Skip to content

Instantly share code, notes, and snippets.

@enakai00

enakai00/f18_bokan_setup.sh

Last active December 27, 2015 19:49
Show Gist options
  • Save enakai00/7380229 to your computer and use it in GitHub Desktop.
Save enakai00/7380229 to your computer and use it in GitHub Desktop.
Download ZIP
Setting up F18 RDO hands-on training environment with nested KVM.
Raw
f18_bokan_setup.sh
#!/bin/bash -x
LANG=C
basepass="XXXXXXXX"
reposerver="xxx.xxx.xxx.xxx"
function prep_network {
set -x
yum -y update
yum -y groupinstall "Gnome Desktop"
yum -y install cinnamon virt-manager virt-viewer virt-top tigervnc-server expect openssh-askpass iptables-services libvirt-daemon-kvm busybox libvirt-daemon-lxc lxc system-config-kickstart
systemctl stop firewalld.service
systemctl mask firewalld.service
systemctl stop iptables.service
cat <<'EOF' > /etc/sysconfig/iptables
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 4567 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5901:5999 -j ACCEPT
-A INPUT -m limit --limit 3/hour -j LOG --log-prefix "[INPUT Dropped] "
COMMIT
EOF
systemctl enable iptables.service
systemctl start iptables.service
if ! grep -q reposerver /etc/hosts; then
echo "$reposerver reposerver.localdomain reposerver" >> /etc/hosts
fi
if [[ ! -f /root/.ssh/id_rsa ]]; then
yes "" | ssh-keygen -N ""
touch /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys
fi
echo "options kvm-intel nested=1" > /etc/modprobe.d/kvm-intel.conf
systemctl enable libvirtd.service
systemctl start libvirtd.service
sleep 5
cat <<'EOF' >external01.xml
<network>
<name>external01</name>
<forward mode='nat'/>
<bridge name='virbr100' stp='off' delay='0' />
<ip address='172.16.0.1' netmask='255.255.0.0'>
<dhcp>
<range start='172.16.0.100' end='172.16.0.254' />
</dhcp>
</ip>
</network>
EOF
cat <<'EOF' >default.xml
<network>
<name>default</name>
<forward mode='nat'/>
<bridge name='virbr0' stp='off' delay='0' />
<ip address='192.168.122.1' netmask='255.255.255.0'>
<dhcp>
<range start='192.168.122.2' end='192.168.122.254' />
</dhcp>
</ip>
</network>
EOF
if virsh net-info default >/dev/null 2>&1; then
virsh net-destroy default
virsh net-autostart default --disable
virsh net-undefine default
fi
if ! virsh net-info default >/dev/null 2>&1; then
virsh net-define default.xml
virsh net-start default
virsh net-autostart default
fi
if ! virsh net-info external01 >/dev/null 2>&1; then
virsh net-define external01.xml
virsh net-start external01
virsh net-autostart external01
fi
if [[ ! -d /mnt/images ]]; then
cp -a /var/lib/libvirt/images /mnt/images
rm -rf /var/lib/libvirt/images
ln -s /mnt/images /var/lib/libvirt/images
fi
systemctl restart libvirtd.service
}
function prep_vncserver {
set -x
cat <<'EOF' > /etc/systemd/system/vncserver@.service
[Unit]
Description=Remote desktop service (VNC)
After=syslog.target network.target
[Service]
Type=simple
ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill :$(echo %I | cut -f2 -d:) > /dev/null 2>&1 || :'
ExecStart=/bin/sh -c '/sbin/runuser -l $(echo %I | cut -f1 -d:) -c "/usr/bin/vncserver -fg -geometry 1024x768 :$(echo %I | cut -f2 -d:)" || :'
ExecStop=/bin/sh -c '/sbin/runuser -l $(echo %I | cut -f1 -d:) -c "/usr/bin/vncserver -kill :$(echo %I | cut -f2 -d:)" || :'
Restart=always
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
cat <<'EOF' >/usr/local/bin/resetvnc
#!/bin/sh
user=$USER
if ! echo $user | grep -qE "^user0[1-7]$"; then
echo "Invalid user: $user"
exit 1
fi
console=${user#user0}
echo "Restarting VNC service for $user"
echo "Wait a second..."
ssh root@localhost systemctl kill -s9 vncserver@${user}:${console}
ssh root@localhost systemctl start vncserver@${user}:${console}
echo "Done."
