make install script rerun and add logrotate support.
Change-Id: I84526351f9aa4882d498601ebe9681e622909516
This commit is contained in:
parent
7bb1a48246
commit
2beaa6421e
23
bin/chef/addcookbooks.py
Normal file → Executable file
23
bin/chef/addcookbooks.py
Normal file → Executable file
@ -1,10 +1,25 @@
|
|||||||
#!/usr/bin/env python
|
#!/usr/bin/env python
|
||||||
|
|
||||||
|
import logging
|
||||||
import os
|
import os
|
||||||
import os.path
|
import os.path
|
||||||
|
|
||||||
cookbooks = []
|
|
||||||
cookbook_dir = '/var/chef/cookbooks/'
|
from compass.utils import flags
|
||||||
cmd = "knife cookbook upload --all --cookbook-path %s" % cookbook_dir
|
from compass.utils import logsetting
|
||||||
os.system(cmd)
|
|
||||||
|
|
||||||
|
flags.add('cookbooks_dir',
|
||||||
|
help='chef cookbooks directory',
|
||||||
|
default='/var/chef/cookbooks')
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
flags.init()
|
||||||
|
logsetting.init()
|
||||||
|
cookbooks = []
|
||||||
|
cookbooks_dir = flags.OPTIONS.cookbooks_dir
|
||||||
|
logging.info('add cookbooks %s', cookbooks_dir)
|
||||||
|
cmd = "knife cookbook upload --all --cookbook-path %s" % cookbooks_dir
|
||||||
|
os.system(cmd)
|
||||||
|
|
||||||
|
42
bin/chef/adddatabags.py
Normal file → Executable file
42
bin/chef/adddatabags.py
Normal file → Executable file
@ -1,21 +1,37 @@
|
|||||||
#!/usr/bin/env python
|
#!/usr/bin/env python
|
||||||
|
|
||||||
|
import logging
|
||||||
import os
|
import os
|
||||||
import os.path
|
import os.path
|
||||||
|
|
||||||
databags = []
|
from compass.utils import flags
|
||||||
databag_dir = '/var/chef/databags'
|
from compass.utils import logsetting
|
||||||
for item in os.listdir(databag_dir):
|
|
||||||
databags.append(item)
|
|
||||||
|
|
||||||
for databag in databags:
|
|
||||||
cmd = "knife data bag create %s" % databag
|
|
||||||
os.system(cmd)
|
|
||||||
databag_items = []
|
|
||||||
databagitem_dir = os.path.join(databag_dir, databag)
|
|
||||||
for item in os.listdir(databagitem_dir):
|
|
||||||
databag_items.append(os.path.join(databagitem_dir, item))
|
|
||||||
|
|
||||||
for databag_item in databag_items:
|
flags.add('databags_dir',
|
||||||
cmd = 'knife data bag from file %s %s' % (databag, databag_item)
|
help='chef databags directory',
|
||||||
|
default='/var/chef/databags')
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
flags.init()
|
||||||
|
logsetting.init()
|
||||||
|
databags = []
|
||||||
|
databags_dir = flags.OPTIONS.databags_dir
|
||||||
|
for item in os.listdir(databags_dir):
|
||||||
|
databags.append(item)
|
||||||
|
|
||||||
|
for databag in databags:
|
||||||
|
logging.info('add databag %s', databag)
|
||||||
|
cmd = "knife data bag create %s" % databag
|
||||||
os.system(cmd)
|
os.system(cmd)
|
||||||
|
databag_items = []
|
||||||
|
databagitem_dir = os.path.join(databags_dir, databag)
|
||||||
|
for item in os.listdir(databagitem_dir):
|
||||||
|
databag_items.append(os.path.join(databagitem_dir, item))
|
||||||
|
|
||||||
|
for databag_item in databag_items:
|
||||||
|
logging.info('add databag item %s to databag %s',
|
||||||
|
databag_item, databag)
|
||||||
|
cmd = 'knife data bag from file %s %s' % (databag, databag_item)
|
||||||
|
os.system(cmd)
|
||||||
|
@ -1,15 +1,29 @@
|
|||||||
#!/usr/bin/env python
|
#!/usr/bin/env python
|
||||||
|
|
||||||
|
import logging
|
||||||
import os
|
import os
|
||||||
import os.path
|
import os.path
|
||||||
|
|
||||||
rolelist = []
|
from compass.utils import flags
|
||||||
role_dir = '/var/chef/roles'
|
from compass.utils import logsetting
|
||||||
for item in os.listdir(role_dir):
|
|
||||||
f = os.path.join(role_dir, item)
|
|
||||||
rolelist.append(f)
|
|
||||||
|
|
||||||
for role in rolelist:
|
|
||||||
cmd = "knife role from file %s" % role
|
|
||||||
os.system(cmd)
|
|
||||||
|
|
||||||
|
flags.add('roles_dir',
|
||||||
|
help='chef roles directory',
|
||||||
|
default='/var/chef/roles')
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
flags.init()
|
||||||
|
logsetting.init()
|
||||||
|
rolelist = []
|
||||||
|
roles_dir = flags.OPTIONS.roles_dir
|
||||||
|
|
||||||
|
for item in os.listdir(roles_dir):
|
||||||
|
role_file = os.path.join(roles_dir, item)
|
||||||
|
rolelist.append(role_file)
|
||||||
|
|
||||||
|
for role in rolelist:
|
||||||
|
logging.info('add role %s', role)
|
||||||
|
cmd = "knife role from file %s" % role
|
||||||
|
os.system(cmd)
|
||||||
|
@ -5,6 +5,7 @@ import os
|
|||||||
import os.path
|
import os.path
|
||||||
import re
|
import re
|
||||||
import shutil
|
import shutil
|
||||||
|
import sys
|
||||||
|
|
||||||
from flask.ext.script import Manager
|
from flask.ext.script import Manager
|
||||||
|
|
||||||
@ -69,9 +70,21 @@ def list_config():
|
|||||||
print key, value
|
print key, value
|
||||||
|
|
||||||
|
|
||||||
|
@app_manager.command
|
||||||
|
def checkdb():
|
||||||
|
"""check if db exists"""
|
||||||
|
if setting.DATABASE_TYPE == 'file':
|
||||||
|
if os.path.exists(setting.DATABASE_FILE):
|
||||||
|
sys.exit(0)
|
||||||
|
else:
|
||||||
|
sys.exit(1)
|
||||||
|
|
||||||
|
sys.exit(0)
|
||||||
|
|
||||||
|
|
||||||
@app_manager.command
|
@app_manager.command
|
||||||
def createdb():
|
def createdb():
|
||||||
"Creates database from sqlalchemy models"
|
"""Creates database from sqlalchemy models"""
|
||||||
if setting.DATABASE_TYPE == 'file':
|
if setting.DATABASE_TYPE == 'file':
|
||||||
if os.path.exists(setting.DATABASE_FILE):
|
if os.path.exists(setting.DATABASE_FILE):
|
||||||
os.remove(setting.DATABASE_FILE)
|
os.remove(setting.DATABASE_FILE)
|
||||||
@ -81,7 +94,7 @@ def createdb():
|
|||||||
|
|
||||||
@app_manager.command
|
@app_manager.command
|
||||||
def dropdb():
|
def dropdb():
|
||||||
"Drops database from sqlalchemy models"
|
"""Drops database from sqlalchemy models"""
|
||||||
database.drop_db()
|
database.drop_db()
|
||||||
|
|
||||||
|
|
||||||
@ -115,14 +128,17 @@ def sync_from_installers():
|
|||||||
roles_per_target_system = {}
|
roles_per_target_system = {}
|
||||||
for adapter in adapters:
|
for adapter in adapters:
|
||||||
target_systems.add(adapter['target_system'])
|
target_systems.add(adapter['target_system'])
|
||||||
|
|
||||||
for target_system in target_systems:
|
for target_system in target_systems:
|
||||||
roles_per_target_system[target_system] = manager.get_roles(
|
roles_per_target_system[target_system] = manager.get_roles(
|
||||||
target_system)
|
target_system)
|
||||||
|
|
||||||
with database.session() as session:
|
with database.session() as session:
|
||||||
session.query(Adapter).delete()
|
session.query(Adapter).delete()
|
||||||
session.query(Role).delete()
|
session.query(Role).delete()
|
||||||
for adapter in adapters:
|
for adapter in adapters:
|
||||||
session.add(Adapter(**adapter))
|
session.add(Adapter(**adapter))
|
||||||
|
|
||||||
for target_system, roles in roles_per_target_system.items():
|
for target_system, roles in roles_per_target_system.items():
|
||||||
for role in roles:
|
for role in roles:
|
||||||
session.add(Role(**role))
|
session.add(Role(**role))
|
||||||
|
@ -1,12 +1,6 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
let initial_run=0
|
/opt/compass/bin/manage_db.py checkdb
|
||||||
while [ $# -gt 0 ]; do
|
if [[ "$?" == "0" ]]; then
|
||||||
case "$1" in
|
|
||||||
-i|--init) let initial_run=1; shift ;;
|
|
||||||
*) shift ;;
|
|
||||||
esac
|
|
||||||
done
|
|
||||||
if [ $initial_run -eq 0 ]; then
|
|
||||||
/opt/compass/bin/manage_db.py clean_clusters
|
/opt/compass/bin/manage_db.py clean_clusters
|
||||||
fi
|
fi
|
||||||
/opt/compass/bin/manage_db.py createdb
|
/opt/compass/bin/manage_db.py createdb
|
||||||
|
@ -64,10 +64,7 @@ class DnsCheck(base.BaseCheck):
|
|||||||
if "listen-on port 53" in line and host_ip in line:
|
if "listen-on port 53" in line and host_ip in line:
|
||||||
VAR_MAP["match_port"] = True
|
VAR_MAP["match_port"] = True
|
||||||
if "allow-query" in line:
|
if "allow-query" in line:
|
||||||
for subnet in ["127.0.0.0/8",
|
for subnet in ["127.0.0.0/8"]:
|
||||||
"10.0.0.0/8",
|
|
||||||
"192.168.0.0/16",
|
|
||||||
"172.16.0.0/12"]:
|
|
||||||
if not subnet in line:
|
if not subnet in line:
|
||||||
missing_query.append(subnet)
|
missing_query.append(subnet)
|
||||||
f.close()
|
f.close()
|
||||||
|
@ -33,10 +33,14 @@ TO_CLUSTER_TRANSLATORS = {
|
|||||||
'/credential/mysql/image',
|
'/credential/mysql/image',
|
||||||
'/credential/mysql/metering',
|
'/credential/mysql/metering',
|
||||||
'/credential/mysql/network',
|
'/credential/mysql/network',
|
||||||
'/credential/mysql/super',
|
|
||||||
'/credential/mysql/volume',
|
'/credential/mysql/volume',
|
||||||
]
|
]
|
||||||
)],
|
)],
|
||||||
|
'/security/service_credentials/password': [KeyTranslator(
|
||||||
|
translated_keys=[
|
||||||
|
'/credential/mysql/super/password',
|
||||||
|
]
|
||||||
|
)],
|
||||||
'/networking/interfaces/management/nic': [KeyTranslator(
|
'/networking/interfaces/management/nic': [KeyTranslator(
|
||||||
translated_keys=['/networking/control/interface'],
|
translated_keys=['/networking/control/interface'],
|
||||||
)],
|
)],
|
||||||
|
@ -194,7 +194,7 @@ chef_EXPECTED = {
|
|||||||
'metering': {'username': 'service', 'password': 'huawei'},
|
'metering': {'username': 'service', 'password': 'huawei'},
|
||||||
'volume': {'username': 'service', 'password': 'huawei'},
|
'volume': {'username': 'service', 'password': 'huawei'},
|
||||||
'dashboard': {'username': 'service', 'password': 'huawei'},
|
'dashboard': {'username': 'service', 'password': 'huawei'},
|
||||||
'super': {'username': 'service', 'password': 'huawei'},
|
'super': {'password': 'huawei'},
|
||||||
'identity': {'username': 'service', 'password': 'huawei'}
|
'identity': {'username': 'service', 'password': 'huawei'}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
@ -244,7 +244,7 @@ chef_EXPECTED = {
|
|||||||
'metering': {'username': 'service', 'password': 'huawei'},
|
'metering': {'username': 'service', 'password': 'huawei'},
|
||||||
'volume': {'username': 'service', 'password': 'huawei'},
|
'volume': {'username': 'service', 'password': 'huawei'},
|
||||||
'dashboard': {'username': 'service', 'password': 'huawei'},
|
'dashboard': {'username': 'service', 'password': 'huawei'},
|
||||||
'super': {'username': 'service', 'password': 'huawei'},
|
'super': {'password': 'huawei'},
|
||||||
'identity': {'username': 'service', 'password': 'huawei'}
|
'identity': {'username': 'service', 'password': 'huawei'}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
@ -404,7 +404,7 @@ chef_EXPECTED = {
|
|||||||
