Vultour/labrt-install-full.sh

## labrt-install-full.sh
#!/bin/bash
set -x
set -e


# ==========
# INITIAL SETUP
# ==========
echo "127.0.0.1   labrt.local puppet" >> /etc/hosts

yum update -y
yum install -y vim

systemctl stop NetworkManager
systemctl start network
systemctl disable NetworkManager
systemctl enable network
yum remove -y NetworkManager


# ==========
# LIBVIRT SETUP
# ==========
yum install -y libvirt qemu-kvm qemu-kvm-tools qemu-kvm-common virt-install

systemctl enable libvirtd
systemctl start libvirtd

# Create default storage pool
mkdir -p /opt/virt/machines
cat <<EOF > /root/default-storage-pool.xml
<pool type='dir'>
  <name>machines</name>
  <target>
    <path>/opt/virt/machines</path>
  </target>
</pool>
EOF
virsh pool-define /root/default-storage-pool.xml
virsh pool-autostart machines
virsh pool-start machines

mkdir -p /var/lib/tftpboot

# Create default bridged network
virsh net-destroy default
virsh net-undefine default
systemctl restart network
cat <<EOF > /etc/libvirt/qemu/networks/default.xml
<network>
  <name>default</name>
  <uuid>2837a98f-1fca-ef21-a908-103afce736af</uuid>
  <forward mode='nat' />
  <bridge name='virbr0' stp='on' delay='0' />
  <mac address='DE:AD:BE:EF:00:00' />
  <ip address='192.168.0.1' netmask='255.255.255.0'>
    <tftp root='/var/lib/tftpboot' />
    <dhcp>
      <range start='192.168.0.50' end='192.168.0.100' />
      <bootp file='pxelinux.0' />
    </dhcp>
  </ip>
</network>
EOF
virsh net-define /etc/libvirt/qemu/networks/default.xml
virsh net-start default
virsh net-autostart default
systemctl restart network


# ==========
# TLS CERTIFICATES FOR REMOTE LIBVIRT CONNECTIONS
# ==========
TLS_HOSTNAME='labrt.local'
CA_KEY='/root/tls-ca-privatekey.pem'
CA_CERT='/etc/pki/CA/cacert.pem'
CA_TEMPLATE='/tmp/ca.info'
SERVER_TEMPLATE='/tmp/server.info'
CLIENT_TEMPLATE='/tmp/client.info'
LIBVIRT_SERVERKEY='/etc/pki/libvirt/private/serverkey.pem'
LIBVIRT_SERVERCERT='/etc/pki/libvirt/servercert.pem'
LIBVIRT_CLIENTKEY='/etc/pki/libvirt/private/clientkey.pem'
LIBVIRT_CLIENTCERT='/etc/pki/libvirt/clientcert.pem'

mkdir -p $(dirname "$CA_CERT")
mkdir -p $(dirname "$LIBVIRT_SERVERKEY")

# Certificate authority
certtool --generate-privkey > $CA_KEY

cat <<EOF > $CA_TEMPLATE
cn = $TLS_HOSTNAME
ca
cert_signing_key
EOF

certtool \
    --generate-self-signed \
    --load-privkey $CA_KEY \
    --template $CA_TEMPLATE\
    --outfile $CA_CERT

# Server certificate
certtool --generate-privkey > $LIBVIRT_SERVERKEY

cat <<EOF > $SERVER_TEMPLATE
organization = Lab Inc
cn = $TLS_HOSTNAME
tls_www_server
encryption_key
signing_key
EOF

certtool \
    --generate-certificate \
    --load-privkey $LIBVIRT_SERVERKEY \
    --load-ca-certificate $CA_CERT \
    --load-ca-privkey $CA_KEY \
    --template $SERVER_TEMPLATE \
    --outfile $LIBVIRT_SERVERCERT

# Client certificate
certtool --generate-privkey > $LIBVIRT_CLIENTKEY

cat <<EOF > $CLIENT_TEMPLATE
country = GB
state = London
locality = London
organization = Red Hat
cn = $HOSTNAME
tls_www_client
encryption_key
signing_key
EOF

certtool \
    --generate-certificate \
    --load-privkey $LIBVIRT_CLIENTKEY \
    --load-ca-certificate $CA_CERT \
    --load-ca-privkey $CA_KEY \
    --template $CLIENT_TEMPLATE \
    --outfile $LIBVIRT_CLIENTCERT