EOF
chmod ugo+x /usr/local/bin/resetvnc
}
function peruser_settings {
set -x
for i in $(seq 0 7); do
if [[ $i -eq 0 ]]; then
user="sysadm"
i=99
else
user=$( printf "user%02d" $i )
fi
if id $user >/dev/null 2>&1; then
echo "$user already exists. skipping..."
continue
fi
priv_net=$( printf "internal%02d" $i )
cat <<EOF >${priv_net}.xml
<network>
<name>${priv_net}</name>
<bridge name='virbr${i}' stp='off' delay='0' />
</network>
EOF
if ! virsh net-info ${priv_net} >/dev/null 2>&1; then
virsh net-define ${priv_net}.xml
virsh net-start ${priv_net}
virsh net-autostart ${priv_net}
fi
adduser $user
su - $user -c 'yes "" | ssh-keygen -N ""'
cat /home/${user}/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys
echo "$user ALL=(root) NOPASSWD: /bin/virt-install" > /etc/sudoers.d/$user
chmod 440 /etc/sudoers.d/$user
password="${basepass}${user}"
expect -c "
spawn passwd $user
expect \"New password:\" { send \"$password\n\" }
expect \"Retype new password:\" { send \"$password\n\" }
expect eof { exit 0 }
"
su - $user -c " expect -c \"
spawn vncpasswd
expect \\\"Password:\\\" { send \\\"$password\n\\\" }
expect \\\"Verify:\\\" { send \\\"$password\n\\\" }
expect eof { exit 0 }
\"
"
su - $user -c " expect -c \"
spawn ssh root@localhost hostname
expect \\\"(yes/no)?\\\" { send \\\"yes\n\\\" }
expect eof { exit 0 }
\"
"
xc=/home/$user/.Xclients
cat <<'EOF' >$xc
#!/bin/bash
GSESSION="$(type -p gnome-session)"
if [[ ! -z "$GSESSION" ]]; then
dconf write /org/gnome/desktop/screensaver/lock-enabled false
dconf write /org/gnome/desktop/session/idle-delay 'uint32 0'
exec "$GSESSION" --session=cinnamon
fi
# fallback to default
/etc/X11/xinit/Xclients
EOF
chown $user.$user $xc
chmod u+x $xc
systemctl enable "vncserver@${user}:${i}.service"
systemctl restart "vncserver@${user}:${i}.service"
sleep 5
params=( \
"--type int --set /apps/virt-manager/manager_window_height 470" \
"--type int --set /apps/virt-manager/manager_window_width 670" \
"--type list --list-type string --set /apps/virt-manager/connections/autoconnect '[qemu+ssh://root@localhost/system]'" \
"--type list --list-type string --set /apps/virt-manager/connections/uris '[qemu+ssh://root@localhost/system]'" \
"--type bool --set /apps/virt-manager/stats/enable-disk-poll true" \
"--type bool --set /apps/virt-manager/stats/enable-net-poll true" \
"--type bool --set /apps/virt-manager/vmlist-fields/cpu_usage true" \
"--type bool --set /apps/virt-manager/vmlist-fields/network_traffic true" \
"--type bool --set /apps/virt-manager/vmlist-fields/disk_usage true" \
)
for param in "${params[@]}"; do
su - $user -c "gconftool-2 $param"
done
systemctl restart "vncserver@${user}:${i}.service"
done
}
function prep_httpd {
set -x
yum -y install httpd
sed -i 's/UserDir disabled/#UserDir disabled/' /etc/httpd/conf.d/userdir.conf
sed -i 's/#UserDir public_html/UserDir public_html/' /etc/httpd/conf.d/userdir.conf
systemctl enable httpd.service
systemctl restart httpd.service
setsebool -P httpd_enable_homedirs true
}
function prep_files {
set -x
mkdir -p /var/www/html/files
cat <<'EOF' >/var/www/html/files/fedora.repo
[fedora]
name=Fedora $releasever - $basearch
baseurl=http://reposerver/repo/Fedora18/fedora
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch
[updates]
name=Fedora $releasever - $basearch - Updates
baseurl=http://reposerver/repo/Fedora18/updates
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch
EOF
cat <<'EOF' >/var/www/html/files/rdo.repo
[openstack-grizzly]
name=OpenStack Grizzly Repository
baseurl=http://reposerver/repo/rdo/fedora-18
enabled=1
gpgcheck=0
EOF
cat <<'EOF' >/var/www/html/files/opst0.ks
install
url --url="http://reposerver/repo/Fedora18/os/"
network --bootproto=static --hostname=opst0-_USER_ --device=eth0 --gateway=172.16.0.1 --ip=172.16._USER_.10 --nameserver=172.16.0.1 --netmask=255.255.0.0 --activate
network --device=eth1 --onboot=no
rootpw --iscrypted $1$9GDUyF5b$b5SFhqDVlvCXWff7IgbvS.