'metering': {'username': 'service', 'password': 'huawei'},
|
'metering': {'username': 'service', 'password': 'huawei'},
|
||||||
'volume': {'username': 'service', 'password': 'huawei'},
|
'volume': {'username': 'service', 'password': 'huawei'},
|
||||||
'dashboard': {'username': 'service', 'password': 'huawei'},
|
'dashboard': {'username': 'service', 'password': 'huawei'},
|
||||||
'super': {'username': 'service', 'password': 'huawei'},
|
'super': {'password': 'huawei'},
|
||||||
'identity': {'username': 'service', 'password': 'huawei'}
|
'identity': {'username': 'service', 'password': 'huawei'}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
@ -474,7 +474,7 @@ chef_EXPECTED = {
|
|||||||
'metering': {'username': 'service', 'password': 'huawei'},
|
'metering': {'username': 'service', 'password': 'huawei'},
|
||||||
'volume': {'username': 'service', 'password': 'huawei'},
|
'volume': {'username': 'service', 'password': 'huawei'},
|
||||||
'dashboard': {'username': 'service', 'password': 'huawei'},
|
'dashboard': {'username': 'service', 'password': 'huawei'},
|
||||||
'super': {'username': 'service', 'password': 'huawei'},
|
'super': {'password': 'huawei'},
|
||||||
'identity': {'username': 'service', 'password': 'huawei'}
|
'identity': {'username': 'service', 'password': 'huawei'}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
@ -1,45 +1,60 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
#
|
||||||
|
|
||||||
##export ipaddr=$(ifconfig $NIC | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}')
|
# create backup dir
|
||||||
echo "$ipaddr $HOSTNAME" >> /etc/hosts
|
sudo mkdir -p /root/backup/chef
|
||||||
|
|
||||||
|
sudo rpm -q chef-server
|
||||||
|
if [[ "$?" != "0" ]]; then
|
||||||
sudo rpm -Uvh $CHEF_SRV
|
sudo rpm -Uvh $CHEF_SRV
|
||||||
|
if [[ "$?" != "0" ]]; then
|
||||||
# configure rsyslog
|
echo "failed to rpm install $CHEF_SRV"
|
||||||
cp /etc/rsyslog.conf /root/backup/
|
exit 1
|
||||||
# update rsyslog.conf
|
fi
|
||||||
sudo sed -i '
|
else
|
||||||
/#### GLOBAL DIRECTIVES ####/ i\
|
echo "chef-server has already installed"
|
||||||
\$WorkDirectory /var/lib/rsyslog\
|
fi
|
||||||
\
|
|
||||||
\# Added for chef logfiles\
|
|
||||||
\$template Chef_log,"/var/log/cobbler/anamon/%hostname%/chef-client.log"\
|
|
||||||
\$template Raw, "%rawmsg%"\
|
|
||||||
' /etc/rsyslog.conf
|
|
||||||
sudo sed -i '
|
|
||||||
/# ### begin forwarding rule ###/ i\
|
|
||||||
local3.* -?Chef_log\
|
|
||||||
' /etc/rsyslog.conf
|
|
||||||
sudo sed -i 's/^#$ModLoad[ \t]\+imtcp/$ModLoad imtcp/g' /etc/rsyslog.conf
|
|
||||||
sudo sed -i '/$InputTCPServerRun/c\$InputTCPServerRun 514' /etc/rsyslog.conf
|
|
||||||
sudo service rsyslog restart
|
|
||||||
|
|
||||||
# configure chef-server
|
# configure chef-server
|
||||||
sudo mkdir /root/backup/chef-server
|
sudo chef-server-ctl cleanse
|
||||||
sudo cp /opt/chef-server/embedded/conf/nginx.conf /root/backup/chef-server/
|
mkdir -p /etc/chef-server
|
||||||
sudo sed -i 's/listen\([ \t]\+\)80;/listen\18080;/g' /opt/chef-server/embedded/conf/nginx.conf
|
sudo cp -rn /etc/chef-server/chef-server.rb /root/backup/chef/
|
||||||
|
sudo rm -f /etc/chef-server/chef-server.rb
|
||||||
|
sudo cp -rf $COMPASSDIR/misc/chef-server/chef-server.rb /etc/chef-server/chef-server.rb
|
||||||
|
sudo chmod 644 /etc/chef-server/chef-server.rb
|
||||||
sudo chef-server-ctl reconfigure
|
sudo chef-server-ctl reconfigure
|
||||||
sudo cp /var/opt/chef-server/nginx/etc/nginx.conf /root/backup/chef-server/etc-nginx.conf
|
|
||||||
sudo sed -i 's/listen\([ \t]\+\)80;/listen\18080;/g' /var/opt/chef-server/nginx/etc/nginx.conf
|
|
||||||
sudo chef-server-ctl restart
|
|
||||||
sudo chef-server-ctl test
|
sudo chef-server-ctl test
|
||||||
|
if [[ "$?" != "0" ]]; then
|
||||||
|
echo "chef-server-ctl test failed"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
# configure chef client and knife
|
# configure chef client and knife
|
||||||
sudo curl -L http://www.opscode.com/chef/install.sh | sudo bash
|
rpm -q chef
|
||||||
|
if [[ "$?" != "0" ]]; then
|
||||||
|
sudo wget -c --progress=bar:force -O /tmp/chef_install.sh http://www.opscode.com/chef/install.sh
|
||||||
|
if [[ "$?" != "0" ]]; then
|
||||||
|
echo "failed to download chef install script"
|
||||||
|
exit 1
|
||||||
|
else
|
||||||
|
echo "chef install script is downloaded"
|
||||||
|
fi
|
||||||
|
sudo chmod 755 /tmp/chef_install.sh
|
||||||
|
sudo /tmp/chef_install.sh
|
||||||
|
if [[ "$?" != "0" ]]; then
|
||||||
|
echo "chef install failed"
|
||||||
|
exit 1
|
||||||
|
else
|
||||||
|
echo "chef is installed"
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
echo "chef has already installed"
|
||||||
|
fi
|
||||||
|
|
||||||
sudo mkdir ~/.chef
|
sudo mkdir -p ~/.chef
|
||||||
|
|
||||||
sudo knife configure -y -i --defaults -r ~/chef-repo -s https://localhost:443 -u $USER --admin-client-name admin --admin-client-key /etc/chef-server/admin.pem --validation-client-name chef-validator --validation-key /etc/chef-server/chef-validator.pem <<EOF
|
sudo knife configure -y -i --defaults -r ~/chef-repo -s https://localhost:443 -u $USER --admin-client-name admin --admin-client-key /etc/chef-server/admin.pem --validation-client-name chef-validator --validation-key /etc/chef-server/chef-validator.pem <<EOF
|
||||||
root1234
|
$CHEF_PASSWORD
|
||||||
EOF
|
EOF
|
||||||
sudo sed -i "/node_name/c\node_name \'admin\'" /$USER/.chef/knife.rb
|
sudo sed -i "/node_name/c\node_name \'admin\'" /$USER/.chef/knife.rb
|
||||||
sudo sed -i "/client_key/c\client_key \'\/etc\/chef-server\/admin.pem\'" /$USER/.chef/knife.rb
|
sudo sed -i "/client_key/c\client_key \'\/etc\/chef-server\/admin.pem\'" /$USER/.chef/knife.rb
|
||||||
|
@ -1,163 +1,287 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
#
|
||||||
|
|
||||||
echo "Installing cobbler related packages"
|
echo "Installing cobbler related packages"
|
||||||
sudo yum -y install cobbler cobbler-web createrepo mkisofs python-cheetah python-simplejson python-urlgrabber PyYAML Django cman debmirror pykickstart -y
|
sudo yum -y install cobbler cobbler-web createrepo mkisofs python-cheetah python-simplejson python-urlgrabber PyYAML Django cman debmirror pykickstart -y
|
||||||
|
if [[ "$?" != "0" ]]; then
|
||||||
|
echo "failed to install cobbler related packages"
|
||||||
|
exit 1
|
||||||
|
else
|
||||||
|
echo "cobbler related packages are installed"
|
||||||
|
fi
|
||||||
|
|
||||||
sudo chkconfig cobblerd on
|
sudo chkconfig cobblerd on
|
||||||
|
|
||||||
# create backup dir
|
# create backup dir
|
||||||
sudo mkdir /root/backup # create backup folder
|
sudo mkdir -p /root/backup/cobbler
|
||||||
|
|
||||||
# configure ntp
|
# update httpd conf
|
||||||
sudo cp /etc/ntp.conf /root/backup/
|
sudo cp -rn /etc/httpd/conf.d /root/backup/cobbler/
|
||||||
# update ntp.conf
|
sudo rm -f /etc/httpd/conf.d/cobbler_web.conf
|
||||||
sudo sed -i 's/^#server[ \t]\+127.127.1.0/server 127.127.1.0/g' /etc/ntp.conf
|
sudo cp -rf $COMPASSDIR/misc/apache/cobbler_web.conf /etc/httpd/conf.d/cobbler_web.conf
|
||||||
sudo service ntpd stop
|
chmod 644 /etc/httpd/conf.d/cobbler_web.conf
|
||||||
sudo ntpdate 0.centos.pool.ntp.org
|
sudo rm -rf /etc/httpd/conf.d/ssl.conf
|
||||||
sudo service ntpd start
|
sudo cp -rf $COMPASSDIR/misc/apache/ssl.conf /etc/httpd/conf.d/ssl.conf
|
||||||
|
chmod 644 /etc/httpd/conf.d/ssl.conf
|
||||||
|
|
||||||
# configure xinetd
|
# disable selinux
|
||||||
sudo cp /etc/xinetd.d/tftp /root/backup/
|
sudo mkdir -p /root/backup/selinux
|
||||||
sudo sed -i 's/disable\([ \t]\+\)=\([ \t]\+\)yes/disable\1=\2no/g' /etc/xinetd.d/tftp
|
sudo cp -rn /etc/selinux/config /root/backup/selinux/
|
||||||
sudo service xinetd restart
|
|
||||||
|
|
||||||
##export ipaddr=$(ifconfig $NIC | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}')
|
|
||||||
export cobbler_passwd=$(openssl passwd -1 -salt 'huawei' '123456')
|
|
||||||
|
|
||||||
# configure dhcpd
|
|
||||||
##SUBNET=${SUBNET:-$(ipcalc $(ip address| grep "global $NIC" |cut -f 6 -d ' ') -n|cut -f 2 -d '=')}
|
|
||||||
|
|
||||||
##OPTION_ROUTER=${OPTION_ROUTER:-$(ifconfig $NIC | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}')}
|
|
||||||
|
|
||||||
##IP_RANGE=${IP_RANGE:-$(echo "$(echo "$ipaddr"|cut -f 1 -d '.').$(echo "$ipaddr"|cut -f 2 -d '.').$(echo "$ipaddr"|cut -f 3 -d '.').100 $(echo "$ipaddr"|cut -f 1 -d '.').$(echo "$ipaddr"|cut -f 2 -d '.').$(echo "$ipaddr"|cut -f 3 -d '.').254")}
|
|
||||||
|
|
||||||
##NEXTSERVER=${NEXTSERVER:-$ipaddr}
|
|
||||||
|
|
||||||
sudo mkdir /root/backup/cobbler
|
|
||||||
sudo cp /etc/cobbler/settings /root/backup/cobbler/
|
|
||||||
sudo cp /etc/cobbler/dhcp.template /root/backup/cobbler/
|
|
||||||
|
|
||||||
# Dumps the variables to dhcp template
|
|
||||||
subnet=$(ipcalc $SUBNET -n |cut -f 2 -d '=')
|
|
||||||
sudo sed -i "s/subnet 192.168.1.0 netmask 255.255.255.0/subnet $subnet netmask $netmask/g" /etc/cobbler/dhcp.template
|
|
||||||
sudo sed -i "/option routers[ \t]\+[a-zA-Z0-9]\+.[a-zA-Z0-9]\+.[a-zA-Z0-9]\+.[a-zA-Z0-9]\+/c\ option routers $OPTION_ROUTER;" /etc/cobbler/dhcp.template
|
|
||||||
sudo sed -i "s/option subnet-mask[ \t]\+255.255.255.0/option subnet-mask $netmask/g" /etc/cobbler/dhcp.template
|
|
||||||
sudo sed -i "/option domain-name-servers/c\ option domain-name-servers $ipaddr;" /etc/cobbler/dhcp.template
|
|
||||||
sudo sed -i "/range dynamic-bootp/c\ range dynamic-bootp $IP_RANGE;" /etc/cobbler/dhcp.template
|
|
||||||
sudo sed -i 's/^\([ \t]*\).*fixed-address.*$/\1#pass/g' /etc/cobbler/dhcp.template
|
|
||||||
sudo sed -i "/allow bootp/a deny unknown-clients;\nlocal-address $ipaddr;" /etc/cobbler/dhcp.template
|
|
||||||
|
|
||||||
# Set up other setting options in cobbler/settings
|
|
||||||
sudo sed -i "/next_server/c\next_server: $NEXTSERVER" /etc/cobbler/settings
|
|
||||||
sudo sed -i "s/server:[ \t]\+127.0.0.1/server: $ipaddr/g" /etc/cobbler/settings
|
|
||||||
sudo sed -i 's/manage_dhcp:[ \t]\+0/manage_dhcp: 1/g' /etc/cobbler/settings
|
|
||||||
sudo sed -i 's/manage_dns:[ \t]\+0/manage_dns: 1/g' /etc/cobbler/settings
|
|
||||||
sudo sed -i 's/manage_tftpd:[ \t]\+0/manage_tftpd: 1/g' /etc/cobbler/settings
|
|
||||||
sudo sed -i 's/anamon_enabled:[ \t]\+0/anamon_enabled: 1/g' /etc/cobbler/settings
|
|
||||||
sudo sed -i "s/default_name_servers:.*/default_name_servers: \['$ipaddr'\]/g" /etc/cobbler/settings
|
|
||||||
sudo sed -i 's/enable_menu:[ \t]\+1/enable_menu: 0/g' /etc/cobbler/settings
|
|
||||||
domains=$(echo $NAMESERVER_DOMAINS | sed "s/,/','/g")
|
|
||||||
sudo sed -i "s/manage_forward_zones:.*/manage_forward_zones: \['$domains'\]/g" /etc/cobbler/settings
