ps cax | grep httpd > /dev/null
if [ $? -eq 0 ]; then
echo "httpd is running."
else
echo "httpd is not running. Starting httpd"
sudo service httpd start
fi
sudo service cobblerd restart sudo service cobblerd restart
sudo cobbler get-loaders sudo cobbler get-loaders
sudo cobbler check
sudo cobbler sync sudo cobbler sync
sudo service xinetd restart
sudo cobbler check
echo "Checking if httpd is running"
sudo service httpd status
if [[ "$?" == "0" ]]; then
echo "httpd is running."
else
echo "httpd is not running"
exit 1
fi
echo "Checking if dhcpd is running" echo "Checking if dhcpd is running"
sudo ps cax | grep dhcpd > /dev/null sudo service dhcpd status
if [ $? -eq 0 ]; then if [[ "$?" == "0" ]]; then
echo "dhcpd is running." echo "dhcpd is running."
else else
echo "dhcpd is not running. Starting httpd" echo "dhcpd is not running"
sudo service dhcpd start exit 1
fi fi
echo "Checking if named is running" echo "Checking if named is running"
ps cax | grep named > /dev/null sudo service named status
if [ $? -eq 0 ]; then if [[ "$?" == "0" ]]; then
echo "named is running." echo "named is running."
else else
echo "named is not running. Starting httpd" echo "named is not running"
sudo service named start exit 1
fi
echo "Checking if xinetd is running"
sudo service xinetd status
if [[ "$?" == "0" ]]; then
echo "xinetd is running."
else
echo "xinetd is not running"
exit 1
fi
echo "Checking if cobblerd is running"
if [[ "$?" == "0" ]]; then
echo "cobblerd is running."
else
echo "cobblerd is not running"
exit 1
fi fi
# create repo # create repo
sudo mkdir -p /var/lib/cobbler/repo_mirror/ppa_repo sudo mkdir -p /var/lib/cobbler/repo_mirror/ppa_repo
found_ppa_repo=0
for repo in $(cobbler repo list); do
if [ "$repo" == "ppa_repo" ]; then
found_ppa_repo=1
fi
done
if [ "$found_ppa_repo" == "0" ]; then
sudo cobbler repo add --mirror=/var/lib/cobbler/repo_mirror/ppa_repo --name=ppa_repo --mirror-locally=Y sudo cobbler repo add --mirror=/var/lib/cobbler/repo_mirror/ppa_repo --name=ppa_repo --mirror-locally=Y
if [[ "$?" != "0" ]]; then
echo "failed to add ppa_repo"
exit 1
else
echo "ppa_repo is added"
fi
else
echo "repo ppa_repo has already existed."
fi
# download packages # download packages
cd /var/lib/cobbler/repo_mirror/ppa_repo/ cd /var/lib/cobbler/repo_mirror/ppa_repo/
sudo curl http://opscode-omnibus-packages.s3.amazonaws.com/el/6/x86_64/chef-11.8.0-1.el6.x86_64.rpm > chef-11.8.0-1.el6.x86_64.rpm sudo wget -c --progress=bar:force -O chef-11.8.0-1.el6.${IMAGE_ARCH}.rpm http://opscode-omnibus-packages.s3.amazonaws.com/el/${IMAGE_VERSION_MAJOR}/${IMAGE_ARCH}/chef-11.8.0-1.el6.${IMAGE_ARCH}.rpm
sudo curl ftp://ftp.muug.mb.ca/mirror/centos/6.5/os/x86_64/Packages/ntp-4.2.6p5-1.el6.centos.x86_64.rpm > ntp-4.2.6p5-1.el6.centos.x86_64.rpm sudo wget -c --progress=bar:force -O ntp-4.2.6p5-1.el6.${IMAGE_TYPE}.$IMAGE_ARCH.rpm ftp://rpmfind.net/linux/${IMAGE_TYPE,,}/${IMAGE_VERSION}/os/${IMAGE_ARCH}/Packages/ntp-4.2.6p5-1.el6.${IMAGE_TYPE,,}.${IMAGE_ARCH}.rpm
sudo curl http://vault.centos.org/6.4/os/Source/SPackages/openssh-5.3p1-84.1.el6.src.rpm > openssh-clients-5.3p1-84.1.el6.x86_64.rpm sudo wget -c --progress=bar:force -O openssh-clients-5.3p1-94.1.el6.${IMAGE_ARCH}.rpm http://vault.${IMAGE_TYPE,,}.org/${IMAGE_VERSION}/os/Source/SPackages/openssh-5.3p1-94.el6.src.rpm
sudo curl ftp://ftp.muug.mb.ca/mirror/centos/6.5/os/x86_64/Packages/iproute-2.6.32-31.el6.x86_64.rpm > iproute-2.6.32-31.el6.x86_64.rpm sudo wget -c --progress=bar:force -O iproute-2.6.32-31.el6.${IMAGE_ARCH}.rpm ftp://rpmfind.net/linux/${IMAGE_TYPE,,}/${IMAGE_VERSION_MAJOR}/os/${IMAGE_ARCH}/Packages/iproute-2.6.32-31.el6.${IMAGE_ARCH}.rpm
sudo curl ftp://ftp.muug.mb.ca/mirror/centos/6.5/os/x86_64/Packages/wget-1.12-1.8.el6.x86_64.rpm > wget-1.12-1.8.el6.x86_64.rpm sudo wget -c --progress=bar:force -O wget-1.12-1.8.el6.${IMAGE_ARCH}.rpm ftp://rpmfind.net/linux/${IMAGE_TYPE,,}/${IMAGE_VERSION_MAJOR}/os/${IMAGE_ARCH}/Packages/wget-1.12-1.8.el6.${IMAGE_ARCH}.rpm