# Cleanup
shred -zun 25 $CA_TEMPLATE
shred -zun 25 $SERVER_TEMPLATE
shred -zun 25 $CLIENT_TEMPLATE

# Enable TLS connections in libvirt
echo "" >> /etc/sysconfig/libvirt
echo "LIBVIRTD_ARGS='--listen'" >> /etc/sysconfig/libvirtd
systemctl restart libvirtd


# ==========
# FOREMAN SETUP
# ==========
rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-pc1-el-7.noarch.rpm
yum -y install epel-release https://yum.theforeman.org/releases/1.12/el7/x86_64/foreman-release.rpm

yum -y install foreman-installer

foreman-installer \
  --foreman-admin-password password \
  --foreman-unattended true \
  --foreman-cli-password password

/opt/puppetlabs/bin/puppet agent --test

yum -y install foreman-libvirt

# Local OS images
mkdir -p /opt/virt/os/mnt
yum install -y vsftpd
cat <<EOF > /etc/vsftpd/vsftpd.conf
anonymous_enable=YES
local_enable=NO
write_enable=NO
anon_upload_enable=NO
anon_mkdir_write_enable=NO
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
xferlog_file=/var/log/vsftpd-xferlog
anon_root=/opt/virt/os/mnt
EOF
systemctl enable vsftpd
systemctl restart vsftpd

mkdir -p /opt/virt/os/mnt/centos-7
wget -O /opt/virt/os/centos7.iso http://mirror.ox.ac.uk/sites/mirror.centos.org/7/isos/x86_64/CentOS-7-x86_64-Minimal-1511.iso
echo "/opt/virt/os/centos7.iso /opt/virt/os/mnt/centos-7 iso9660 ro,fscontext=unconfined_u:object_r:usr_t:s0,relatime 0 0" >> /etc/fstab

mount -a

# Set unattended URL to current IP as there's no DNS yet
hammer settings set \
    --name unattended_url \
    --value "http://$(ip a | grep -E 'inet\s' | awk 'NR==2' | grep -oE '([0-9]{1,3}\.){3}[0-9]{1,3}/[0-9]+' | grep -oE '^[^/]*')"

hammer subnet create \
    --boot-mode Static \
    --dns-primary 192.168.0.2 \
    --dns-secondary 8.8.8.8 \
    --gateway 192.168.0.1 \
    --mask 255.255.255.0 \
    --name labroot \
    --network 192.168.0.0 \
    --domains local

hammer compute-resource create \
    --description "LABRT-Libvirt"\
    --display-type VNC \
    --name LABRT-libvirt \
    --provider Libvirt \
    --set-console-password "" \
    --url "qemu://labrt.local/system"

hammer medium create \
    --name 'centos-7-local' \
    --os-family Redhat \
    --path ftp://$(ip a | grep -E 'inet\s' | awk 'NR==2' | grep -oE '([0-9]{1,3}\.){3}[0-9]{1,3}/[0-9]+' | grep -oE '^[^/]*')/mnt/centos-7

hammer os create \
    --name centos-7 \
    --description "centos-7" \
    --major 7 \
    --family Redhat \
    --media "centos-7-local,CentOS mirror" \
    --partition-tables "Kickstart default" \
    --architectures x86_64 \
    --provisioning-templates "Kickstart default,Kickstart default finish,Kickstart default iPXE,Kickstart default PXELinux"

hammer hostgroup create \
    --architecture x86_64 \
    --ask-root-pass no \
    --domain local \
    --environment production \
    --medium "centos-7-local" \
    --name "LABRT-default-prod" \
    --operatingsystem "centos-7" \
    --partition-table "Kickstart default" \
    --puppet-ca-proxy labrt.local \
    --puppet-proxy labrt.local \
    --root-pass password \
    --subnet labroot

# Smart proxy setup
cat <<EOF >> /etc/foreman-proxy/settings.yml
:tftp: true
:tftproot: /var/tftpboot
:tftp_servername: 192.168.0.1
:dns: true
:dns_provider: virsh
:dhcp: true
:dhcp_vendor: virsh
:virsh_network: default
EOF

systemctl restart foreman
systemctl restart foreman-proxy
systemctl restart httpd


# ==========
# Docker
# ==========
cat <<EOF > /etc/yum.repos.d/docker.repo
[dockerrepo]
name=Docker Repository
baseurl=https://yum.dockerproject.org/repo/main/centos/7/
enabled=1
gpgcheck=1
gpgkey=https://yum.dockerproject.org/gpg
EOF
yum install -y docker-engine
systemctl enable docker
systemctl start docker
	#!/bin/bash
	set -x
	set -e


	# ==========
	# INITIAL SETUP
	# ==========
	echo "127.0.0.1 labrt.local puppet" >> /etc/hosts

	yum update -y
	yum install -y vim

	systemctl stop NetworkManager
	systemctl start network
	systemctl disable NetworkManager
	systemctl enable network
	yum remove -y NetworkManager