|
|
||||||
sudo sed -i 's/pxe_just_once:[ \t]\+0/pxe_just_once: 1/g' /etc/cobbler/settings
|
|
||||||
sudo sed -i "s,^default_password_crypted:[ \t]\+\"\(.*\)\",default_password_crypted: \"$cobbler_passwd\",g" /etc/cobbler/settings
|
|
||||||
sudo sed -i 's/^RewriteRule/# RewriteRule/g' /etc/httpd/conf.d/cobbler_web.conf
|
|
||||||
sudo sed -i 's/^Listen\([ \t]\+\)443/Listen\1445/g' /etc/httpd/conf.d/ssl.conf
|
|
||||||
sudo sed -i 's/^<VirtualHost\(.*\):443>/<VirtualHost\1:445>/g' /etc/httpd/conf.d/ssl.conf
|
|
||||||
|
|
||||||
|
|
||||||
sudo mkdir /root/backup/selinux
|
|
||||||
sudo cp /etc/selinux/config /root/backup/selinux/
|
|
||||||
sudo sed -i '/SELINUX/s/enforcing/disabled/' /etc/selinux/config
|
sudo sed -i '/SELINUX/s/enforcing/disabled/' /etc/selinux/config
|
||||||
|
|
||||||
sudo cp /etc/cobbler/modules.conf /root/backup/cobbler/
|
# update cobbler settings
|
||||||
sudo sed -i 's/module\([ \t]\+\)=\([ \t]\+\)authn_denyall/module\1=\2authn_configfile/g' /etc/cobbler/modules.conf
|
sudo cp -rn /etc/cobbler/settings /root/backup/cobbler/
|
||||||
|
sudo rm -f /etc/cobbler/settings
|
||||||
|
sudo cp -rf $ADAPTER_HOME/cobbler/conf/settings /etc/cobbler/settings
|
||||||
|
sudo sed -i "s/next_server:[ \t]*\$next_server/next_server: $NEXTSERVER/g" /etc/cobbler/settings
|
||||||
|
sudo sed -i "s/server:[ \t]*\$ipaddr/server: $ipaddr/g" /etc/cobbler/settings
|
||||||
|
sudo sed -i "s/default_name_servers:[ \t]*\['\$ipaddr'\]/default_name_servers: \['$ipaddr'\]/g" /etc/cobbler/settings
|
||||||
|
domains=$(echo $NAMESERVER_DOMAINS | sed "s/,/','/g")
|
||||||
|
sudo sed -i "s/manage_forward_zones:[ \t]*\[\]/manage_forward_zones: \['$domains'\]/g" /etc/cobbler/settings
|
||||||
|
export cobbler_passwd=$(openssl passwd -1 -salt 'huawei' '123456')
|
||||||
|
sudo sed -i "s,^default_password_crypted:[ \t]\+\"\(.*\)\",default_password_crypted: \"$cobbler_passwd\",g" /etc/cobbler/settings
|
||||||
|
sudo chmod 644 /etc/cobbler/settings
|
||||||
|
|
||||||
|
# update dhcp.template
|
||||||
|
sudo cp -rn /etc/cobbler/dhcp.template /root/backup/cobbler/
|
||||||
|
sudo rm -f /etc/cobbler/dhcp.template
|
||||||
|
sudo cp -rf $ADAPTER_HOME/cobbler/conf/dhcp.template /etc/cobbler/dhcp.template
|
||||||
|
subnet=$(ipcalc $SUBNET -n |cut -f 2 -d '=')
|
||||||
|
sudo sed -i "s/subnet \$subnet netmask \$netmask/subnet $subnet netmask $netmask/g" /etc/cobbler/dhcp.template
|
||||||
|
sudo sed -i "s/option routers \$gateway/option routers $OPTION_ROUTER/g" /etc/cobbler/dhcp.template
|
||||||
|
sudo sed -i "s/option subnet-mask \$netmask/option subnet-mask $netmask/g" /etc/cobbler/dhcp.template
|
||||||
|
sudo sed -i "s/option domain-name-servers \$ipaddr/option domain-name-servers $ipaddr/g" /etc/cobbler/dhcp.template
|
||||||
|
sudo sed -i "s/range dynamic-bootp \$ip_range/range dynamic-bootp $IP_RANGE/g" /etc/cobbler/dhcp.template
|
||||||
|
sudo sed -i "s/local-address \$ipaddr/local-address $ipaddr/g" /etc/cobbler/dhcp.template
|
||||||
|
sudo chmod 644 /etc/cobbler/dhcp.template
|
||||||
|
|
||||||
|
# update tftpd.template
|
||||||
|
sudo cp -rn /etc/cobbler/tftpd.template /root/backup/cobbler/
|
||||||
|
sudo rm -f /etc/cobbler/tftpd.template
|
||||||
|
sudo cp -rf $ADAPTER_HOME/cobbler/conf/tftpd.template /etc/cobbler/tftpd.template
|
||||||
|
sudo chmod 644 /etc/cobbler/tftpd.template
|
||||||
|
|
||||||
|
# update named.template
|
||||||
|
sudo cp -rn /etc/cobbler/named.template /root/backup/cobbler/
|
||||||
|
sudo rm -f /etc/cobbler/named.template
|
||||||
|
sudo cp -rf $ADAPTER_HOME/cobbler/conf/named.template /etc/cobbler/named.template
|
||||||
|
sudo sed -i "s/listen-on port 53 { \$ipaddr; }/listen-on port 53 \{ $ipaddr; \}/g" /etc/cobbler/named.template
|
||||||
|
subnet_escaped=$(echo $SUBNET | sed -e 's/[\/&]/\\&/g')
|
||||||
|
sudo sed -i "s/allow-query { 127.0.0.0\/8; \$subnet; }/allow-query \{ 127.0.0.0\/8; $subnet_escaped; \}/g" /etc/cobbler/named.template
|
||||||
|
sudo chmod 644 /etc/cobbler/named.template
|
||||||
|
|
||||||
|
# update zone.template
|
||||||
|
sudo cp -rn /etc/cobbler/zone.template /root/backup/cobbler/
|
||||||
|
sudo rm -f /etc/cobbler/zone.template
|
||||||
|
sudo cp -rf $ADAPTER_HOME/cobbler/conf/zone.template /etc/cobbler/zone.template
|
||||||
|
sudo sed -i "s/\$hostname IN A \$ipaddr/$HOSTNAME IN A $ipaddr/g" /etc/cobbler/zone.template
|
||||||
|
sudo chmod 644 /etc/cobbler/zone.template
|
||||||
|
|
||||||
|
# update modules.conf
|
||||||
|
sudo cp -rn /etc/cobbler/modules.conf /root/backup/cobbler/
|
||||||
|
sudo rm -f /etc/cobbler/modules.conf
|
||||||
|
sudo cp -rf $ADAPTER_HOME/cobbler/conf/modules.conf /etc/cobbler/modules.conf
|
||||||
|
sudo chmod 644 /etc/cobbler/modules.conf
|
||||||
|
|
||||||
echo "setting up cobbler web password: default user is cobbler"
|
echo "setting up cobbler web password: default user is cobbler"
|
||||||
|
|
||||||
CBLR_USER=${CBLR_USER:-"cobbler"}
|
CBLR_USER=${CBLR_USER:-"cobbler"}
|
||||||
CBLR_PASSWD=${CBLR_PASSWD:-"cobbler"}
|
CBLR_PASSWD=${CBLR_PASSWD:-"cobbler"}
|
||||||
(echo -n "$CBLR_USER:Cobbler:" && echo -n "$CBLR_USER:Cobbler:$CBLR_PASSWD" | md5sum - | cut -d' ' -f1) >> /etc/cobbler/users.digest
|
(echo -n "$CBLR_USER:Cobbler:" && echo -n "$CBLR_USER:Cobbler:$CBLR_PASSWD" | md5sum - | cut -d' ' -f1) > /etc/cobbler/users.digest
|
||||||
|
|
||||||
sudo sed -i "s/listen-on[ \t]\+.*;/listen-on port 53 \{ $ipaddr; \};/g" /etc/cobbler/named.template
|
# update cobbler config
|
||||||
subnet_escaped=$(echo $SUBNET | sed -e 's/[\/&]/\\&/g')
|
sudo cp -rn /var/lib/cobbler/snippets /root/backup/cobbler/
|
||||||
sudo sed -i "s/allow-query[ \t]\+.*/allow-query\t\{ 127.0.0.0\/8; 10.0.0.0\/8; 192.168.0.0\/16; 172.16.0.0\/12; $subnet_escaped; \};/g" /etc/cobbler/named.template
|
sudo cp -rn /var/lib/cobbler/kickstarts/ /root/backup/cobbler/
|
||||||
|
sudo rm -rf /var/lib/cobbler/snippets/*
|
||||||
|
sudo cp -rf $ADAPTER_HOME/cobbler/snippets/* /var/lib/cobbler/snippets/
|
||||||
|
sudo chmod 777 /var/lib/cobbler/snippets
|
||||||
|
sudo chmod 666 /var/lib/cobbler/snippets/*
|
||||||
|
sudo sed -i "s/# \$compass_ip \$compass_hostname/$ipaddr $HOSTNAME/g" /var/lib/cobbler/snippets/hosts
|
||||||
|
sudo rm -f /var/lib/cobbler/kickstarts/default.ks
|
||||||
|
sudo cp -rf $ADAPTER_HOME/cobbler/kickstarts/default.ks /var/lib/cobbler/kickstarts/
|
||||||
|
sudo chmod 666 /var/lib/cobbler/kickstarts/default.ks
|
||||||
|
|
||||||
echo "$HOSTNAME IN A $ipaddr" >> /etc/cobbler/zone.template
|
sudo cp -rn /etc/xinetd.d /root/backup/
|
||||||
|
|
||||||
sudo cp /etc/xinetd.d/rsync /root/backup/
|
|
||||||
sudo sed -i 's/disable\([ \t]\+\)=\([ \t]\+\)yes/disable\1=\2no/g' /etc/xinetd.d/rsync
|
sudo sed -i 's/disable\([ \t]\+\)=\([ \t]\+\)yes/disable\1=\2no/g' /etc/xinetd.d/rsync
|
||||||
sudo sed -i 's/^@dists=/# @dists=/g' /etc/debmirror.conf
|
sudo sed -i 's/^@dists=/# @dists=/g' /etc/debmirror.conf
|
||||||
sudo sed -i 's/^@arches=/# @arches=/g' /etc/debmirror.conf
|
sudo sed -i 's/^@arches=/# @arches=/g' /etc/debmirror.conf
|
||||||
|
|
||||||
echo "disable iptables"
|
echo "disable iptables"
|
||||||
sudo service iptables stop
|
sudo service iptables stop
|
||||||
|
sudo service iptables status
|
||||||
|
if [[ "$?" == "0" ]]; then
|
||||||
|
echo "iptables is running"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
echo "disable selinux temporarily"
|
echo "disable selinux temporarily"
|
||||||
echo 0 > /selinux/enforce
|
echo 0 > /selinux/enforce
|
||||||
|
|
||||||
echo "Checking if httpd is running"
|
sudo service httpd restart
|
||||||
sudo ps cax | grep httpd > /dev/null
|
|
||||||
if [ $? -eq 0 ]; then
|
|
||||||
echo "httpd is running."
|
|
||||||
else
|
|
||||||
echo "httpd is not running. Starting httpd"
|
|
||||||
sudo service httpd start
|
|
||||||
fi
|
|
||||||
|
|
||||||
sudo service cobblerd restart
|
sudo service cobblerd restart
|
||||||
sudo cobbler get-loaders
|
sudo cobbler get-loaders
|
||||||
sudo cobbler check
|
|
||||||
sudo cobbler sync
|
sudo cobbler sync
|
||||||
|
sudo service xinetd restart
|
||||||
|
sudo cobbler check
|
||||||
|
|
||||||
|
echo "Checking if httpd is running"
|
||||||
|
sudo service httpd status
|
||||||
|
if [[ "$?" == "0" ]]; then
|
||||||
|
echo "httpd is running."
|
||||||
|
else
|
||||||
|
echo "httpd is not running"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
echo "Checking if dhcpd is running"
|
echo "Checking if dhcpd is running"
|
||||||
sudo ps cax | grep dhcpd > /dev/null
|
sudo service dhcpd status
|
||||||
if [ $? -eq 0 ]; then
|
if [[ "$?" == "0" ]]; then
|
||||||
echo "dhcpd is running."
|
echo "dhcpd is running."
|
||||||
else
|
else
|
||||||
echo "dhcpd is not running. Starting httpd"
|
echo "dhcpd is not running"
|
||||||
sudo service dhcpd start
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo "Checking if named is running"
|
echo "Checking if named is running"
|
||||||
ps cax | grep named > /dev/null
|
sudo service named status
|
||||||
if [ $? -eq 0 ]; then
|
if [[ "$?" == "0" ]]; then
|
||||||
echo "named is running."
|
echo "named is running."
|
||||||
else
|
else
|
||||||
echo "named is not running. Starting httpd"
|
echo "named is not running"
|
||||||
sudo service named start
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "Checking if xinetd is running"
|
||||||
|
sudo service xinetd status
|
||||||
|
if [[ "$?" == "0" ]]; then
|
||||||
|
echo "xinetd is running."
|
||||||
|
else
|
||||||
|
echo "xinetd is not running"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "Checking if cobblerd is running"
|
||||||
|
if [[ "$?" == "0" ]]; then
|
||||||
|
echo "cobblerd is running."
|
||||||
|
else
|
||||||
|
echo "cobblerd is not running"
|
||||||
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# create repo
|
# create repo
|
||||||
sudo mkdir -p /var/lib/cobbler/repo_mirror/ppa_repo
|
sudo mkdir -p /var/lib/cobbler/repo_mirror/ppa_repo
|
||||||
|
found_ppa_repo=0
|
||||||
|
for repo in $(cobbler repo list); do
|
||||||
|
if [ "$repo" == "ppa_repo" ]; then
|
||||||
|
found_ppa_repo=1
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
if [ "$found_ppa_repo" == "0" ]; then
|
||||||
sudo cobbler repo add --mirror=/var/lib/cobbler/repo_mirror/ppa_repo --name=ppa_repo --mirror-locally=Y
|
sudo cobbler repo add --mirror=/var/lib/cobbler/repo_mirror/ppa_repo --name=ppa_repo --mirror-locally=Y
|
||||||
|
if [[ "$?" != "0" ]]; then
|
||||||
|
echo "failed to add ppa_repo"
|
||||||
|
exit 1
|
||||||
|
else
|
||||||
|
echo "ppa_repo is added"
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
echo "repo ppa_repo has already existed."