sudo curl ftp://ftp.muug.mb.ca/mirror/centos/6.5/os/x86_64/Packages/ntpdate-4.2.6p5-1.el6.centos.x86_64.rpm > ntpdate-4.2.6p5-1.el6.centos.x86_64.rpm sudo wget -c --progress=bar:force -O ntpdate-4.2.6p5-1.el6.${IMAGE_TYPE}.${IMAGE_ARCH}.rpm ftp://rpmfind.net/linux/${IMAGE_TYPE,,}/${IMAGE_VERSION_MAJOR}/os/${IMAGE_ARCH}/Packages/ntpdate-4.2.6p5-1.el6.${IMAGE_TYPE,,}.${IMAGE_ARCH}.rpm
cd .. cd ..
sudo createrepo ppa_repo sudo createrepo ppa_repo
if [[ "$?" != "0" ]]; then
echo "failed to createrepo ppa_repo"
exit 1
else
echo "ppa_repo is created"
fi
sudo cobbler reposync sudo cobbler reposync
# import cobbler distro # import cobbler distro
##export ipaddr=$(ifconfig $NIC | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}')
sudo mkdir -p /var/lib/cobbler/iso sudo mkdir -p /var/lib/cobbler/iso
sudo curl "$IMAGE_SOURCE" > /var/lib/cobbler/iso/$IMAGE_NAME.iso sudo wget -c --progress=bar:force -O /var/lib/cobbler/iso/${IMAGE_NAME}-${IMAGE_ARCH}.iso "$IMAGE_SOURCE"
sudo mkdir -p /mnt/$IMAGE_NAME if [[ "$?" != "0" ]]; then
sudo mount -o loop /var/lib/cobbler/iso/$IMAGE_NAME.iso /mnt/$IMAGE_NAME echo "failed to download images $IMAGE_SOURCE"
sudo cobbler import --path=/mnt/$IMAGE_NAME --name=$IMAGE_NAME --arch=x86_64 exit 1
# manually run distro add and profile add if cobbler import fails else
sudo cobbler distro add --name="$IMAGE_NAME" --kernel="/var/www/cobbler/ks_mirror/$IMAGE_NAME-x86_64/isolinux/vmlinuz" --initrd="/var/www/cobbler/ks_mirror/$IMAGE_NAME-x86_64/isolinux/initrd.img" --arch=x86_64 --breed=redhat echo "$IMAGE_SOURCE is downloaded"
sudo cobbler profile add --name="$IMAGE_NAME" --repo=ppa_repo --distro=$IMAGE_NAME --ksmeta="tree=http://$ipaddr/cobbler/ks_mirror/$IMAGE_NAME-x86_64" --kickstart=/var/lib/cobbler/kickstarts/default.ks fi
sudo mkdir -p /mnt/${IMAGE_NAME}-${IMAGE_ARCH}
if [ $(mount | grep -c "/mnt/${IMAGE_NAME}-${IMAGE_ARCH} ") -eq 0 ]; then
sudo mount -o loop /var/lib/cobbler/iso/${IMAGE_NAME}-${IMAGE_ARCH}.iso /mnt/${IMAGE_NAME}-${IMAGE_ARCH}
if [[ "$?" != "0" ]]; then
echo "failed to mount image /mnt/${IMAGE_NAME}-${IMAGE_ARCH}"
exit 1
else
echo "/mnt/${IMAGE_NAME}-${IMAGE_ARCH} is mounted"
fi
else
echo "/mnt/${IMAGE_NAME}-${IMAGE_ARCH} has already mounted"
fi
# add distro
found_distro=0
for distro in $(cobbler distro list); do
if [ "$distro" == "${IMAGE_NAME}-${IMAGE_ARCH}" ]; then
found_distro=1
fi
done
if [ "$found_distro" == "0" ]; then
sudo cobbler import --path=/mnt/${IMAGE_NAME}-${IMAGE_ARCH} --name=${IMAGE_NAME} --arch=${IMAGE_ARCH} --kickstart=/var/lib/cobbler/kickstarts/default.ks --breed=redhat
if [[ "$?" != "0" ]]; then
echo "failed to import /mnt/${IMAGE_NAME}-${IMAGE_ARCH}"
exit 1
else
echo "/mnt/${IMAGE_NAME}-${IMAGE_ARCH} is imported"
fi
else
echo "distro $IMAGE_NAME has already existed"
fi
# add profile
found_profile=0
for profile in $(cobbler profile list); do
if [ "$profile" == "${IMAGE_NAME}-${IMAGE_ARCH}" ]; then
found_profile=1
fi
done
if [ "$found_profile" == "0" ]; then
sudo cobbler profile add --name="${IMAGE_NAME}-${IMAGE_ARCH}" --repo=ppa_repo --distro="${IMAGE_NAME}-${IMAGE_ARCH}" --ksmeta="tree=http://$ipaddr/cobbler/ks_mirror/${IMAGE_NAME}-${IMAGE_ARCH}" --kickstart=/var/lib/cobbler/kickstarts/default.ks
if [[ "$?" != "0" ]]; then
echo "failed to add profile ${IMAGE_NAME}-${IMAGE_ARCH}"
exit 1
else
echo "profile ${IMAGE_NAME}-${IMAGE_ARCH} is added"
fi
else
echo "profile $IMAGE_NAME has already existed."
sudo cobbler profile edit --name="${IMAGE_NAME}-${IMAGE_ARCH}" --repo=ppa_repo
if [[ "$?" != "0" ]]; then
echo "failed to edit profile ${IMAGE_NAME}-${IMAGE_ARCH}"
exit 1
else
echo "profile ${IMAGE_NAME}-${IMAGE_ARCH} is updated"
fi
fi
echo "Cobbler configuration complete!" echo "Cobbler configuration complete!"