	# ==========
	# LIBVIRT SETUP
	# ==========
	yum install -y libvirt qemu-kvm qemu-kvm-tools qemu-kvm-common virt-install

	systemctl enable libvirtd
	systemctl start libvirtd

	# Create default storage pool
	mkdir -p /opt/virt/machines
	cat <<EOF > /root/default-storage-pool.xml
	<pool type='dir'>
	<name>machines</name>
	<target>
	<path>/opt/virt/machines</path>
	</target>
	</pool>
	EOF
	virsh pool-define /root/default-storage-pool.xml
	virsh pool-autostart machines
	virsh pool-start machines

	mkdir -p /var/lib/tftpboot

	# Create default bridged network
	virsh net-destroy default
	virsh net-undefine default
	systemctl restart network
	cat <<EOF > /etc/libvirt/qemu/networks/default.xml
	<network>
	<name>default</name>
	<uuid>2837a98f-1fca-ef21-a908-103afce736af</uuid>
	<forward mode='nat' />
	<bridge name='virbr0' stp='on' delay='0' />
	<mac address='DE:AD:BE:EF:00:00' />
	<ip address='192.168.0.1' netmask='255.255.255.0'>
	<tftp root='/var/lib/tftpboot' />
	<dhcp>
	<range start='192.168.0.50' end='192.168.0.100' />
	<bootp file='pxelinux.0' />
	</dhcp>
	</ip>
	</network>
	EOF
	virsh net-define /etc/libvirt/qemu/networks/default.xml
	virsh net-start default
	virsh net-autostart default
	systemctl restart network


	# ==========
	# TLS CERTIFICATES FOR REMOTE LIBVIRT CONNECTIONS
	# ==========
	TLS_HOSTNAME='labrt.local'
	CA_KEY='/root/tls-ca-privatekey.pem'
	CA_CERT='/etc/pki/CA/cacert.pem'
	CA_TEMPLATE='/tmp/ca.info'
	SERVER_TEMPLATE='/tmp/server.info'
	CLIENT_TEMPLATE='/tmp/client.info'
	LIBVIRT_SERVERKEY='/etc/pki/libvirt/private/serverkey.pem'
	LIBVIRT_SERVERCERT='/etc/pki/libvirt/servercert.pem'
	LIBVIRT_CLIENTKEY='/etc/pki/libvirt/private/clientkey.pem'
	LIBVIRT_CLIENTCERT='/etc/pki/libvirt/clientcert.pem'

	mkdir -p $(dirname "$CA_CERT")
	mkdir -p $(dirname "$LIBVIRT_SERVERKEY")

	# Certificate authority
	certtool --generate-privkey > $CA_KEY

	cat <<EOF > $CA_TEMPLATE
	cn = $TLS_HOSTNAME
	ca
	cert_signing_key
	EOF

	certtool \
	--generate-self-signed \
	--load-privkey $CA_KEY \
	--template $CA_TEMPLATE\
	--outfile $CA_CERT

	# Server certificate
	certtool --generate-privkey > $LIBVIRT_SERVERKEY

	cat <<EOF > $SERVER_TEMPLATE
	organization = Lab Inc
	cn = $TLS_HOSTNAME
	tls_www_server
	encryption_key
	signing_key
	EOF

	certtool \
	--generate-certificate \
	--load-privkey $LIBVIRT_SERVERKEY \
	--load-ca-certificate $CA_CERT \
	--load-ca-privkey $CA_KEY \
	--template $SERVER_TEMPLATE \
	--outfile $LIBVIRT_SERVERCERT

	# Client certificate
	certtool --generate-privkey > $LIBVIRT_CLIENTKEY

	cat <<EOF > $CLIENT_TEMPLATE
	country = GB
	state = London
	locality = London
	organization = Red Hat
	cn = $HOSTNAME
	tls_www_client
	encryption_key
	signing_key
	EOF

	certtool \
	--generate-certificate \
	--load-privkey $LIBVIRT_CLIENTKEY \
	--load-ca-certificate $CA_CERT \
	--load-ca-privkey $CA_KEY \
	--template $CLIENT_TEMPLATE \
	--outfile $LIBVIRT_CLIENTCERT

	# Cleanup
	shred -zun 25 $CA_TEMPLATE
	shred -zun 25 $SERVER_TEMPLATE
	shred -zun 25 $CLIENT_TEMPLATE

	# Enable TLS connections in libvirt
	echo "" >> /etc/sysconfig/libvirt
	echo "LIBVIRTD_ARGS='--listen'" >> /etc/sysconfig/libvirtd
	systemctl restart libvirtd