|
||||||
|
fi
|
||||||
|
|
||||||
# download packages
|
# download packages
|
||||||
cd /var/lib/cobbler/repo_mirror/ppa_repo/
|
cd /var/lib/cobbler/repo_mirror/ppa_repo/
|
||||||
sudo curl http://opscode-omnibus-packages.s3.amazonaws.com/el/6/x86_64/chef-11.8.0-1.el6.x86_64.rpm > chef-11.8.0-1.el6.x86_64.rpm
|
sudo wget -c --progress=bar:force -O chef-11.8.0-1.el6.${IMAGE_ARCH}.rpm http://opscode-omnibus-packages.s3.amazonaws.com/el/${IMAGE_VERSION_MAJOR}/${IMAGE_ARCH}/chef-11.8.0-1.el6.${IMAGE_ARCH}.rpm
|
||||||
|
|
||||||
sudo curl ftp://ftp.muug.mb.ca/mirror/centos/6.5/os/x86_64/Packages/ntp-4.2.6p5-1.el6.centos.x86_64.rpm > ntp-4.2.6p5-1.el6.centos.x86_64.rpm
|
sudo wget -c --progress=bar:force -O ntp-4.2.6p5-1.el6.${IMAGE_TYPE}.$IMAGE_ARCH.rpm ftp://rpmfind.net/linux/${IMAGE_TYPE,,}/${IMAGE_VERSION}/os/${IMAGE_ARCH}/Packages/ntp-4.2.6p5-1.el6.${IMAGE_TYPE,,}.${IMAGE_ARCH}.rpm
|
||||||
|
|
||||||
sudo curl http://vault.centos.org/6.4/os/Source/SPackages/openssh-5.3p1-84.1.el6.src.rpm > openssh-clients-5.3p1-84.1.el6.x86_64.rpm
|
sudo wget -c --progress=bar:force -O openssh-clients-5.3p1-94.1.el6.${IMAGE_ARCH}.rpm http://vault.${IMAGE_TYPE,,}.org/${IMAGE_VERSION}/os/Source/SPackages/openssh-5.3p1-94.el6.src.rpm
|
||||||
|
|
||||||
sudo curl ftp://ftp.muug.mb.ca/mirror/centos/6.5/os/x86_64/Packages/iproute-2.6.32-31.el6.x86_64.rpm > iproute-2.6.32-31.el6.x86_64.rpm
|
sudo wget -c --progress=bar:force -O iproute-2.6.32-31.el6.${IMAGE_ARCH}.rpm ftp://rpmfind.net/linux/${IMAGE_TYPE,,}/${IMAGE_VERSION_MAJOR}/os/${IMAGE_ARCH}/Packages/iproute-2.6.32-31.el6.${IMAGE_ARCH}.rpm
|
||||||
|
|
||||||
sudo curl ftp://ftp.muug.mb.ca/mirror/centos/6.5/os/x86_64/Packages/wget-1.12-1.8.el6.x86_64.rpm > wget-1.12-1.8.el6.x86_64.rpm
|
sudo wget -c --progress=bar:force -O wget-1.12-1.8.el6.${IMAGE_ARCH}.rpm ftp://rpmfind.net/linux/${IMAGE_TYPE,,}/${IMAGE_VERSION_MAJOR}/os/${IMAGE_ARCH}/Packages/wget-1.12-1.8.el6.${IMAGE_ARCH}.rpm
|
||||||
|
|
||||||
sudo curl ftp://ftp.muug.mb.ca/mirror/centos/6.5/os/x86_64/Packages/ntpdate-4.2.6p5-1.el6.centos.x86_64.rpm > ntpdate-4.2.6p5-1.el6.centos.x86_64.rpm
|
sudo wget -c --progress=bar:force -O ntpdate-4.2.6p5-1.el6.${IMAGE_TYPE}.${IMAGE_ARCH}.rpm ftp://rpmfind.net/linux/${IMAGE_TYPE,,}/${IMAGE_VERSION_MAJOR}/os/${IMAGE_ARCH}/Packages/ntpdate-4.2.6p5-1.el6.${IMAGE_TYPE,,}.${IMAGE_ARCH}.rpm
|
||||||
|
|
||||||
cd ..
|
cd ..
|
||||||
sudo createrepo ppa_repo
|
sudo createrepo ppa_repo
|
||||||
|
if [[ "$?" != "0" ]]; then
|
||||||
|
echo "failed to createrepo ppa_repo"
|
||||||
|
exit 1
|
||||||
|
else
|
||||||
|
echo "ppa_repo is created"
|
||||||
|
fi
|
||||||
|
|
||||||
sudo cobbler reposync
|
sudo cobbler reposync
|
||||||
|
|
||||||
# import cobbler distro
|
# import cobbler distro
|
||||||
##export ipaddr=$(ifconfig $NIC | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}')
|
|
||||||
sudo mkdir -p /var/lib/cobbler/iso
|
sudo mkdir -p /var/lib/cobbler/iso
|
||||||
sudo curl "$IMAGE_SOURCE" > /var/lib/cobbler/iso/$IMAGE_NAME.iso
|
sudo wget -c --progress=bar:force -O /var/lib/cobbler/iso/${IMAGE_NAME}-${IMAGE_ARCH}.iso "$IMAGE_SOURCE"
|
||||||
sudo mkdir -p /mnt/$IMAGE_NAME
|
if [[ "$?" != "0" ]]; then
|
||||||
sudo mount -o loop /var/lib/cobbler/iso/$IMAGE_NAME.iso /mnt/$IMAGE_NAME
|
echo "failed to download images $IMAGE_SOURCE"
|
||||||
sudo cobbler import --path=/mnt/$IMAGE_NAME --name=$IMAGE_NAME --arch=x86_64
|
exit 1
|
||||||
# manually run distro add and profile add if cobbler import fails
|
else
|
||||||
sudo cobbler distro add --name="$IMAGE_NAME" --kernel="/var/www/cobbler/ks_mirror/$IMAGE_NAME-x86_64/isolinux/vmlinuz" --initrd="/var/www/cobbler/ks_mirror/$IMAGE_NAME-x86_64/isolinux/initrd.img" --arch=x86_64 --breed=redhat
|
echo "$IMAGE_SOURCE is downloaded"
|
||||||
sudo cobbler profile add --name="$IMAGE_NAME" --repo=ppa_repo --distro=$IMAGE_NAME --ksmeta="tree=http://$ipaddr/cobbler/ks_mirror/$IMAGE_NAME-x86_64" --kickstart=/var/lib/cobbler/kickstarts/default.ks
|
fi
|
||||||
|
|
||||||
|
sudo mkdir -p /mnt/${IMAGE_NAME}-${IMAGE_ARCH}
|
||||||
|
if [ $(mount | grep -c "/mnt/${IMAGE_NAME}-${IMAGE_ARCH} ") -eq 0 ]; then
|
||||||
|
sudo mount -o loop /var/lib/cobbler/iso/${IMAGE_NAME}-${IMAGE_ARCH}.iso /mnt/${IMAGE_NAME}-${IMAGE_ARCH}
|
||||||
|
if [[ "$?" != "0" ]]; then
|
||||||
|
echo "failed to mount image /mnt/${IMAGE_NAME}-${IMAGE_ARCH}"
|
||||||
|
exit 1
|
||||||
|
else
|
||||||
|
echo "/mnt/${IMAGE_NAME}-${IMAGE_ARCH} is mounted"
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
echo "/mnt/${IMAGE_NAME}-${IMAGE_ARCH} has already mounted"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# add distro
|
||||||
|
found_distro=0
|
||||||
|
for distro in $(cobbler distro list); do
|
||||||
|
if [ "$distro" == "${IMAGE_NAME}-${IMAGE_ARCH}" ]; then
|
||||||
|
found_distro=1
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
if [ "$found_distro" == "0" ]; then
|
||||||
|
sudo cobbler import --path=/mnt/${IMAGE_NAME}-${IMAGE_ARCH} --name=${IMAGE_NAME} --arch=${IMAGE_ARCH} --kickstart=/var/lib/cobbler/kickstarts/default.ks --breed=redhat
|
||||||
|
if [[ "$?" != "0" ]]; then
|
||||||
|
echo "failed to import /mnt/${IMAGE_NAME}-${IMAGE_ARCH}"
|
||||||
|
exit 1
|
||||||
|
else
|
||||||
|
echo "/mnt/${IMAGE_NAME}-${IMAGE_ARCH} is imported"
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
echo "distro $IMAGE_NAME has already existed"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# add profile
|
||||||
|
found_profile=0
|
||||||
|
for profile in $(cobbler profile list); do
|
||||||
|
if [ "$profile" == "${IMAGE_NAME}-${IMAGE_ARCH}" ]; then
|
||||||
|
found_profile=1
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
if [ "$found_profile" == "0" ]; then
|
||||||
|
sudo cobbler profile add --name="${IMAGE_NAME}-${IMAGE_ARCH}" --repo=ppa_repo --distro="${IMAGE_NAME}-${IMAGE_ARCH}" --ksmeta="tree=http://$ipaddr/cobbler/ks_mirror/${IMAGE_NAME}-${IMAGE_ARCH}" --kickstart=/var/lib/cobbler/kickstarts/default.ks
|
||||||
|
if [[ "$?" != "0" ]]; then
|
||||||
|
echo "failed to add profile ${IMAGE_NAME}-${IMAGE_ARCH}"
|
||||||
|
exit 1
|
||||||
|
else
|
||||||
|
echo "profile ${IMAGE_NAME}-${IMAGE_ARCH} is added"
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
echo "profile $IMAGE_NAME has already existed."
|
||||||
|
sudo cobbler profile edit --name="${IMAGE_NAME}-${IMAGE_ARCH}" --repo=ppa_repo
|
||||||
|
if [[ "$?" != "0" ]]; then
|
||||||
|
echo "failed to edit profile ${IMAGE_NAME}-${IMAGE_ARCH}"
|
||||||
|
exit 1
|
||||||
|
else
|
||||||
|
echo "profile ${IMAGE_NAME}-${IMAGE_ARCH} is updated"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
echo "Cobbler configuration complete!"
|
echo "Cobbler configuration complete!"
|
||||||
|
@ -1,116 +1,4 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
SCRIPT_DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
|
|
||||||
echo "script dir: $SCRIPT_DIR"
|
|
||||||
COMPASSDIR=${SCRIPT_DIR}/..