View File

@ -1,116 +1,4 @@
#!/bin/bash #!/bin/bash
SCRIPT_DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
echo "script dir: $SCRIPT_DIR"
COMPASSDIR=${SCRIPT_DIR}/..
echo "compass dir is $COMPASSDIR"
copygit2dir()
{
destdir=$1
repo=$2
if [ -d $destdir ];then
echo "$destdir exists"
cd $destdir
git remote set-url origin $repo
git remote update
git reset --hard
git clean -x -f
git checkout master
git reset --hard remotes/origin/master
if [[ -n "$GERRIT_REFSPEC" ]];then
git fetch origin $GERRIT_REFSPEC && git checkout FETCH_HEAD
fi
git clean -x -f
else
mkdir -p $destdir
git clone $repo $destdir
if [[ -n "$GERRIT_REFSPEC" ]];then
# project=$(echo $repo|rev|cut -d '/' -f 1|rev)
cd $destdir
git fetch $repo $GERRIT_REFSPEC && git checkout FETCH_HEAD
fi
fi
cd $SCRIPT_DIR
}
copylocal2dir()
{
destdir=$1
repo=$2
if [ -d $destdir ];then
echo "$destdir exists"
else
mkdir -p $destdir
fi
sudo \cp -rf $repo/* $destdir
}
cd $SCRIPT_DIR
#export ipaddr=$(ifconfig $NIC | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}')
##SUBNET=${SUBNET:-$(ip address| grep "global $NIC" |cut -f 6 -d ' ')}
WEB_HOME=${WEB_HOME:-'/tmp/web/'}
ADAPTER_HOME=${ADAPTER_HOME:-'/tmp/adapter/'}
##WEB_SOURCE=${WEB_SOURCE:-'https://github.com/stackforge/compass-web'}
WEB_SOURCE=${WEB_SOURCE:-$REPO_URL'/stackforge/compass-web'}
# ADAPTER_SOURCE=${ADAPTER_SOURCE:-'https://github.com/stackforge/compass-adapters'}
ADAPTER_SOURCE=${ADAPTER_SOURCE:-$REPO_URL'/stackforge/compass-adapters'}
if [ "$source" != "local" ]; then
copygit2dir $WEB_HOME $WEB_SOURCE
copygit2dir $ADAPTER_HOME $ADAPTER_SOURCE
else
copylocal2dir $WEB_HOME $WEB_SOURCE
copylocal2dir $ADAPTER_HOME $ADAPTER_SOURCE
fi
# download dependences
wget -N http://github.com/downloads/bitovi/javascriptmvc/$JS_MVC.zip
sudo yum install -y unzip
sudo unzip -o $JS_MVC
sudo \cp -rf $JS_MVC/. $WEB_HOME/public/
# update squid conf
sudo rm /etc/squid/squid.conf
sudo cp $COMPASSDIR/misc/squid/squid.conf /etc/squid/
sudo sed -i "/acl localnet src 10.0.0.0/i\acl localnet src $SUBNET" /etc/squid/squid.conf
sudo chmod 644 /etc/squid/squid.conf
sudo mkdir -p /var/squid/cache
sudo chown -R squid:squid /var/squid
sudo service squid restart
# update /etc/resolv.conf
echo "DNS1=$ipaddr" >> /etc/sysconfig/network-scripts/ifcfg-$NIC
echo "DOMAIN=ods.com" >> /etc/sysconfig/network-scripts/ifcfg-$NIC
service network restart
# Install net-snmp
sudo yum install -y net-snmp-utils net-snmp net-snmp-python
if [ ! -d "/usr/local/share/snmp/" ]; then
sudo mkdir /usr/local/share/snmp/
fi
sudo cp -rf $COMPASSDIR/mibs /usr/local/share/snmp/
sudo cat >> /etc/snmp/snmp.conf <<EOF
mibdirs +/usr/local/share/snmp/mibs
EOF
# update cobbler config
sudo cp -r /var/lib/cobbler/snippets /root/backup/cobbler/
sudo cp -r /var/lib/cobbler/kickstarts/ /root/backup/cobbler/
sudo rm -rf /var/lib/cobbler/snippets/*
sudo cp -r $ADAPTER_HOME/cobbler/snippets/* /var/lib/cobbler/snippets/
sudo cp -rf /etc/chef-server/chef-validator.pem /var/lib/cobbler/snippets/chef-validator.pem
sudo chmod 777 /var/lib/cobbler/snippets
sudo chmod 666 /var/lib/cobbler/snippets/*
sudo rm /var/lib/cobbler/kickstarts/default.ks
sudo cp -r $ADAPTER_HOME/cobbler/kickstarts/default.ks /var/lib/cobbler/kickstarts/
sudo chmod 666 /var/lib/cobbler/kickstarts/default.ks
# update chef config
sudo mkdir -p /var/chef/cookbooks/
sudo mkdir -p /var/chef/databags/
sudo mkdir -p /var/chef/roles/
sudo cp -r $ADAPTER_HOME/chef/cookbooks/* /var/chef/cookbooks/
sudo cp -r $ADAPTER_HOME/chef/databags/* /var/chef/databags/
sudo cp -r $ADAPTER_HOME/chef/roles/* /var/chef/roles/
# Move files to their respective locations # Move files to their respective locations
mkdir -p /etc/compass mkdir -p /etc/compass
mkdir -p /opt/compass/bin mkdir -p /opt/compass/bin
@ -119,44 +7,64 @@ mkdir -p /var/log/compass
mkdir -p /opt/compass/db mkdir -p /opt/compass/db
mkdir -p /var/www/compass mkdir -p /var/www/compass
sudo \cp -rf $COMPASSDIR/misc/apache/ods-server /etc/httpd/conf.d/ods-server.conf sudo cp -rf $COMPASSDIR/misc/apache/ods-server /etc/httpd/conf.d/ods-server.conf
sudo \cp -rf $COMPASSDIR/misc/apache/compass.wsgi /var/www/compass/compass.wsgi sudo cp -rf $COMPASSDIR/misc/apache/compass.wsgi /var/www/compass/compass.wsgi
sudo \cp -rf $COMPASSDIR/conf/celeryconfig /etc/compass/ sudo cp -rf $COMPASSDIR/conf/celeryconfig /etc/compass/
sudo \cp -rf $COMPASSDIR/conf/global_config /etc/compass/ sudo cp -rf $COMPASSDIR/conf/global_config /etc/compass/
sudo \cp -rf $COMPASSDIR/conf/setting /etc/compass/ sudo cp -rf $COMPASSDIR/conf/setting /etc/compass/
sudo \cp -rf $COMPASSDIR/conf/compassd /etc/init.d/ sudo cp -rf $COMPASSDIR/conf/compassd /etc/init.d/
sudo \cp -rf $COMPASSDIR/bin/*.py /opt/compass/bin/ sudo cp -rf $COMPASSDIR/bin/*.py /opt/compass/bin/
sudo \cp -rf $COMPASSDIR/bin/*.sh /opt/compass/bin/ sudo cp -rf $COMPASSDIR/bin/*.sh /opt/compass/bin/
sudo \cp -rf $COMPASSDIR/bin/compass /usr/bin/ sudo cp -rf $COMPASSDIR/bin/compass /usr/bin/
sudo \cp -rf $COMPASSDIR/bin/chef/* /opt/compass/bin/ sudo cp -rf $COMPASSDIR/bin/chef/* /opt/compass/bin/
sudo \cp -rf $COMPASSDIR/conf/compassd /usr/bin/ sudo cp -rf $COMPASSDIR/conf/compassd /usr/bin/
sudo \cp -rf $WEB_HOME/public/* /var/www/compass_web/ sudo cp -rf $WEB_HOME/public/* /var/www/compass_web/
sudo chmod +x /etc/init.d/compassd
sudo chmod +x /usr/bin/compassd
sudo chkconfig compassd on sudo chkconfig compassd on
sudo chmod +x /opt/compass/bin/addcookbooks.py
sudo chmod +x /opt/compass/bin/adddatabags.py
sudo chmod +x /opt/compass/bin/addroles.py
/opt/compass/bin/addcookbooks.py
/opt/compass/bin/adddatabags.py
/opt/compass/bin/addroles.py
# setup ods server # setup ods server
sudo yum -y install openssl if [ ! -f /usr/lib64/libcrypto.so ]; then
sudo yum -y install openssl098e sudo cp -rf /usr/lib64/libcrypto.so.6 /usr/lib64/libcrypto.so
sudo cp -r /usr/lib64/libcrypto.so.6 /usr/lib64/libcrypto.so fi
sudo chmod -R 777 /opt/compass/db sudo chmod -R 777 /opt/compass/db
sudo chmod -R 777 /var/log/compass sudo chmod -R 777 /var/log/compass
sudo echo "export C_FORCE_ROOT=1" > /etc/profile.d/celery_env.sh sudo echo "export C_FORCE_ROOT=1" > /etc/profile.d/celery_env.sh
sudo chmod +x /etc/profile.d/celery_env.sh sudo chmod +x /etc/profile.d/celery_env.sh
sudo service httpd restart
cd $COMPASSDIR cd $COMPASSDIR
sudo python setup.py install sudo python setup.py install
if [[ "$?" != "0" ]]; then
echo "failed to install compass package"
exit 1
else
echo "compass package is installed"
fi
sudo sed -i "/COBBLER_INSTALLER_URL/c\COBBLER_INSTALLER_URL = 'http:\/\/$ipaddr/cobbler_api'" /etc/compass/setting sudo sed -i "/COBBLER_INSTALLER_URL/c\COBBLER_INSTALLER_URL = 'http:\/\/$ipaddr/cobbler_api'" /etc/compass/setting
sudo sed -i "/CHEF_INSTALLER_URL/c\CHEF_INSTALLER_URL = 'https:\/\/$ipaddr/'" /etc/compass/setting sudo sed -i "/CHEF_INSTALLER_URL/c\CHEF_INSTALLER_URL = 'https:\/\/$ipaddr/'" /etc/compass/setting
sudo sh /opt/compass/bin/refresh.sh --init
figlet -ctf slant Installation Complete! # add cookbooks, databags and roles
sudo /opt/compass/bin/addcookbooks.py --cookbooks_dir=$ADAPTER_HOME/chef/cookbooks
sudo /opt/compass/bin/adddatabags.py --databags_dir=$ADAPTER_HOME/chef/databags
sudo /opt/compass/bin/addroles.py --roles_dir=$ADAPTER_HOME/chef/roles
# copy the chef validatation keys to cobbler snippets
sudo cp -rf /etc/chef-server/chef-validator.pem /var/lib/cobbler/snippets/chef-validator.pem
sudo sh /opt/compass/bin/refresh.sh
sudo service httpd status
if [[ "$?" != "0" ]]; then
echo "httpd is not started"
exit 1
else
echo "httpd has already started"
fi
sudo service compassd status
if [[ "$?" != "0" ]]; then
echo "compassd is not started"
exit 1
else
echo "compassd has already started"
fi