	# ==========
	# FOREMAN SETUP
	# ==========
	rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-pc1-el-7.noarch.rpm
	yum -y install epel-release https://yum.theforeman.org/releases/1.12/el7/x86_64/foreman-release.rpm

	yum -y install foreman-installer

	foreman-installer \
	--foreman-admin-password password \
	--foreman-unattended true \
	--foreman-cli-password password

	/opt/puppetlabs/bin/puppet agent --test

	yum -y install foreman-libvirt

	# Local OS images
	mkdir -p /opt/virt/os/mnt
	yum install -y vsftpd
	cat <<EOF > /etc/vsftpd/vsftpd.conf
	anonymous_enable=YES
	local_enable=NO
	write_enable=NO
	anon_upload_enable=NO
	anon_mkdir_write_enable=NO
	xferlog_enable=YES
	connect_from_port_20=YES
	xferlog_std_format=YES
	xferlog_file=/var/log/vsftpd-xferlog
	anon_root=/opt/virt/os/mnt
	EOF
	systemctl enable vsftpd
	systemctl restart vsftpd

	mkdir -p /opt/virt/os/mnt/centos-7
	wget -O /opt/virt/os/centos7.iso http://mirror.ox.ac.uk/sites/mirror.centos.org/7/isos/x86_64/CentOS-7-x86_64-Minimal-1511.iso
	echo "/opt/virt/os/centos7.iso /opt/virt/os/mnt/centos-7 iso9660 ro,fscontext=unconfined_u:object_r:usr_t:s0,relatime 0 0" >> /etc/fstab

	mount -a

	# Set unattended URL to current IP as there's no DNS yet
	hammer settings set \
	--name unattended_url \
	--value "http://$(ip a \| grep -E 'inet\s' \| awk 'NR==2' \| grep -oE '([0-9]{1,3}\.){3}[0-9]{1,3}/[0-9]+' \| grep -oE '^[^/]*')"

	hammer subnet create \
	--boot-mode Static \
	--dns-primary 192.168.0.2 \
	--dns-secondary 8.8.8.8 \
	--gateway 192.168.0.1 \
	--mask 255.255.255.0 \
	--name labroot \
	--network 192.168.0.0 \
	--domains local

	hammer compute-resource create \
	--description "LABRT-Libvirt"\
	--display-type VNC \
	--name LABRT-libvirt \
	--provider Libvirt \
	--set-console-password "" \
	--url "qemu://labrt.local/system"

	hammer medium create \
	--name 'centos-7-local' \
	--os-family Redhat \
	--path ftp://$(ip a \| grep -E 'inet\s' \| awk 'NR==2' \| grep -oE '([0-9]{1,3}\.){3}[0-9]{1,3}/[0-9]+' \| grep -oE '^[^/]*')/mnt/centos-7

	hammer os create \
	--name centos-7 \
	--description "centos-7" \
	--major 7 \
	--family Redhat \
	--media "centos-7-local,CentOS mirror" \
	--partition-tables "Kickstart default" \
	--architectures x86_64 \
	--provisioning-templates "Kickstart default,Kickstart default finish,Kickstart default iPXE,Kickstart default PXELinux"

	hammer hostgroup create \
	--architecture x86_64 \
	--ask-root-pass no \
	--domain local \
	--environment production \
	--medium "centos-7-local" \
	--name "LABRT-default-prod" \
	--operatingsystem "centos-7" \
	--partition-table "Kickstart default" \
	--puppet-ca-proxy labrt.local \
	--puppet-proxy labrt.local \
	--root-pass password \
	--subnet labroot

	# Smart proxy setup
	cat <<EOF >> /etc/foreman-proxy/settings.yml
	:tftp: true
	:tftproot: /var/tftpboot
	:tftp_servername: 192.168.0.1
	:dns: true
	:dns_provider: virsh
	:dhcp: true
	:dhcp_vendor: virsh
	:virsh_network: default
	EOF

	systemctl restart foreman
	systemctl restart foreman-proxy
	systemctl restart httpd


	# ==========
	# Docker
	# ==========
	cat <<EOF > /etc/yum.repos.d/docker.repo
	[dockerrepo]
	name=Docker Repository
	baseurl=https://yum.dockerproject.org/repo/main/centos/7/
	enabled=1
	gpgcheck=1
	gpgkey=https://yum.dockerproject.org/gpg
	EOF
	yum install -y docker-engine
	systemctl enable docker
	systemctl start docker