|
|
||||||
echo "compass dir is $COMPASSDIR"
|
|
||||||
copygit2dir()
|
|
||||||
{
|
|
||||||
destdir=$1
|
|
||||||
repo=$2
|
|
||||||
if [ -d $destdir ];then
|
|
||||||
echo "$destdir exists"
|
|
||||||
cd $destdir
|
|
||||||
git remote set-url origin $repo
|
|
||||||
git remote update
|
|
||||||
git reset --hard
|
|
||||||
git clean -x -f
|
|
||||||
git checkout master
|
|
||||||
git reset --hard remotes/origin/master
|
|
||||||
if [[ -n "$GERRIT_REFSPEC" ]];then
|
|
||||||
git fetch origin $GERRIT_REFSPEC && git checkout FETCH_HEAD
|
|
||||||
fi
|
|
||||||
git clean -x -f
|
|
||||||
else
|
|
||||||
mkdir -p $destdir
|
|
||||||
git clone $repo $destdir
|
|
||||||
if [[ -n "$GERRIT_REFSPEC" ]];then
|
|
||||||
# project=$(echo $repo|rev|cut -d '/' -f 1|rev)
|
|
||||||
cd $destdir
|
|
||||||
git fetch $repo $GERRIT_REFSPEC && git checkout FETCH_HEAD
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
cd $SCRIPT_DIR
|
|
||||||
}
|
|
||||||
copylocal2dir()
|
|
||||||
{
|
|
||||||
destdir=$1
|
|
||||||
repo=$2
|
|
||||||
if [ -d $destdir ];then
|
|
||||||
echo "$destdir exists"
|
|
||||||
else
|
|
||||||
mkdir -p $destdir
|
|
||||||
fi
|
|
||||||
sudo \cp -rf $repo/* $destdir
|
|
||||||
}
|
|
||||||
cd $SCRIPT_DIR
|
|
||||||
#export ipaddr=$(ifconfig $NIC | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}')
|
|
||||||
|
|
||||||
##SUBNET=${SUBNET:-$(ip address| grep "global $NIC" |cut -f 6 -d ' ')}
|
|
||||||
WEB_HOME=${WEB_HOME:-'/tmp/web/'}
|
|
||||||
ADAPTER_HOME=${ADAPTER_HOME:-'/tmp/adapter/'}
|
|
||||||
##WEB_SOURCE=${WEB_SOURCE:-'https://github.com/stackforge/compass-web'}
|
|
||||||
WEB_SOURCE=${WEB_SOURCE:-$REPO_URL'/stackforge/compass-web'}
|
|
||||||
# ADAPTER_SOURCE=${ADAPTER_SOURCE:-'https://github.com/stackforge/compass-adapters'}
|
|
||||||
ADAPTER_SOURCE=${ADAPTER_SOURCE:-$REPO_URL'/stackforge/compass-adapters'}
|
|
||||||
if [ "$source" != "local" ]; then
|
|
||||||
copygit2dir $WEB_HOME $WEB_SOURCE
|
|
||||||
copygit2dir $ADAPTER_HOME $ADAPTER_SOURCE
|
|
||||||
else
|
|
||||||
copylocal2dir $WEB_HOME $WEB_SOURCE
|
|
||||||
copylocal2dir $ADAPTER_HOME $ADAPTER_SOURCE
|
|
||||||
fi
|
|
||||||
|
|
||||||
# download dependences
|
|
||||||
wget -N http://github.com/downloads/bitovi/javascriptmvc/$JS_MVC.zip
|
|
||||||
sudo yum install -y unzip
|
|
||||||
sudo unzip -o $JS_MVC
|
|
||||||
sudo \cp -rf $JS_MVC/. $WEB_HOME/public/
|
|
||||||
|
|
||||||
# update squid conf
|
|
||||||
sudo rm /etc/squid/squid.conf
|
|
||||||
sudo cp $COMPASSDIR/misc/squid/squid.conf /etc/squid/
|
|
||||||
sudo sed -i "/acl localnet src 10.0.0.0/i\acl localnet src $SUBNET" /etc/squid/squid.conf
|
|
||||||
sudo chmod 644 /etc/squid/squid.conf
|
|
||||||
sudo mkdir -p /var/squid/cache
|
|
||||||
sudo chown -R squid:squid /var/squid
|
|
||||||
sudo service squid restart
|
|
||||||
|
|
||||||
# update /etc/resolv.conf
|
|
||||||
echo "DNS1=$ipaddr" >> /etc/sysconfig/network-scripts/ifcfg-$NIC
|
|
||||||
echo "DOMAIN=ods.com" >> /etc/sysconfig/network-scripts/ifcfg-$NIC
|
|
||||||
service network restart
|
|
||||||
|
|
||||||
# Install net-snmp
|
|
||||||
sudo yum install -y net-snmp-utils net-snmp net-snmp-python
|
|
||||||
if [ ! -d "/usr/local/share/snmp/" ]; then
|
|
||||||
sudo mkdir /usr/local/share/snmp/
|
|
||||||
fi
|
|
||||||
sudo cp -rf $COMPASSDIR/mibs /usr/local/share/snmp/
|
|
||||||
sudo cat >> /etc/snmp/snmp.conf <<EOF
|
|
||||||
mibdirs +/usr/local/share/snmp/mibs
|
|
||||||
EOF
|
|
||||||
|
|
||||||
# update cobbler config
|
|
||||||
sudo cp -r /var/lib/cobbler/snippets /root/backup/cobbler/
|
|
||||||
sudo cp -r /var/lib/cobbler/kickstarts/ /root/backup/cobbler/
|
|
||||||
sudo rm -rf /var/lib/cobbler/snippets/*
|
|
||||||
sudo cp -r $ADAPTER_HOME/cobbler/snippets/* /var/lib/cobbler/snippets/
|
|
||||||
sudo cp -rf /etc/chef-server/chef-validator.pem /var/lib/cobbler/snippets/chef-validator.pem
|
|
||||||
sudo chmod 777 /var/lib/cobbler/snippets
|
|
||||||
sudo chmod 666 /var/lib/cobbler/snippets/*
|
|
||||||
sudo rm /var/lib/cobbler/kickstarts/default.ks
|
|
||||||
sudo cp -r $ADAPTER_HOME/cobbler/kickstarts/default.ks /var/lib/cobbler/kickstarts/
|
|
||||||
sudo chmod 666 /var/lib/cobbler/kickstarts/default.ks
|
|
||||||
|
|
||||||
# update chef config
|
|
||||||
sudo mkdir -p /var/chef/cookbooks/
|
|
||||||
sudo mkdir -p /var/chef/databags/
|
|
||||||
sudo mkdir -p /var/chef/roles/
|
|
||||||
|
|
||||||
sudo cp -r $ADAPTER_HOME/chef/cookbooks/* /var/chef/cookbooks/
|
|
||||||
sudo cp -r $ADAPTER_HOME/chef/databags/* /var/chef/databags/
|
|
||||||
sudo cp -r $ADAPTER_HOME/chef/roles/* /var/chef/roles/
|
|
||||||
|
|
||||||
# Move files to their respective locations
|
# Move files to their respective locations
|
||||||
mkdir -p /etc/compass
|
mkdir -p /etc/compass
|
||||||
mkdir -p /opt/compass/bin
|
mkdir -p /opt/compass/bin
|
||||||
@ -119,44 +7,64 @@ mkdir -p /var/log/compass
|
|||||||
mkdir -p /opt/compass/db
|
mkdir -p /opt/compass/db
|
||||||
mkdir -p /var/www/compass
|
mkdir -p /var/www/compass
|
||||||
|
|
||||||
sudo \cp -rf $COMPASSDIR/misc/apache/ods-server /etc/httpd/conf.d/ods-server.conf
|
sudo cp -rf $COMPASSDIR/misc/apache/ods-server /etc/httpd/conf.d/ods-server.conf
|
||||||
sudo \cp -rf $COMPASSDIR/misc/apache/compass.wsgi /var/www/compass/compass.wsgi
|
sudo cp -rf $COMPASSDIR/misc/apache/compass.wsgi /var/www/compass/compass.wsgi
|
||||||
sudo \cp -rf $COMPASSDIR/conf/celeryconfig /etc/compass/
|
sudo cp -rf $COMPASSDIR/conf/celeryconfig /etc/compass/
|
||||||
sudo \cp -rf $COMPASSDIR/conf/global_config /etc/compass/
|
sudo cp -rf $COMPASSDIR/conf/global_config /etc/compass/
|
||||||
sudo \cp -rf $COMPASSDIR/conf/setting /etc/compass/
|
sudo cp -rf $COMPASSDIR/conf/setting /etc/compass/
|
||||||
sudo \cp -rf $COMPASSDIR/conf/compassd /etc/init.d/
|
sudo cp -rf $COMPASSDIR/conf/compassd /etc/init.d/
|
||||||
sudo \cp -rf $COMPASSDIR/bin/*.py /opt/compass/bin/
|
sudo cp -rf $COMPASSDIR/bin/*.py /opt/compass/bin/
|
||||||
sudo \cp -rf $COMPASSDIR/bin/*.sh /opt/compass/bin/
|
sudo cp -rf $COMPASSDIR/bin/*.sh /opt/compass/bin/
|
||||||
sudo \cp -rf $COMPASSDIR/bin/compass /usr/bin/
|
sudo cp -rf $COMPASSDIR/bin/compass /usr/bin/
|
||||||
sudo \cp -rf $COMPASSDIR/bin/chef/* /opt/compass/bin/
|
sudo cp -rf $COMPASSDIR/bin/chef/* /opt/compass/bin/
|
||||||
sudo \cp -rf $COMPASSDIR/conf/compassd /usr/bin/
|
sudo cp -rf $COMPASSDIR/conf/compassd /usr/bin/
|
||||||
sudo \cp -rf $WEB_HOME/public/* /var/www/compass_web/
|
sudo cp -rf $WEB_HOME/public/* /var/www/compass_web/
|
||||||
sudo chmod +x /etc/init.d/compassd
|
|
||||||
sudo chmod +x /usr/bin/compassd
|
|
||||||
|
|
||||||
sudo chkconfig compassd on
|
sudo chkconfig compassd on
|
||||||
|
|
||||||
sudo chmod +x /opt/compass/bin/addcookbooks.py
|
|
||||||
sudo chmod +x /opt/compass/bin/adddatabags.py
|
|
||||||
sudo chmod +x /opt/compass/bin/addroles.py
|
|
||||||
|
|
||||||
/opt/compass/bin/addcookbooks.py
|
|
||||||
/opt/compass/bin/adddatabags.py
|
|
||||||
/opt/compass/bin/addroles.py
|
|
||||||
|
|
||||||
# setup ods server
|
# setup ods server
|
||||||
sudo yum -y install openssl
|
if [ ! -f /usr/lib64/libcrypto.so ]; then
|
||||||
sudo yum -y install openssl098e
|
sudo cp -rf /usr/lib64/libcrypto.so.6 /usr/lib64/libcrypto.so
|
||||||
sudo cp -r /usr/lib64/libcrypto.so.6 /usr/lib64/libcrypto.so
|
fi
|
||||||
|
|
||||||
sudo chmod -R 777 /opt/compass/db
|
sudo chmod -R 777 /opt/compass/db
|
||||||
sudo chmod -R 777 /var/log/compass
|
sudo chmod -R 777 /var/log/compass
|
||||||
sudo echo "export C_FORCE_ROOT=1" > /etc/profile.d/celery_env.sh
|
sudo echo "export C_FORCE_ROOT=1" > /etc/profile.d/celery_env.sh
|
||||||
sudo chmod +x /etc/profile.d/celery_env.sh
|
sudo chmod +x /etc/profile.d/celery_env.sh
|
||||||
sudo service httpd restart
|
|
||||||
|
|
||||||
cd $COMPASSDIR
|
cd $COMPASSDIR
|
||||||
sudo python setup.py install
|
sudo python setup.py install
|
||||||
|
if [[ "$?" != "0" ]]; then
|
||||||
|
echo "failed to install compass package"
|
||||||
|
exit 1
|
||||||
|
else
|
||||||
|
echo "compass package is installed"
|
||||||
|
fi
|
||||||
|
|
||||||
sudo sed -i "/COBBLER_INSTALLER_URL/c\COBBLER_INSTALLER_URL = 'http:\/\/$ipaddr/cobbler_api'" /etc/compass/setting
|
sudo sed -i "/COBBLER_INSTALLER_URL/c\COBBLER_INSTALLER_URL = 'http:\/\/$ipaddr/cobbler_api'" /etc/compass/setting
|
||||||
sudo sed -i "/CHEF_INSTALLER_URL/c\CHEF_INSTALLER_URL = 'https:\/\/$ipaddr/'" /etc/compass/setting
|
sudo sed -i "/CHEF_INSTALLER_URL/c\CHEF_INSTALLER_URL = 'https:\/\/$ipaddr/'" /etc/compass/setting
|
||||||
sudo sh /opt/compass/bin/refresh.sh --init
|
|
||||||
figlet -ctf slant Installation Complete!
|
# add cookbooks, databags and roles
|
||||||
|
sudo /opt/compass/bin/addcookbooks.py --cookbooks_dir=$ADAPTER_HOME/chef/cookbooks
|
||||||
|
sudo /opt/compass/bin/adddatabags.py --databags_dir=$ADAPTER_HOME/chef/databags
|
||||||
|
sudo /opt/compass/bin/addroles.py --roles_dir=$ADAPTER_HOME/chef/roles
|
||||||
|
|
||||||
|
# copy the chef validatation keys to cobbler snippets
|
||||||
|
sudo cp -rf /etc/chef-server/chef-validator.pem /var/lib/cobbler/snippets/chef-validator.pem
|
||||||
|
|
||||||
|
sudo sh /opt/compass/bin/refresh.sh
|
||||||
|
|
||||||
|
sudo service httpd status
|
||||||
|
if [[ "$?" != "0" ]]; then
|
||||||
|
echo "httpd is not started"
|
||||||
|
exit 1
|
||||||
|
else
|
||||||
|
echo "httpd has already started"
|
||||||
|
fi
|
||||||
|
|
||||||
|
sudo service compassd status
|
||||||
|
if [[ "$?" != "0" ]]; then
|
||||||
|
echo "compassd is not started"
|
||||||
|
exit 1
|
||||||
|
else
|
||||||
|
echo "compassd has already started"
|
||||||
|
fi
|
||||||
|
@ -2,10 +2,23 @@
|
|||||||
|
|
||||||
echo 'Installing Required packages for Compass...'
|
echo 'Installing Required packages for Compass...'
|
||||||
|
|
||||||
sudo yum install -y rsyslog ntp iproute openssh-clients python git wget python-setuptools python-netaddr python-flask python-flask-sqlalchemy python-amqplib amqp python-paramiko python-mock mod_wsgi httpd squid dhcp bind rsync yum-utils xinetd tftp-server gcc net-snmp-utils net-snmp python-daemon
|
sudo yum install -y rsyslog logrotate ntp iproute openssh-clients python git wget python-setuptools python-netaddr python-flask python-flask-sqlalchemy python-amqplib amqp python-paramiko python-mock mod_wsgi httpd squid dhcp bind rsync yum-utils xinetd tftp-server gcc net-snmp-utils net-snmp net-snmp-python python-daemon unzip openssl openssl098e
|
||||||
|
if [[ "$?" != "0" ]]; then
|
||||||
|
echo "failed to install yum dependency"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
sudo easy_install pip==1.2.1
|
sudo easy_install pip==1.2.1
|
||||||
|
if [[ "$?" != "0" ]]; then
|
||||||
|
echo "failed to install easy install"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
sudo pip install flask-script flask-restful Celery six discover unittest2 pychef requests
|
sudo pip install flask-script flask-restful Celery six discover unittest2 pychef requests
|
||||||
|
if [[ "$?" != "0" ]]; then
|
||||||
|
echo "failed to install pip packages"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