View File

@ -2,10 +2,23 @@
echo 'Installing Required packages for Compass...' echo 'Installing Required packages for Compass...'
sudo yum install -y rsyslog ntp iproute openssh-clients python git wget python-setuptools python-netaddr python-flask python-flask-sqlalchemy python-amqplib amqp python-paramiko python-mock mod_wsgi httpd squid dhcp bind rsync yum-utils xinetd tftp-server gcc net-snmp-utils net-snmp python-daemon sudo yum install -y rsyslog logrotate ntp iproute openssh-clients python git wget python-setuptools python-netaddr python-flask python-flask-sqlalchemy python-amqplib amqp python-paramiko python-mock mod_wsgi httpd squid dhcp bind rsync yum-utils xinetd tftp-server gcc net-snmp-utils net-snmp net-snmp-python python-daemon unzip openssl openssl098e
if [[ "$?" != "0" ]]; then
echo "failed to install yum dependency"
exit 1
fi
sudo easy_install pip==1.2.1 sudo easy_install pip==1.2.1
if [[ "$?" != "0" ]]; then
echo "failed to install easy install"
exit 1
fi
sudo pip install flask-script flask-restful Celery six discover unittest2 pychef requests sudo pip install flask-script flask-restful Celery six discover unittest2 pychef requests
if [[ "$?" != "0" ]]; then
echo "failed to install pip packages"
exit 1
fi
sudo chkconfig httpd on sudo chkconfig httpd on
sudo chkconfig squid on sudo chkconfig squid on