sudo chkconfig httpd on
|
sudo chkconfig httpd on
|
||||||
sudo chkconfig squid on
|
sudo chkconfig squid on
|
||||||
|
@ -3,53 +3,54 @@
|
|||||||
#####################################
|
#####################################
|
||||||
|
|
||||||
# OS_INSTALLER indicates the tool for OS provisioning, default is 'cobbler'.
|
# OS_INSTALLER indicates the tool for OS provisioning, default is 'cobbler'.
|
||||||
export OS_INSTALLER=cobbler
|
export OS_INSTALLER=${OS_INSTALLER:-cobbler}
|
||||||
|
|
||||||
# PACKAGE_INSTALLER indicates the tool for Package provisioning, default is 'chef'.
|
# PACKAGE_INSTALLER indicates the tool for Package provisioning, default is 'chef'.
|
||||||
export PACKAGE_INSTALLER=chef
|
export PACKAGE_INSTALLER=${PACKAGE_INSTALLER:-chef}
|
||||||
|
|
||||||
# service NIC
|
# service NIC
|
||||||
export NIC=
|
export NIC=${NIC:-}
|
||||||
|
|
||||||
# DHCP config
|
# DHCP config
|
||||||
# SUBNET variable specifies the subnet for DHCP server. Example: 192.168.0.0/16
|
# SUBNET variable specifies the subnet for DHCP server. Example: 192.168.0.0/16
|
||||||
export SUBNET=
|
export SUBNET=${SUBNET:-}
|
||||||
# DHCP option router address(Default is your management interface IP address )"
|
# DHCP option router address(Default is your management interface IP address )"
|
||||||
export OPTION_ROUTER=
|
export OPTION_ROUTER=${OPTION_ROUTER:-}
|
||||||
# The IP range for DHCP clients (Default: local subnet start from 100 to 254)
|
# The IP range for DHCP clients (Default: local subnet start from 100 to 254)
|
||||||
IP_RANGE=
|
export IP_RANGE=${IP_RANGE:-}
|
||||||
# TFTP server's IP address(Default: Management Interface/eth0 IP)
|
# TFTP server's IP address(Default: Management Interface/eth0 IP)
|
||||||
export NEXTSERVER=
|
export NEXTSERVER=${NEXTSERVER:-}
|
||||||
|
|
||||||
# the domains covered by nameserver
|
# the domains covered by nameserver
|
||||||
export NAMESERVER_DOMAINS=
|
export NAMESERVER_DOMAINS=${NAMESERVER_DOMAINS:-}
|
||||||
|
|
||||||
export REPO_URL="https://github.com"
|
export REPO_URL=${REPO_URL:-"https://github.com"}
|
||||||
# set the default cobbler user "cobbler" password, if not set, the default will be cobbler/cobbler
|
# set the default cobbler user "cobbler" password, if not set, the default will be cobbler/cobbler
|
||||||
CBLR_USER=
|
export CBLR_USER=${CBLR_USER:-}
|
||||||
CBLR_PASSWD=
|
export CBLR_PASSWD=${CBLR_PASSWD:-}
|
||||||
|
|
||||||
# IMAGE_SOURCE is where you host your CentOS image
|
export IMAGE_TYPE=${IMAGE_TYPE:-"CentOS"}
|
||||||
#export IMAGE_SOURCE=http://12.234.32.58/software/OS/centos/centos6.4/CentOS-6.4-x86_64-minimal.iso
|
export IMAGE_VERSION_MAJOR=${IMAGE_VERSION_MAJOR:-"6"}
|
||||||
export IMAGE_SOURCE=http://mirror.rackspace.com/CentOS/6/isos/x86_64/CentOS-6.5-x86_64-minimal.iso
|
export IMAGE_VERSION_MINOR=${IMAGE_VERSION_MINOR:-"5"}
|
||||||
IMAGE_NAME=$(echo $IMAGE_SOURCE |rev|cut -d '/' -f1|rev)
|
export IMAGE_VERSION=${IMAGE_VERSION:-"${IMAGE_VERSION_MAJOR}.${IMAGE_VERSION_MINOR}"}
|
||||||
export IMAGE_NAME=${IMAGE_NAME/.iso/''}
|
export IMAGE_NAME=${IMAGE_NAME:-"${IMAGE_TYPE}-${IMAGE_VERSION}"}
|
||||||
export COBBLER_PASSWORD=cobbler
|
export IMAGE_ARCH=${IMAGE_ARCH:-"x86_64"}
|
||||||
|
export IMAGE_SOURCE=${IMAGE_SOURCE:-"http://mirror.rackspace.com/${IMAGE_TYPE}/${IMAGE_VERSION_MAJOR}/isos/${IMAGE_ARCH}/${IMAGE_TYPE}-${IMAGE_VERSION}-${IMAGE_ARCH}-minimal.iso"}
|
||||||
|
export COBBLER_PASSWORD=${COBBLER_PASSWORD:-"cobbler"}
|
||||||
|
|
||||||
# Currently the use of Javascript MVC is set to version 3.2.4
|
# Currently the use of Javascript MVC is set to version 3.2.4
|
||||||
export JS_MVC=javascriptmvc-3.2.4
|
export JS_MVC=${JS_MVC:-"javascriptmvc-3.2.4"}
|
||||||
|
|
||||||
# set the chef packages download path
|
# set the chef packages download path
|
||||||
export CHEF_SRV=http://opscode-omnibus-packages.s3.amazonaws.com/el/6/x86_64/chef-server-11.0.8-1.el6.x86_64.rpm
|
export CHEF_SRV=${CHEF_SRV:-"http://opscode-omnibus-packages.s3.amazonaws.com/el/${IMAGE_VERSION_MAJOR}/${IMAGE_ARCH}/chef-server-11.0.8-1.el6.${IMAGE_ARCH}.rpm"}
|
||||||
|
|
||||||
# Set Chef password for Chef web UI
|
# Set Chef password for Chef web UI
|
||||||
export CHEF_PASSWD=root1234
|
export CHEF_PASSWD=${CHEF_PASSWD:-"root1234"}
|
||||||
|
|
||||||
# Set Compass-web and Compass-adpater variables
|
# Set Compass-web and Compass-adpater variables
|
||||||
WEB_HOME=
|
export WEB_HOME=${WEB_HOME:='/tmp/web'}
|
||||||
ADAPTER_HOME=
|
export ADAPTER_HOME=${ADAPTER_HOME:-'/tmp/adapter'}
|
||||||
|
export WEB_SOURCE=${WEB_SOURCE:-}
|
||||||
if [[ -n $source ]] && [ $source = "local" ];then
|
export ADAPTER_SOURCE=${ADAPTER_SOURCE:-}
|
||||||
export WEB_SOURCE=${DIR}/../web
|
export SCRIPT_DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
|
||||||
export ADAPTER_SOURCE=${DIR}/../misc
|
export COMPASSDIR=${SCRIPT_DIR}/..
|
||||||
fi
|
|
||||||
|
@ -29,7 +29,14 @@ DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
|
|||||||
echo 0 > /selinux/enforce
|
echo 0 > /selinux/enforce
|
||||||
|
|
||||||
### Add epel repo
|
### Add epel repo
|
||||||
|
sudo rpm -q epel-release-6-8
|
||||||
|
if [ "$?" != "0" ]; then
|
||||||
sudo rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm >& /dev/null
|
sudo rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm >& /dev/null
|
||||||
|
if [ "$?" != "0" ]; then
|
||||||
|
echo "failed to install epel"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
sed -i 's/^mirrorlist=https/mirrorlist=http/g' /etc/yum.repos.d/epel.repo
|
sed -i 's/^mirrorlist=https/mirrorlist=http/g' /etc/yum.repos.d/epel.repo
|
||||||
|
|
||||||
### Trap any error code with related filename and line.
|
### Trap any error code with related filename and line.
|
||||||
@ -39,7 +46,9 @@ errtrap()
|
|||||||
echo "[FILE: "$(basename $FILE)", LINE: $1] Error: Command or function exited with status $2"
|
echo "[FILE: "$(basename $FILE)", LINE: $1] Error: Command or function exited with status $2"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if [[ "$-" == *x* ]]; then
|
||||||
trap 'errtrap $LINENO $?' ERR
|
trap 'errtrap $LINENO $?' ERR
|
||||||
|
fi
|
||||||
|
|
||||||
# Install figlet
|
# Install figlet
|
||||||
sudo yum -y install figlet >& /dev/null
|
sudo yum -y install figlet >& /dev/null
|
||||||
@ -56,15 +65,13 @@ done
|
|||||||
|
|
||||||
# Load variables
|
# Load variables
|
||||||
source $DIR/install.conf
|
source $DIR/install.conf
|
||||||
echo $WEB_SOURCE
|
|
||||||
echo $ADAPTER_SOURCE
|
|
||||||
loadvars()
|
loadvars()
|
||||||
{
|
{
|
||||||
varname=${1,,}
|
varname=${1,,}
|
||||||
eval var=\$$(echo $1)
|
eval var=\$$(echo $1)
|
||||||
|
|
||||||
if [[ -z $var ]]; then
|
if [[ -z $var ]]; then
|
||||||
echo -e "\x1b[32mPlease enter the DHCP $varname (Example: $2):\x1b[37m"
|
echo -e "\x1b[32mPlease enter the $varname (Example: $2):\x1b[37m"
|
||||||
while read input
|
while read input
|
||||||
do
|
do
|
||||||
if [ "$input" == "" ]; then
|
if [ "$input" == "" ]; then
|
||||||
@ -72,14 +79,11 @@ loadvars()
|
|||||||
export $(echo $1)="$2"
|
export $(echo $1)="$2"
|
||||||
break
|
break
|
||||||
else
|
else
|
||||||
if [[ ( "$input" != *.* ) && ( "$1" != "NIC" ) ]]; then
|
if [ "$1" == "NIC" ]; then
|
||||||
echo "I really expect IP addresses"
|
|
||||||
exit
|
|
||||||
elif [ "$1" == "NIC" ]; then
|
|
||||||
sudo ip addr |grep $input >& /dev/null
|
sudo ip addr |grep $input >& /dev/null
|
||||||
if [ $? -ne 0 ]; then
|
if [ $? -ne 0 ]; then
|
||||||
echo "There is not any IP address assigned to the NIC '$input' yet, please assign an IP address first."
|
echo "There is not any IP address assigned to the NIC '$input' yet, please assign an IP address first."
|
||||||
exit
|
exit 1
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
echo "You have entered $input"
|
echo "You have entered $input"
|
||||||
@ -100,17 +104,31 @@ loadvars OPTION_ROUTER $(route -n | grep '^0.0.0.0' | xargs | cut -d ' ' -f 2)
|
|||||||
loadvars IP_RANGE "$range"
|
loadvars IP_RANGE "$range"
|
||||||
loadvars NEXTSERVER $ipaddr
|
loadvars NEXTSERVER $ipaddr
|
||||||
loadvars NAMESERVER_DOMAINS "ods.com"
|
loadvars NAMESERVER_DOMAINS "ods.com"
|
||||||
|
if [[ -n $source ]] && [ $source = "local" ];then
|
||||||
|
loadvars WEB_SOURCE ${COMPASSDIR}/../web
|
||||||
|
loadvars ADAPTER_SOURCE ${COMPASSDIR}/../misc
|
||||||
|
else
|
||||||
|
loadvars WEB_SOURCE $REPO_URL'/stackforge/compass-web'
|
||||||
|
loadvars ADAPTER_SOURCE $REPO_URL'/stackforge/compass-adapters'
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "script dir: $SCRIPT_DIR"
|
||||||
|
echo "compass dir is $COMPASSDIR"
|
||||||
|
|
||||||
echo "Install the Dependencies"
|
echo "Install the Dependencies"
|
||||||
source $DIR/dependency.sh
|
source ${COMPASSDIR}/install/dependency.sh
|
||||||
|
|
||||||
|
echo "Prepare the Installation"
|
||||||
|
source ${COMPASSDIR}/install/prepare.sh
|
||||||
|
|
||||||
echo "Install the OS Installer Tool"
|
echo "Install the OS Installer Tool"
|
||||||
source $DIR/$OS_INSTALLER.sh
|
source ${COMPASSDIR}/install/$OS_INSTALLER.sh
|
||||||
|
|
||||||
echo "Install the Package Installer Tool"
|
echo "Install the Package Installer Tool"
|
||||||
source $DIR/$PACKAGE_INSTALLER.sh
|
source ${COMPASSDIR}/install/$PACKAGE_INSTALLER.sh
|
||||||
|
|
||||||
echo "Download and Setup Compass and related services"
|
echo "Download and Setup Compass and related services"
|
||||||
source $DIR/compass.sh
|
source ${COMPASSDIR}/install/compass.sh
|
||||||
|
|
||||||
|
figlet -ctf slant Installation Complete!
|
||||||
echo -e "It takes\x1b[32m $SECONDS \x1b[0mseconds during the installation."
|
echo -e "It takes\x1b[32m $SECONDS \x1b[0mseconds during the installation."
|
||||||
|
140
install/prepare.sh
Executable file
140
install/prepare.sh
Executable file
@ -0,0 +1,140 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
#
|
||||||
|
copygit2dir()
|
||||||
|
{
|
||||||
|
repo=$1
|
||||||
|
destdir=$2
|
||||||
|
if [ -d $destdir ];then
|
||||||
|
echo "$destdir exists"
|
||||||
|
cd $destdir
|
||||||
|
git remote set-url origin $repo
|
||||||
|
git remote update
|
||||||
|
git reset --hard
|
||||||
|
git clean -x -f
|
||||||
|
git checkout master
|
||||||
|
git reset --hard remotes/origin/master
|
||||||
|
if [[ -n "$GERRIT_REFSPEC" ]];then
|
||||||
|
git fetch origin $GERRIT_REFSPEC && git checkout FETCH_HEAD
|
||||||
|
fi
|
||||||
|
git clean -x -f
|
||||||
|
else
|
||||||
|
echo "create $destdir"
|
||||||
|
mkdir -p $destdir
|
||||||
|
git clone $repo $destdir
|
||||||
|
if [[ -n "$GERRIT_REFSPEC" ]];then
|
||||||
|
# project=$(echo $repo|rev|cut -d '/' -f 1|rev)
|
||||||
|
cd $destdir
|
||||||
|
git fetch $repo $GERRIT_REFSPEC && git checkout FETCH_HEAD
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
cd $SCRIPT_DIR
|
||||||
|
}
|
||||||
|
|
||||||
|
copylocal2dir()
|
||||||
|
{
|
||||||
|
repo=$1
|
||||||
|
destdir=$2
|
||||||
|
if [ -d $destdir ];then
|
||||||
|
echo "$destdir exists"
|
||||||
|
else
|
||||||
|
mkdir -p $destdir
|
||||||
|
fi
|
||||||
|
sudo cp -rf $repo/* $destdir
|
||||||
|
}
|
||||||
|
|
||||||
|
cd $SCRIPT_DIR
|
||||||
|
if [ "$source" != "local" ]; then
|
||||||
|
copygit2dir $WEB_SOURCE $WEB_HOME
|
||||||
|
copygit2dir $ADAPTER_SOURCE $ADAPTER_HOME
|
||||||
|
else
|
||||||
|
copylocal2dir $WEB_SOURCE $WEB_HOME
|
||||||
|
copylocal2dir $ADAPTER_SOURCE $ADAPTER_HOME
|
||||||
|
fi
|
||||||
|
|
||||||
|
# install js mvc package
|
||||||
|
wget -c --progress=bar:force -O /tmp/$JS_MVC.zip http://github.com/downloads/bitovi/javascriptmvc/$JS_MVC.zip
|
||||||
|
if [[ "$?" != "0" ]]; then
|
||||||
|
echo "failed to download $JS_MVC"
|
||||||
|
exit 1
|
||||||
|
else
|
||||||
|
echo "successfully download $JS_MVC"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -d /tmp/$JS_MVC ]; then
|
||||||
|
echo "/tmp/$JS_MVC is already unzipped"
|
||||||
|
else
|
||||||
|
sudo unzip -o /tmp/$JS_MVC.zip -d /tmp/
|
||||||
|
fi
|
||||||
|
sudo cp -rf /tmp/$JS_MVC/. $WEB_HOME/public/
|
||||||
|
|
||||||
|
# Create backup dir
|
||||||
|
sudo mkdir -p /root/backup
|
||||||
|
|
||||||
|
# update /etc/hosts
|
||||||
|
sudo cp -rn /etc/hosts /root/backup/hosts
|
||||||
|
sudo rm -f /etc/hosts
|
||||||
|
sudo cp -rf $COMPASSDIR/misc/hosts /etc/hosts
|
||||||
|
sudo sed -i "s/\$ipaddr \$hostname/$ipaddr $HOSTNAME/g" /etc/hosts
|
||||||
|
sudo chmod 644 /etc/hosts
|
||||||
|
|
||||||
|
# update rsyslog
|
||||||
|
sudo cp -rn /etc/rsyslog.conf /root/backup/
|
||||||
|
sudo rm -f /etc/rsyslog.conf
|
||||||
|
sudo cp -rf $COMPASSDIR/misc/rsyslog/rsyslog.conf /etc/rsyslog.conf
|
||||||
|
sudo chmod 644 /etc/rsyslog.conf
|
||||||
|
sudo service rsyslog restart
|
||||||
|
sudo service rsyslog status
|
||||||
|
if [[ "$?" != "0" ]]; then
|
||||||
|
echo "rsyslog is not started"
|
||||||
|
exit 1
|
||||||
|
else
|
||||||
|
echo "rsyslog conf is updated"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# update logrotate.d
|
||||||
|
sudo cp -rn /etc/logrotate.d /root/backup/
|
||||||
|
rm -f /etc/logrotate.d/*
|
||||||
|
sudo cp -rf $COMPASSDIR/misc/logrotate.d/* /etc/logrotate.d/
|
||||||
|
sudo chmod 644 /etc/logrotate.d/*
|
||||||
|
|
||||||
|
# update ntp conf
|
||||||
|
sudo cp -rn /etc/ntp.conf /root/backup/
|
||||||
|
sudo rm -f /etc/ntp.conf
|
||||||
|
sudo cp -rf $COMPASSDIR/misc/ntp/ntp.conf /etc/ntp.conf
|
||||||
|
sudo chmod 644 /etc/ntp.conf
|
||||||
|
sudo service ntpd stop
|
||||||
|
sudo ntpdate 0.centos.pool.ntp.org
|
||||||
|
sudo service ntpd start
|
||||||
|
sudo service ntpd status
|
||||||
|
if [[ "$?" != "0" ]]; then
|
||||||
|
echo "ntp is not started"
|
||||||
|
exit 1
|
||||||
|
else
|
||||||
|
echo "ntp conf is updated"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# update squid conf
|
||||||
|
sudo cp -rn /etc/squid/squid.conf /root/backup/
|
||||||
|
sudo rm -f /etc/squid/squid.conf
|
||||||
|
sudo cp $COMPASSDIR/misc/squid/squid.conf /etc/squid/
|
||||||
|
subnet_escaped=$(echo $SUBNET | sed -e 's/[\/&]/\\&/g')
|
||||||
|
sudo sed -i "s/acl localnet src \$subnet/acl localnet src $subnet_escaped/g" /etc/squid/squid.conf
|
||||||
|
sudo chmod 644 /etc/squid/squid.conf
|
||||||
|
sudo mkdir -p /var/squid/cache
|
||||||
|
sudo chown -R squid:squid /var/squid
|
||||||
|
sudo service squid restart
|
||||||
|
sudo service squid status
|
||||||
|
if [[ "$?" != "0" ]]; then
|
||||||
|
echo "squid is not started"
|
||||||
|
exit 1
|
||||||
|
else
|
||||||
|
echo "squid conf is updated"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Install net-snmp
|
||||||
|
sudo cp -rn /etc/snmp/snmp.conf /root/backup/
|
||||||
|
sudo mkdir -p /usr/local/share/snmp/
|
||||||
|
sudo cp -rf $COMPASSDIR/mibs /usr/local/share/snmp/
|
||||||
|
sudo rm -f /etc/snmp/snmp.conf
|
||||||
|
sudo cp -rf $COMPASSDIR/misc/snmp/snmp.conf /etc/snmp/snmp.conf
|
||||||
|
sudo chmod 644 /etc/snmp/snmp.conf
|
10
misc/apache/cobbler_web.conf
Normal file
10
misc/apache/cobbler_web.conf
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
# This configuration file enables the cobbler web
|
||||||
|
# interface (django version)
|
||||||
|
|
||||||
|
# Force everything to go to https
|
||||||
|
RewriteEngine on
|
||||||
|
RewriteCond %{HTTPS} off
|
||||||
|
RewriteCond %{REQUEST_URI} ^/cobbler_web
|
||||||
|
# RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
|
||||||
|
|
||||||
|
WSGIScriptAlias /cobbler_web /usr/share/cobbler/web/cobbler.wsgi
|
222
misc/apache/ssl.conf
Normal file
222
misc/apache/ssl.conf
Normal file
@ -0,0 +1,222 @@
|
|||||||
|
#
|
||||||
|
# This is the Apache server configuration file providing SSL support.
|
||||||
|
# It contains the configuration directives to instruct the server how to
|
||||||
|
# serve pages over an https connection. For detailing information about these
|
||||||
|
# directives see <URL:http://httpd.apache.org/docs/2.2/mod/mod_ssl.html>
|
||||||
|
#
|
||||||
|
# Do NOT simply read the instructions in here without understanding
|
||||||
|
# what they do. They're here only as hints or reminders. If you are unsure
|
||||||
|
# consult the online docs. You have been warned.
|
||||||
|
#
|
||||||
|
|
||||||
|
LoadModule ssl_module modules/mod_ssl.so
|
||||||
|
|
||||||
|
#
|
||||||
|
# When we also provide SSL we have to listen to the
|
||||||
|
# the HTTPS port in addition.
|
||||||
|
#
|
||||||
|
Listen 445
|
||||||
|
|
||||||
|
##
|
||||||
|
## SSL Global Context
|
||||||
|
##
|
||||||
|
## All SSL configuration in this context applies both to
|
||||||
|
## the main server and all SSL-enabled virtual hosts.
|
||||||
|
##
|
||||||
|
|
||||||
|
# Pass Phrase Dialog:
|
||||||
|
# Configure the pass phrase gathering process.
|
||||||
|
# The filtering dialog program (`builtin' is a internal
|
||||||
|
# terminal dialog) has to provide the pass phrase on stdout.
|
||||||
|
SSLPassPhraseDialog builtin
|
||||||
|
|
||||||
|
# Inter-Process Session Cache:
|
||||||
|
# Configure the SSL Session Cache: First the mechanism
|
||||||
|
# to use and second the expiring timeout (in seconds).
|
||||||
|
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
|
||||||
|
SSLSessionCacheTimeout 300
|
||||||
|
|
||||||
|
# Semaphore:
|
||||||
|
# Configure the path to the mutual exclusion semaphore the
|
||||||
|
# SSL engine uses internally for inter-process synchronization.
|
||||||
|
SSLMutex default
|
||||||
|
|
||||||
|
# Pseudo Random Number Generator (PRNG):
|
||||||
|
# Configure one or more sources to seed the PRNG of the
|
||||||
|
# SSL library. The seed data should be of good random quality.
|
||||||
|
# WARNING! On some platforms /dev/random blocks if not enough entropy
|
||||||
|
# is available. This means you then cannot use the /dev/random device
|
||||||
|
# because it would lead to very long connection times (as long as
|
||||||
|
# it requires to make more entropy available). But usually those
|
||||||
|
# platforms additionally provide a /dev/urandom device which doesn't
|
||||||
|
# block. So, if available, use this one instead. Read the mod_ssl User
|
||||||
|
# Manual for more details.
|
||||||
|
SSLRandomSeed startup file:/dev/urandom 256
|
||||||
|
SSLRandomSeed connect builtin
|
||||||
|
#SSLRandomSeed startup file:/dev/random 512
|
||||||
|
#SSLRandomSeed connect file:/dev/random 512
|
||||||
|
#SSLRandomSeed connect file:/dev/urandom 512
|
||||||
|
|
||||||
|
#
|
||||||
|
# Use "SSLCryptoDevice" to enable any supported hardware
|
||||||
|
# accelerators. Use "openssl engine -v" to list supported
|
||||||
|
# engine names. NOTE: If you enable an accelerator and the
|
||||||
|
# server does not start, consult the error logs and ensure
|
||||||
|
# your accelerator is functioning properly.
|
||||||
|
#
|
||||||
|
SSLCryptoDevice builtin
|
||||||
|
#SSLCryptoDevice ubsec
|
||||||
|
|
||||||
|
##
|
||||||
|
## SSL Virtual Host Context
|
||||||
|
##
|
||||||
|
|
||||||
|
<VirtualHost _default_:445>
|
||||||
|
|
||||||
|
# General setup for the virtual host, inherited from global configuration
|
||||||
|
#DocumentRoot "/var/www/html"