View File

@ -3,53 +3,54 @@
##################################### #####################################
# OS_INSTALLER indicates the tool for OS provisioning, default is 'cobbler'. # OS_INSTALLER indicates the tool for OS provisioning, default is 'cobbler'.
export OS_INSTALLER=cobbler export OS_INSTALLER=${OS_INSTALLER:-cobbler}
# PACKAGE_INSTALLER indicates the tool for Package provisioning, default is 'chef'. # PACKAGE_INSTALLER indicates the tool for Package provisioning, default is 'chef'.
export PACKAGE_INSTALLER=chef export PACKAGE_INSTALLER=${PACKAGE_INSTALLER:-chef}
# service NIC # service NIC
export NIC= export NIC=${NIC:-}
# DHCP config # DHCP config
# SUBNET variable specifies the subnet for DHCP server. Example: 192.168.0.0/16 # SUBNET variable specifies the subnet for DHCP server. Example: 192.168.0.0/16
export SUBNET= export SUBNET=${SUBNET:-}
# DHCP option router address(Default is your management interface IP address )" # DHCP option router address(Default is your management interface IP address )"
export OPTION_ROUTER= export OPTION_ROUTER=${OPTION_ROUTER:-}
# The IP range for DHCP clients (Default: local subnet start from 100 to 254) # The IP range for DHCP clients (Default: local subnet start from 100 to 254)
IP_RANGE= export IP_RANGE=${IP_RANGE:-}
# TFTP server's IP address(Default: Management Interface/eth0 IP) # TFTP server's IP address(Default: Management Interface/eth0 IP)
export NEXTSERVER= export NEXTSERVER=${NEXTSERVER:-}
# the domains covered by nameserver # the domains covered by nameserver
export NAMESERVER_DOMAINS= export NAMESERVER_DOMAINS=${NAMESERVER_DOMAINS:-}
export REPO_URL="https://github.com" export REPO_URL=${REPO_URL:-"https://github.com"}
# set the default cobbler user "cobbler" password, if not set, the default will be cobbler/cobbler # set the default cobbler user "cobbler" password, if not set, the default will be cobbler/cobbler
CBLR_USER= export CBLR_USER=${CBLR_USER:-}
CBLR_PASSWD= export CBLR_PASSWD=${CBLR_PASSWD:-}
# IMAGE_SOURCE is where you host your CentOS image export IMAGE_TYPE=${IMAGE_TYPE:-"CentOS"}
#export IMAGE_SOURCE=http://12.234.32.58/software/OS/centos/centos6.4/CentOS-6.4-x86_64-minimal.iso export IMAGE_VERSION_MAJOR=${IMAGE_VERSION_MAJOR:-"6"}
export IMAGE_SOURCE=http://mirror.rackspace.com/CentOS/6/isos/x86_64/CentOS-6.5-x86_64-minimal.iso export IMAGE_VERSION_MINOR=${IMAGE_VERSION_MINOR:-"5"}
IMAGE_NAME=$(echo $IMAGE_SOURCE |rev|cut -d '/' -f1|rev) export IMAGE_VERSION=${IMAGE_VERSION:-"${IMAGE_VERSION_MAJOR}.${IMAGE_VERSION_MINOR}"}
export IMAGE_NAME=${IMAGE_NAME/.iso/''} export IMAGE_NAME=${IMAGE_NAME:-"${IMAGE_TYPE}-${IMAGE_VERSION}"}
export COBBLER_PASSWORD=cobbler export IMAGE_ARCH=${IMAGE_ARCH:-"x86_64"}
export IMAGE_SOURCE=${IMAGE_SOURCE:-"http://mirror.rackspace.com/${IMAGE_TYPE}/${IMAGE_VERSION_MAJOR}/isos/${IMAGE_ARCH}/${IMAGE_TYPE}-${IMAGE_VERSION}-${IMAGE_ARCH}-minimal.iso"}
export COBBLER_PASSWORD=${COBBLER_PASSWORD:-"cobbler"}
# Currently the use of Javascript MVC is set to version 3.2.4 # Currently the use of Javascript MVC is set to version 3.2.4
export JS_MVC=javascriptmvc-3.2.4 export JS_MVC=${JS_MVC:-"javascriptmvc-3.2.4"}
# set the chef packages download path # set the chef packages download path
export CHEF_SRV=http://opscode-omnibus-packages.s3.amazonaws.com/el/6/x86_64/chef-server-11.0.8-1.el6.x86_64.rpm export CHEF_SRV=${CHEF_SRV:-"http://opscode-omnibus-packages.s3.amazonaws.com/el/${IMAGE_VERSION_MAJOR}/${IMAGE_ARCH}/chef-server-11.0.8-1.el6.${IMAGE_ARCH}.rpm"}
# Set Chef password for Chef web UI # Set Chef password for Chef web UI
export CHEF_PASSWD=root1234 export CHEF_PASSWD=${CHEF_PASSWD:-"root1234"}
# Set Compass-web and Compass-adpater variables # Set Compass-web and Compass-adpater variables
WEB_HOME= export WEB_HOME=${WEB_HOME:='/tmp/web'}
ADAPTER_HOME= export ADAPTER_HOME=${ADAPTER_HOME:-'/tmp/adapter'}
export WEB_SOURCE=${WEB_SOURCE:-}
if [[ -n $source ]] && [ $source = "local" ];then export ADAPTER_SOURCE=${ADAPTER_SOURCE:-}
export WEB_SOURCE=${DIR}/../web export SCRIPT_DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
export ADAPTER_SOURCE=${DIR}/../misc export COMPASSDIR=${SCRIPT_DIR}/..
fi