|
||||||
|
#ServerName www.example.com:443
|
||||||
|
|
||||||
|
# Use separate log files for the SSL virtual host; note that LogLevel
|
||||||
|
# is not inherited from httpd.conf.
|
||||||
|
ErrorLog logs/ssl_error_log
|
||||||
|
TransferLog logs/ssl_access_log
|
||||||
|
LogLevel warn
|
||||||
|
|
||||||
|
# SSL Engine Switch:
|
||||||
|
# Enable/Disable SSL for this virtual host.
|
||||||
|
SSLEngine on
|
||||||
|
|
||||||
|
# SSL Protocol support:
|
||||||
|
# List the enable protocol levels with which clients will be able to
|
||||||
|
# connect. Disable SSLv2 access by default:
|
||||||
|
SSLProtocol all -SSLv2
|
||||||
|
|
||||||
|
# SSL Cipher Suite:
|
||||||
|
# List the ciphers that the client is permitted to negotiate.
|
||||||
|
# See the mod_ssl documentation for a complete list.
|
||||||
|
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
|
||||||
|
|
||||||
|
# Server Certificate:
|
||||||
|
# Point SSLCertificateFile at a PEM encoded certificate. If
|
||||||
|
# the certificate is encrypted, then you will be prompted for a
|
||||||
|
# pass phrase. Note that a kill -HUP will prompt again. A new
|
||||||
|
# certificate can be generated using the genkey(1) command.
|
||||||
|
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
|
||||||
|
|
||||||
|
# Server Private Key:
|
||||||
|
# If the key is not combined with the certificate, use this
|
||||||
|
# directive to point at the key file. Keep in mind that if
|
||||||
|
# you've both a RSA and a DSA private key you can configure
|
||||||
|
# both in parallel (to also allow the use of DSA ciphers, etc.)
|
||||||
|
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
|
||||||
|
|
||||||
|
# Server Certificate Chain:
|
||||||
|
# Point SSLCertificateChainFile at a file containing the
|
||||||
|
# concatenation of PEM encoded CA certificates which form the
|
||||||
|
# certificate chain for the server certificate. Alternatively
|
||||||
|
# the referenced file can be the same as SSLCertificateFile
|
||||||
|
# when the CA certificates are directly appended to the server
|
||||||
|
# certificate for convinience.
|
||||||
|
#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
|
||||||
|
|
||||||
|
# Certificate Authority (CA):
|
||||||
|
# Set the CA certificate verification path where to find CA
|
||||||
|
# certificates for client authentication or alternatively one
|
||||||
|
# huge file containing all of them (file must be PEM encoded)
|
||||||
|
#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
|
||||||
|
|
||||||
|
# Client Authentication (Type):
|
||||||
|
# Client certificate verification type and depth. Types are
|
||||||
|
# none, optional, require and optional_no_ca. Depth is a
|
||||||
|
# number which specifies how deeply to verify the certificate
|
||||||
|
# issuer chain before deciding the certificate is not valid.
|
||||||
|
#SSLVerifyClient require
|
||||||
|
#SSLVerifyDepth 10
|
||||||
|
|
||||||
|
# Access Control:
|
||||||
|
# With SSLRequire you can do per-directory access control based
|
||||||
|
# on arbitrary complex boolean expressions containing server
|
||||||
|
# variable checks and other lookup directives. The syntax is a
|
||||||
|
# mixture between C and Perl. See the mod_ssl documentation
|
||||||
|
# for more details.
|
||||||
|
#<Location />
|
||||||
|
#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
|
||||||
|
# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
|
||||||
|
# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
|
||||||
|
# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
|
||||||
|
# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
|
||||||
|
# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
|
||||||
|
#</Location>
|
||||||
|
|
||||||
|
# SSL Engine Options:
|
||||||
|
# Set various options for the SSL engine.
|
||||||
|
# o FakeBasicAuth:
|
||||||
|
# Translate the client X.509 into a Basic Authorisation. This means that
|
||||||
|
# the standard Auth/DBMAuth methods can be used for access control. The
|
||||||
|
# user name is the `one line' version of the client's X.509 certificate.
|
||||||
|
# Note that no password is obtained from the user. Every entry in the user
|
||||||
|
# file needs this password: `xxj31ZMTZzkVA'.
|
||||||
|
# o ExportCertData:
|
||||||
|
# This exports two additional environment variables: SSL_CLIENT_CERT and
|
||||||
|
# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
|
||||||
|
# server (always existing) and the client (only existing when client
|
||||||
|
# authentication is used). This can be used to import the certificates
|
||||||
|
# into CGI scripts.
|
||||||
|
# o StdEnvVars:
|
||||||
|
# This exports the standard SSL/TLS related `SSL_*' environment variables.
|
||||||
|
# Per default this exportation is switched off for performance reasons,
|
||||||
|
# because the extraction step is an expensive operation and is usually
|
||||||
|
# useless for serving static content. So one usually enables the
|
||||||
|
# exportation for CGI and SSI requests only.
|
||||||
|
# o StrictRequire:
|
||||||
|
# This denies access when "SSLRequireSSL" or "SSLRequire" applied even
|
||||||
|
# under a "Satisfy any" situation, i.e. when it applies access is denied
|
||||||
|
# and no other module can change it.
|
||||||
|
# o OptRenegotiate:
|
||||||
|
# This enables optimized SSL connection renegotiation handling when SSL
|
||||||
|
# directives are used in per-directory context.
|
||||||
|
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
|
||||||
|
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
|
||||||
|
SSLOptions +StdEnvVars
|
||||||
|
</Files>
|
||||||
|
<Directory "/var/www/cgi-bin">
|
||||||
|
SSLOptions +StdEnvVars
|
||||||
|
</Directory>
|
||||||
|
|
||||||
|
# SSL Protocol Adjustments:
|
||||||
|
# The safe and default but still SSL/TLS standard compliant shutdown
|
||||||
|
# approach is that mod_ssl sends the close notify alert but doesn't wait for
|
||||||
|
# the close notify alert from client. When you need a different shutdown
|
||||||
|
# approach you can use one of the following variables:
|
||||||
|
# o ssl-unclean-shutdown:
|
||||||
|
# This forces an unclean shutdown when the connection is closed, i.e. no
|
||||||
|
# SSL close notify alert is send or allowed to received. This violates
|
||||||
|
# the SSL/TLS standard but is needed for some brain-dead browsers. Use
|
||||||
|
# this when you receive I/O errors because of the standard approach where
|
||||||
|
# mod_ssl sends the close notify alert.
|
||||||
|
# o ssl-accurate-shutdown:
|
||||||
|
# This forces an accurate shutdown when the connection is closed, i.e. a
|
||||||
|
# SSL close notify alert is send and mod_ssl waits for the close notify
|
||||||
|
# alert of the client. This is 100% SSL/TLS standard compliant, but in
|
||||||
|
# practice often causes hanging connections with brain-dead browsers. Use
|
||||||
|
# this only for browsers where you know that their SSL implementation
|
||||||
|
# works correctly.
|
||||||
|
# Notice: Most problems of broken clients are also related to the HTTP
|
||||||
|
# keep-alive facility, so you usually additionally want to disable
|
||||||
|
# keep-alive for those clients, too. Use variable "nokeepalive" for this.
|
||||||
|
# Similarly, one has to force some clients to use HTTP/1.0 to workaround
|
||||||
|
# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
|
||||||
|
# "force-response-1.0" for this.
|
||||||
|
SetEnvIf User-Agent ".*MSIE.*" \
|
||||||
|
nokeepalive ssl-unclean-shutdown \
|
||||||
|
downgrade-1.0 force-response-1.0
|
||||||
|
|
||||||
|
# Per-Server Logging:
|
||||||
|
# The home of a custom SSL log file. Use this when you want a
|
||||||
|
# compact non-error SSL logfile on a virtual host basis.
|
||||||
|
CustomLog logs/ssl_request_log \
|
||||||
|
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
|
||||||
|
|
||||||
|
</VirtualHost>
|
||||||
|
|
4
misc/chef-server/chef-server.rb
Normal file
4
misc/chef-server/chef-server.rb
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
nginx['non_ssl_port'] = 8080
|
||||||
|
nginx['enable_non_ssl'] = true
|
||||||
|
nginx['ssl_port'] = 443
|
||||||
|
nginx['url'] = "https://#{node['fqdn']}"
|
3
misc/hosts
Normal file
3
misc/hosts
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
|
||||||
|
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
|
||||||
|
$ipaddr $hostname
|
9
misc/logrotate.d/httpd
Normal file
9
misc/logrotate.d/httpd
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
/var/log/httpd/*log {
|
||||||
|
missingok
|
||||||
|
notifempty
|
||||||
|
sharedscripts
|
||||||
|
delaycompress
|
||||||
|
postrotate
|
||||||
|
/sbin/service httpd reload > /dev/null 2>/dev/null || true
|
||||||
|
endscript
|
||||||
|
}
|
9
misc/logrotate.d/ntp
Normal file
9
misc/logrotate.d/ntp
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
/var/log/ntp.log {
|
||||||
|
missingok
|
||||||
|
notifempty
|
||||||
|
sharedscripts
|
||||||
|
delaycompress
|
||||||
|
postrotate
|
||||||
|
/sbin/service ntpd reload > /dev/null 2>/dev/null || true
|
||||||
|
endscript
|
||||||
|
}
|
9
misc/logrotate.d/squid
Normal file
9
misc/logrotate.d/squid
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
/var/log/squid/*log {
|
||||||
|
missingok
|
||||||
|
notifempty
|
||||||
|
sharedscripts
|
||||||
|
delaycompress
|
||||||
|
postrotate
|
||||||
|
/sbin/service squid reload > /dev/null 2>/dev/null || true
|
||||||
|
endscript
|
||||||
|
}
|
13
misc/logrotate.d/syslog
Normal file
13
misc/logrotate.d/syslog
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
/var/log/cron
|
||||||
|
/var/log/maillog
|
||||||
|
/var/log/messages
|
||||||
|
/var/log/secure
|
||||||
|
/var/log/spooler
|
||||||
|
/var/log/dhcpd.log
|
||||||
|
/var/log/tftpd.log
|
||||||
|
{
|
||||||
|
sharedscripts
|
||||||
|
postrotate
|
||||||
|
/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
|
||||||
|
endscript
|
||||||
|
}
|
7
misc/logrotate.d/yum
Normal file
7
misc/logrotate.d/yum
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
/var/log/yum.log {
|
||||||
|
missingok
|
||||||
|
notifempty
|
||||||
|
size 30k
|
||||||
|
yearly
|
||||||
|
create 0600 root root
|
||||||
|
}
|
60
misc/ntp/ntp.conf
Normal file
60
misc/ntp/ntp.conf
Normal file
@ -0,0 +1,60 @@
|
|||||||
|
# For more information about this file, see the man pages
|
||||||
|
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
|
||||||
|
|
||||||
|
driftfile /var/lib/ntp/drift
|
||||||
|
|
||||||
|
logfile /var/log/ntp.log
|
||||||
|
|
||||||
|
# Permit time synchronization with our time source, but do not
|
||||||
|
# permit the source to query or modify the service on this system.
|
||||||
|
restrict default kod nomodify notrap nopeer noquery
|
||||||
|
restrict -6 default kod nomodify notrap nopeer noquery
|
||||||
|
|
||||||
|
# Permit all access over the loopback interface. This could
|
||||||
|
# be tightened as well, but to do so would effect some of
|
||||||
|
# the administrative functions.
|
||||||
|
restrict 127.0.0.1
|
||||||
|
restrict -6 ::1
|
||||||
|
|
||||||
|
# Hosts on local network are less restricted.
|
||||||
|
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
|
||||||
|
|
||||||
|
# Use public servers from the pool.ntp.org project.
|
||||||
|
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
|
||||||
|
server 0.centos.pool.ntp.org iburst
|
||||||
|
server 1.centos.pool.ntp.org iburst
|
||||||
|
server 2.centos.pool.ntp.org iburst
|
||||||
|
server 3.centos.pool.ntp.org iburst
|
||||||
|
|
||||||
|
#broadcast 192.168.1.255 autokey # broadcast server
|
||||||
|
#broadcastclient # broadcast client
|
||||||
|
#broadcast 224.0.1.1 autokey # multicast server
|
||||||
|
#multicastclient 224.0.1.1 # multicast client
|
||||||
|
#manycastserver 239.255.254.254 # manycast server
|
||||||
|
#manycastclient 239.255.254.254 autokey # manycast client
|
||||||
|
|
||||||
|
# Undisciplined Local Clock. This is a fake driver intended for backup
|
||||||
|
# and when no outside source of synchronized time is available.
|
||||||
|
server 127.127.1.0 # local clock
|
||||||
|
#fudge 127.127.1.0 stratum 10
|
||||||
|
|
||||||
|
# Enable public key cryptography.
|
||||||
|
#crypto
|
||||||
|
|
||||||
|
includefile /etc/ntp/crypto/pw
|
||||||
|
|
||||||
|
# Key file containing the keys and key identifiers used when operating
|
||||||
|
# with symmetric key cryptography.
|
||||||
|
keys /etc/ntp/keys
|
||||||
|
|
||||||
|
# Specify the key identifiers which are trusted.
|
||||||
|
#trustedkey 4 8 42
|
||||||
|
|
||||||
|
# Specify the key identifier to use with the ntpdc utility.
|
||||||
|
#requestkey 8
|
||||||
|
|
||||||
|
# Specify the key identifier to use with the ntpq utility.
|
||||||
|
#controlkey 8
|
||||||
|
|
||||||
|
# Enable writing of statistics records.
|
||||||
|
#statistics clockstats cryptostats loopstats peerstats
|
94
misc/rsyslog/rsyslog.conf
Normal file
94
misc/rsyslog/rsyslog.conf
Normal file
@ -0,0 +1,94 @@
|
|||||||
|
# rsyslog v5 configuration file
|
||||||
|
|
||||||
|
# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
|
||||||
|
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html
|
||||||
|
|
||||||
|
#### MODULES ####
|
||||||
|
|
||||||
|
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
|
||||||
|
$ModLoad imklog # provides kernel logging support (previously done by rklogd)
|
||||||
|
#$ModLoad immark # provides --MARK-- message capability
|
||||||
|
|
||||||
|
# Provides UDP syslog reception
|
||||||
|
#$ModLoad imudp
|
||||||
|
#$UDPServerRun 514
|
||||||
|
|
||||||
|
# Provides TCP syslog reception
|
||||||
|
$ModLoad imtcp
|
||||||
|
$InputTCPServerRun 514
|
||||||
|
|
||||||
|
|
||||||
|
$WorkDirectory /var/lib/rsyslog
|
||||||
|
|
||||||
|
# Added for chef logfiles
|
||||||
|
$template Chef_log,"/var/log/cobbler/anamon/%hostname%/chef-client.log"
|
||||||
|
$template Raw, "%rawmsg%"
|
||||||
|
|
||||||
|
#### GLOBAL DIRECTIVES ####
|
||||||
|
|
||||||
|
# Use default timestamp format
|
||||||
|
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
|
||||||
|
|
||||||
|
# File syncing capability is disabled by default. This feature is usually not required,
|
||||||
|
# not useful and an extreme performance hit
|
||||||
|
#$ActionFileEnableSync on
|
||||||
|
|
||||||
|
# Include all config files in /etc/rsyslog.d/
|
||||||
|
$IncludeConfig /etc/rsyslog.d/*.conf
|
||||||
|
|
||||||
|
|
||||||
|
#### RULES ####
|
||||||
|
|
||||||
|
# Log all kernel messages to the console.
|
||||||
|
# Logging much else clutters up the screen.
|
||||||
|
#kern.* /dev/console
|
||||||
|
|
||||||
|
# Log anything (except mail) of level info or higher.
|
||||||
|
# Don't log private authentication messages!
|
||||||
|
syslog.*,daemon.* /var/log/messages
|
||||||
|
|
||||||
|
# The authpriv file has restricted access.
|
||||||
|
authpriv.* /var/log/secure
|
||||||
|
|
||||||
|
# Log all the mail messages in one place.
|
||||||
|
mail.* -/var/log/maillog
|
||||||
|
|
||||||
|
|
||||||
|
# Log cron stuff
|
||||||
|
cron.* /var/log/cron
|
||||||
|
|
||||||
|
# Log dhcpd
|
||||||
|
local6.* /var/log/dhcpd.log
|
||||||
|
|
||||||
|
# Log tftpd
|
||||||
|
local5.* /var/log/tftpd.log
|
||||||
|
|
||||||
|
# Everybody gets emergency messages
|
||||||
|
*.emerg *
|
||||||
|
|
||||||
|
# Save news errors of level crit and higher in a special file.
|
||||||
|
uucp,news.crit /var/log/spooler
|
||||||
|
|
||||||
|
# Save boot messages also to boot.log
|
||||||
|
local7.* /var/log/boot.log
|
||||||
|
|
||||||
|
|
||||||
|
local3.* -?Chef_log
|
||||||
|
|
||||||
|
# ### begin forwarding rule ###
|
||||||
|
# The statement between the begin ... end define a SINGLE forwarding
|
||||||
|
# rule. They belong together, do NOT split them. If you create multiple
|
||||||
|
# forwarding rules, duplicate the whole block!
|
||||||
|
# Remote Logging (we use TCP for reliable delivery)
|
||||||
|
#
|
||||||
|
# An on-disk queue is created for this action. If the remote host is
|
||||||
|
# down, messages are spooled to disk and sent when it is up again.
|
||||||
|
#$WorkDirectory /var/lib/rsyslog # where to place spool files
|
||||||
|
#$ActionQueueFileName fwdRule1 # unique name prefix for spool files
|
||||||
|
#$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
|
||||||
|
#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
|
||||||
|
#$ActionQueueType LinkedList # run asynchronously
|
||||||
|
#$ActionResumeRetryCount -1 # infinite retries if host is down
|
||||||
|
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
|
||||||
|
#*.* @@remote-host:514
|
||||||
|
# ### end of the forwarding rule ###
|
1
misc/snmp/snmp.conf
Normal file
1
misc/snmp/snmp.conf
Normal file
@ -0,0 +1 @@
|
|||||||
|
mibdirs +/usr/local/share/snmp/mibs
|
@ -8,6 +8,7 @@ acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
|
|||||||
# Example rule allowing access from your local networks.
|
# Example rule allowing access from your local networks.
|
||||||
# Adapt to list your (internal) IP networks from where browsing
|
# Adapt to list your (internal) IP networks from where browsing
|
||||||
# should be allowed
|
# should be allowed
|
||||||
|
acl localnet src $subnet # the subnet of local network
|
||||||
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
|
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
|
||||||
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
|
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
|
||||||
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
|
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
|
||||||
@ -55,8 +56,7 @@ cache_dir aufs /var/squid/cache 25000 16 256
|
|||||||
|
|
||||||
cache_store_log /var/log/squid/store.log
|
cache_store_log /var/log/squid/store.log
|
||||||
|
|
||||||
logformat squid %tl %6tr %>a %Ss/%>Hs %<st %rm %ru %<A %mt %>h %<h
|
access_log none
|
||||||
access_log /var/log/squid/access.log squid
|
|
||||||
vary_ignore_expire on
|
vary_ignore_expire on
|
||||||
|
|
||||||
# Leave coredumps in the first cache dir
|
# Leave coredumps in the first cache dir
|
||||||
|
Loading…
Reference in New Issue
Block a user