View File

@ -29,7 +29,14 @@ DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
echo 0 > /selinux/enforce echo 0 > /selinux/enforce
### Add epel repo ### Add epel repo
sudo rpm -q epel-release-6-8
if [ "$?" != "0" ]; then
sudo rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm >& /dev/null sudo rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm >& /dev/null
if [ "$?" != "0" ]; then
echo "failed to install epel"
exit 1
fi
fi
sed -i 's/^mirrorlist=https/mirrorlist=http/g' /etc/yum.repos.d/epel.repo sed -i 's/^mirrorlist=https/mirrorlist=http/g' /etc/yum.repos.d/epel.repo
### Trap any error code with related filename and line. ### Trap any error code with related filename and line.
@ -39,7 +46,9 @@ errtrap()
echo "[FILE: "$(basename $FILE)", LINE: $1] Error: Command or function exited with status $2" echo "[FILE: "$(basename $FILE)", LINE: $1] Error: Command or function exited with status $2"
} }
if [[ "$-" == *x* ]]; then
trap 'errtrap $LINENO $?' ERR trap 'errtrap $LINENO $?' ERR
fi
# Install figlet # Install figlet
sudo yum -y install figlet >& /dev/null sudo yum -y install figlet >& /dev/null
@ -56,15 +65,13 @@ done
# Load variables # Load variables
source $DIR/install.conf source $DIR/install.conf
echo $WEB_SOURCE
echo $ADAPTER_SOURCE
loadvars() loadvars()
{ {
varname=${1,,} varname=${1,,}
eval var=\$$(echo $1) eval var=\$$(echo $1)
if [[ -z $var ]]; then if [[ -z $var ]]; then
echo -e "\x1b[32mPlease enter the DHCP $varname (Example: $2):\x1b[37m" echo -e "\x1b[32mPlease enter the $varname (Example: $2):\x1b[37m"
while read input while read input
do do
if [ "$input" == "" ]; then if [ "$input" == "" ]; then
@ -72,14 +79,11 @@ loadvars()
export $(echo $1)="$2" export $(echo $1)="$2"
break break
else else
if [[ ( "$input" != *.* ) && ( "$1" != "NIC" ) ]]; then if [ "$1" == "NIC" ]; then
echo "I really expect IP addresses"
exit
elif [ "$1" == "NIC" ]; then
sudo ip addr |grep $input >& /dev/null sudo ip addr |grep $input >& /dev/null
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
echo "There is not any IP address assigned to the NIC '$input' yet, please assign an IP address first." echo "There is not any IP address assigned to the NIC '$input' yet, please assign an IP address first."
exit exit 1
fi fi
fi fi
echo "You have entered $input" echo "You have entered $input"
@ -100,17 +104,31 @@ loadvars OPTION_ROUTER $(route -n | grep '^0.0.0.0' | xargs | cut -d ' ' -f 2)
loadvars IP_RANGE "$range" loadvars IP_RANGE "$range"
loadvars NEXTSERVER $ipaddr loadvars NEXTSERVER $ipaddr
loadvars NAMESERVER_DOMAINS "ods.com" loadvars NAMESERVER_DOMAINS "ods.com"
if [[ -n $source ]] && [ $source = "local" ];then
loadvars WEB_SOURCE ${COMPASSDIR}/../web
loadvars ADAPTER_SOURCE ${COMPASSDIR}/../misc
else
loadvars WEB_SOURCE $REPO_URL'/stackforge/compass-web'
loadvars ADAPTER_SOURCE $REPO_URL'/stackforge/compass-adapters'
fi
echo "script dir: $SCRIPT_DIR"
echo "compass dir is $COMPASSDIR"
echo "Install the Dependencies" echo "Install the Dependencies"
source $DIR/dependency.sh source ${COMPASSDIR}/install/dependency.sh
echo "Prepare the Installation"
source ${COMPASSDIR}/install/prepare.sh
echo "Install the OS Installer Tool" echo "Install the OS Installer Tool"
source $DIR/$OS_INSTALLER.sh source ${COMPASSDIR}/install/$OS_INSTALLER.sh
echo "Install the Package Installer Tool" echo "Install the Package Installer Tool"
source $DIR/$PACKAGE_INSTALLER.sh source ${COMPASSDIR}/install/$PACKAGE_INSTALLER.sh
echo "Download and Setup Compass and related services" echo "Download and Setup Compass and related services"
source $DIR/compass.sh source ${COMPASSDIR}/install/compass.sh
figlet -ctf slant Installation Complete!
echo -e "It takes\x1b[32m $SECONDS \x1b[0mseconds during the installation." echo -e "It takes\x1b[32m $SECONDS \x1b[0mseconds during the installation."

140
install/prepare.sh Executable file
View File

@ -0,0 +1,140 @@
#!/bin/bash
#
copygit2dir()
{
repo=$1
destdir=$2
if [ -d $destdir ];then
echo "$destdir exists"
cd $destdir
git remote set-url origin $repo
git remote update
git reset --hard
git clean -x -f
git checkout master
git reset --hard remotes/origin/master
if [[ -n "$GERRIT_REFSPEC" ]];then
git fetch origin $GERRIT_REFSPEC && git checkout FETCH_HEAD
fi
git clean -x -f
else
echo "create $destdir"
mkdir -p $destdir
git clone $repo $destdir
if [[ -n "$GERRIT_REFSPEC" ]];then
# project=$(echo $repo|rev|cut -d '/' -f 1|rev)
cd $destdir
git fetch $repo $GERRIT_REFSPEC && git checkout FETCH_HEAD
fi
fi
cd $SCRIPT_DIR
}
copylocal2dir()
{
repo=$1
destdir=$2
if [ -d $destdir ];then
echo "$destdir exists"
else
mkdir -p $destdir
fi
sudo cp -rf $repo/* $destdir
}
cd $SCRIPT_DIR
if [ "$source" != "local" ]; then
copygit2dir $WEB_SOURCE $WEB_HOME
copygit2dir $ADAPTER_SOURCE $ADAPTER_HOME
else
copylocal2dir $WEB_SOURCE $WEB_HOME
copylocal2dir $ADAPTER_SOURCE $ADAPTER_HOME
fi
# install js mvc package
wget -c --progress=bar:force -O /tmp/$JS_MVC.zip http://github.com/downloads/bitovi/javascriptmvc/$JS_MVC.zip
if [[ "$?" != "0" ]]; then
echo "failed to download $JS_MVC"
exit 1
else
echo "successfully download $JS_MVC"
fi
if [ -d /tmp/$JS_MVC ]; then
echo "/tmp/$JS_MVC is already unzipped"
else
sudo unzip -o /tmp/$JS_MVC.zip -d /tmp/
fi
sudo cp -rf /tmp/$JS_MVC/. $WEB_HOME/public/
# Create backup dir
sudo mkdir -p /root/backup
# update /etc/hosts
sudo cp -rn /etc/hosts /root/backup/hosts
sudo rm -f /etc/hosts
sudo cp -rf $COMPASSDIR/misc/hosts /etc/hosts
sudo sed -i "s/\$ipaddr \$hostname/$ipaddr $HOSTNAME/g" /etc/hosts
sudo chmod 644 /etc/hosts
# update rsyslog
sudo cp -rn /etc/rsyslog.conf /root/backup/
sudo rm -f /etc/rsyslog.conf
sudo cp -rf $COMPASSDIR/misc/rsyslog/rsyslog.conf /etc/rsyslog.conf
sudo chmod 644 /etc/rsyslog.conf
sudo service rsyslog restart
sudo service rsyslog status
if [[ "$?" != "0" ]]; then
echo "rsyslog is not started"
exit 1
else
echo "rsyslog conf is updated"
fi
# update logrotate.d
sudo cp -rn /etc/logrotate.d /root/backup/
rm -f /etc/logrotate.d/*
sudo cp -rf $COMPASSDIR/misc/logrotate.d/* /etc/logrotate.d/
sudo chmod 644 /etc/logrotate.d/*
# update ntp conf
sudo cp -rn /etc/ntp.conf /root/backup/
sudo rm -f /etc/ntp.conf
sudo cp -rf $COMPASSDIR/misc/ntp/ntp.conf /etc/ntp.conf
sudo chmod 644 /etc/ntp.conf
sudo service ntpd stop
sudo ntpdate 0.centos.pool.ntp.org
sudo service ntpd start
sudo service ntpd status
if [[ "$?" != "0" ]]; then
echo "ntp is not started"
exit 1
else
echo "ntp conf is updated"
fi
# update squid conf
sudo cp -rn /etc/squid/squid.conf /root/backup/
sudo rm -f /etc/squid/squid.conf
sudo cp $COMPASSDIR/misc/squid/squid.conf /etc/squid/
subnet_escaped=$(echo $SUBNET | sed -e 's/[\/&]/\\&/g')
sudo sed -i "s/acl localnet src \$subnet/acl localnet src $subnet_escaped/g" /etc/squid/squid.conf
sudo chmod 644 /etc/squid/squid.conf
sudo mkdir -p /var/squid/cache
sudo chown -R squid:squid /var/squid
sudo service squid restart
sudo service squid status
if [[ "$?" != "0" ]]; then
echo "squid is not started"
exit 1
else
echo "squid conf is updated"
fi
# Install net-snmp
sudo cp -rn /etc/snmp/snmp.conf /root/backup/
sudo mkdir -p /usr/local/share/snmp/
sudo cp -rf $COMPASSDIR/mibs /usr/local/share/snmp/
sudo rm -f /etc/snmp/snmp.conf
sudo cp -rf $COMPASSDIR/misc/snmp/snmp.conf /etc/snmp/snmp.conf
sudo chmod 644 /etc/snmp/snmp.conf

View File

@ -0,0 +1,10 @@
# This configuration file enables the cobbler web
# interface (django version)
# Force everything to go to https
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} ^/cobbler_web
# RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
WSGIScriptAlias /cobbler_web /usr/share/cobbler/web/cobbler.wsgi

222
misc/apache/ssl.conf Normal file
View File

@ -0,0 +1,222 @@
#
# This is the Apache server configuration file providing SSL support.
# It contains the configuration directives to instruct the server how to
# serve pages over an https connection. For detailing information about these
# directives see <URL:http://httpd.apache.org/docs/2.2/mod/mod_ssl.html>
#
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
#
LoadModule ssl_module modules/mod_ssl.so
#
# When we also provide SSL we have to listen to the
# the HTTPS port in addition.
#
Listen 445
##
## SSL Global Context
##
## All SSL configuration in this context applies both to
## the main server and all SSL-enabled virtual hosts.
##
# Pass Phrase Dialog:
# Configure the pass phrase gathering process.
# The filtering dialog program (`builtin' is a internal
# terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog builtin
# Inter-Process Session Cache:
# Configure the SSL Session Cache: First the mechanism
# to use and second the expiring timeout (in seconds).
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
# Semaphore:
# Configure the path to the mutual exclusion semaphore the
# SSL engine uses internally for inter-process synchronization.
SSLMutex default
# Pseudo Random Number Generator (PRNG):
# Configure one or more sources to seed the PRNG of the
# SSL library. The seed data should be of good random quality.
# WARNING! On some platforms /dev/random blocks if not enough entropy
# is available. This means you then cannot use the /dev/random device
# because it would lead to very long connection times (as long as
# it requires to make more entropy available). But usually those
# platforms additionally provide a /dev/urandom device which doesn't
# block. So, if available, use this one instead. Read the mod_ssl User
# Manual for more details.
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random 512
#SSLRandomSeed connect file:/dev/random 512
#SSLRandomSeed connect file:/dev/urandom 512
#
# Use "SSLCryptoDevice" to enable any supported hardware
# accelerators. Use "openssl engine -v" to list supported
# engine names. NOTE: If you enable an accelerator and the
# server does not start, consult the error logs and ensure
# your accelerator is functioning properly.
#
SSLCryptoDevice builtin
#SSLCryptoDevice ubsec
##
## SSL Virtual Host Context
##
<VirtualHost _default_:445>
# General setup for the virtual host, inherited from global configuration
#DocumentRoot "/var/www/html"
#ServerName www.example.com:443
# Use separate log files for the SSL virtual host; note that LogLevel
# is not inherited from httpd.conf.
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# SSL Protocol support:
# List the enable protocol levels with which clients will be able to
# connect. Disable SSLv2 access by default:
SSLProtocol all -SSLv2
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. A new
# certificate can be generated using the genkey(1) command.
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convinience.
#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
# certificates for client authentication or alternatively one
# huge file containing all of them (file must be PEM encoded)
#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
# Client Authentication (Type):
# Client certificate verification type and depth. Types are
# none, optional, require and optional_no_ca. Depth is a
# number which specifies how deeply to verify the certificate
# issuer chain before deciding the certificate is not valid.
#SSLVerifyClient require
#SSLVerifyDepth 10
# Access Control:
# With SSLRequire you can do per-directory access control based
# on arbitrary complex boolean expressions containing server
# variable checks and other lookup directives. The syntax is a
# mixture between C and Perl. See the mod_ssl documentation
# for more details.
#<Location />
#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#</Location>
# SSL Engine Options:
# Set various options for the SSL engine.
# o FakeBasicAuth:
# Translate the client X.509 into a Basic Authorisation. This means that
# the standard Auth/DBMAuth methods can be used for access control. The
# user name is the `one line' version of the client's X.509 certificate.
# Note that no password is obtained from the user. Every entry in the user
# file needs this password: `xxj31ZMTZzkVA'.
# o ExportCertData:
# This exports two additional environment variables: SSL_CLIENT_CERT and
# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
# server (always existing) and the client (only existing when client
# authentication is used). This can be used to import the certificates
# into CGI scripts.
# o StdEnvVars:
# This exports the standard SSL/TLS related `SSL_*' environment variables.
# Per default this exportation is switched off for performance reasons,
# because the extraction step is an expensive operation and is usually
# useless for serving static content. So one usually enables the
# exportation for CGI and SSI requests only.
# o StrictRequire:
# This denies access when "SSLRequireSSL" or "SSLRequire" applied even
# under a "Satisfy any" situation, i.e. when it applies access is denied
# and no other module can change it.
# o OptRenegotiate:
# This enables optimized SSL connection renegotiation handling when SSL
# directives are used in per-directory context.
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
# SSL Protocol Adjustments:
# The safe and default but still SSL/TLS standard compliant shutdown
# approach is that mod_ssl sends the close notify alert but doesn't wait for
# the close notify alert from client. When you need a different shutdown
# approach you can use one of the following variables:
# o ssl-unclean-shutdown:
# This forces an unclean shutdown when the connection is closed, i.e. no
# SSL close notify alert is send or allowed to received. This violates
# the SSL/TLS standard but is needed for some brain-dead browsers. Use
# this when you receive I/O errors because of the standard approach where
# mod_ssl sends the close notify alert.
# o ssl-accurate-shutdown:
# This forces an accurate shutdown when the connection is closed, i.e. a
# SSL close notify alert is send and mod_ssl waits for the close notify
# alert of the client. This is 100% SSL/TLS standard compliant, but in
# practice often causes hanging connections with brain-dead browsers. Use
# this only for browsers where you know that their SSL implementation
# works correctly.
# Notice: Most problems of broken clients are also related to the HTTP
# keep-alive facility, so you usually additionally want to disable
# keep-alive for those clients, too. Use variable "nokeepalive" for this.
# Similarly, one has to force some clients to use HTTP/1.0 to workaround
# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
# "force-response-1.0" for this.
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# Per-Server Logging:
# The home of a custom SSL log file. Use this when you want a
# compact non-error SSL logfile on a virtual host basis.
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>

View File

@ -0,0 +1,4 @@
nginx['non_ssl_port'] = 8080
nginx['enable_non_ssl'] = true
nginx['ssl_port'] = 443
nginx['url'] = "https://#{node['fqdn']}"

3
misc/hosts Normal file
View File

@ -0,0 +1,3 @@
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
$ipaddr $hostname

9
misc/logrotate.d/httpd Normal file
View File

@ -0,0 +1,9 @@
/var/log/httpd/*log {
missingok
notifempty
sharedscripts
delaycompress
postrotate
/sbin/service httpd reload > /dev/null 2>/dev/null || true
endscript
}

9
misc/logrotate.d/ntp Normal file
View File

@ -0,0 +1,9 @@
/var/log/ntp.log {
missingok
notifempty
sharedscripts
delaycompress
postrotate
/sbin/service ntpd reload > /dev/null 2>/dev/null || true
endscript
}

9
misc/logrotate.d/squid Normal file
View File

@ -0,0 +1,9 @@
/var/log/squid/*log {
missingok
notifempty
sharedscripts
delaycompress
postrotate
/sbin/service squid reload > /dev/null 2>/dev/null || true
endscript
}

13
misc/logrotate.d/syslog Normal file
View File

@ -0,0 +1,13 @@
/var/log/cron
/var/log/maillog
/var/log/messages
/var/log/secure
/var/log/spooler
/var/log/dhcpd.log
/var/log/tftpd.log
{
sharedscripts
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
endscript
}

7
misc/logrotate.d/yum Normal file
View File

@ -0,0 +1,7 @@
/var/log/yum.log {
missingok
notifempty
size 30k
yearly
create 0600 root root
}

60
misc/ntp/ntp.conf Normal file
View File

@ -0,0 +1,60 @@
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
driftfile /var/lib/ntp/drift
logfile /var/log/ntp.log
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict -6 ::1
# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
#broadcast 192.168.1.255 autokey # broadcast server
#broadcastclient # broadcast client
#broadcast 224.0.1.1 autokey # multicast server
#multicastclient 224.0.1.1 # multicast client
#manycastserver 239.255.254.254 # manycast server
#manycastclient 239.255.254.254 autokey # manycast client
# Undisciplined Local Clock. This is a fake driver intended for backup
# and when no outside source of synchronized time is available.
server 127.127.1.0 # local clock
#fudge 127.127.1.0 stratum 10
# Enable public key cryptography.
#crypto
includefile /etc/ntp/crypto/pw
# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys
# Specify the key identifiers which are trusted.
#trustedkey 4 8 42
# Specify the key identifier to use with the ntpdc utility.
#requestkey 8
# Specify the key identifier to use with the ntpq utility.
#controlkey 8
# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats

94
misc/rsyslog/rsyslog.conf Normal file
View File

@ -0,0 +1,94 @@
# rsyslog v5 configuration file
# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html
#### MODULES ####
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog # provides kernel logging support (previously done by rklogd)
#$ModLoad immark # provides --MARK-- message capability
# Provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514
# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514
$WorkDirectory /var/lib/rsyslog
# Added for chef logfiles
$template Chef_log,"/var/log/cobbler/anamon/%hostname%/chef-client.log"
$template Raw, "%rawmsg%"
#### GLOBAL DIRECTIVES ####
# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# File syncing capability is disabled by default. This feature is usually not required,
# not useful and an extreme performance hit
#$ActionFileEnableSync on
# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf
#### RULES ####
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
syslog.*,daemon.* /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Log dhcpd
local6.* /var/log/dhcpd.log
# Log tftpd
local5.* /var/log/tftpd.log
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
local3.* -?Chef_log
# ### begin forwarding rule ###
# The statement between the begin ... end define a SINGLE forwarding
# rule. They belong together, do NOT split them. If you create multiple
# forwarding rules, duplicate the whole block!
# Remote Logging (we use TCP for reliable delivery)
#
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.
#$WorkDirectory /var/lib/rsyslog # where to place spool files
#$ActionQueueFileName fwdRule1 # unique name prefix for spool files
#$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
#$ActionQueueType LinkedList # run asynchronously
#$ActionResumeRetryCount -1 # infinite retries if host is down
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
#*.* @@remote-host:514
# ### end of the forwarding rule ###

1
misc/snmp/snmp.conf Normal file
View File

@ -0,0 +1 @@
mibdirs +/usr/local/share/snmp/mibs

View File

@ -8,6 +8,7 @@ acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
# Example rule allowing access from your local networks. # Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing # Adapt to list your (internal) IP networks from where browsing
# should be allowed # should be allowed
acl localnet src $subnet # the subnet of local network
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
@ -55,8 +56,7 @@ cache_dir aufs /var/squid/cache 25000 16 256
cache_store_log /var/log/squid/store.log cache_store_log /var/log/squid/store.log
logformat squid %tl %6tr %>a %Ss/%>Hs %<st %rm %ru %<A %mt %>h %<h access_log none
access_log /var/log/squid/access.log squid
vary_ignore_expire on vary_ignore_expire on
# Leave coredumps in the first cache dir # Leave coredumps in the first cache dir