graphical
firstboot --disable
keyboard jp106
lang en_US
reboot
timezone --isUtc Asia/Tokyo
bootloader --location=mbr
zerombr
clearpart --all --initlabel
part /boot --asprimary --fstype="ext4" --size=512
part swap --fstype="swap" --size=4096
part / --fstype="ext4" --grow --size=1
part pv.1 --size=20480
volgroup cinder-volumes pv.1
%packages
@core
@standard
%end
EOF
cat <<'EOF' >/var/www/html/files/opst1.ks
install
url --url="http://reposerver/repo/Fedora18/os/"
network --bootproto=static --hostname=opst1-_USER_ --device=eth0 --gateway=172.16.0.1 --ip=172.16._USER_.11 --nameserver=172.16.0.1 --netmask=255.255.0.0 --activate
network --device=eth1 --onboot=no
network --device=eth2 --onboot=no
rootpw --iscrypted $1$9GDUyF5b$b5SFhqDVlvCXWff7IgbvS.
graphical
firstboot --disable
keyboard jp106
lang en_US
reboot
timezone --isUtc Asia/Tokyo
bootloader --location=mbr
zerombr
clearpart --all --initlabel
part /boot --asprimary --fstype="ext4" --size=512
part swap --fstype="swap" --size=4096
part / --fstype="ext4" --grow --size=1
part pv.1 --size=20480
volgroup cinder-volumes pv.1
%packages
@core
@standard
%end
EOF
cat <<'EOF' >/var/www/html/files/opst2.ks
install
url --url="http://reposerver/repo/Fedora18/os/"
network --bootproto=static --hostname=opst2-_USER_ --device=eth0 --gateway=172.16.0.1 --ip=172.16._USER_.12 --nameserver=172.16.0.1 --netmask=255.255.0.0 --activate
network --device=eth1 --onboot=no
rootpw --iscrypted $1$9GDUyF5b$b5SFhqDVlvCXWff7IgbvS.
graphical
firstboot --disable
keyboard jp106
lang en_US
reboot
timezone --isUtc Asia/Tokyo
bootloader --location=mbr
zerombr
clearpart --all --initlabel
part /boot --asprimary --fstype="ext4" --size=512
part swap --fstype="swap" --size=4096
part / --fstype="ext4" --grow --size=1
%packages
@core
@standard
%end
EOF
cat <<'EOF' >/var/www/html/files/apache.pp
package { 'httpd':
ensure => latest,
}
service { 'httpd':
ensure => running,
enable => true,
hasrestart => true,
hasstatus => true,
}
file { '/var/www/html/index.html':
owner => 'apache',
group => 'apache',
mode => '0600',
content => "<h1>This is $hostname.</h1>",
}
exec { 'fw-http':
path => '/usr/bin',
command => 'firewall-cmd --add-service=http',
}
Package['httpd']
-> File['/var/www/html/index.html']
-> Service['httpd']
-> Exec['fw-http']
EOF
cat <<'EOF' >/var/www/html/files/pgsql.pp
class pgsql_install {
package { 'postgresql-server':
ensure => latest,
}
}
class pgsql_service {
service { 'postgresql':
ensure => running,
hasrestart => true,
hasstatus => true,
enable => true,
}
}
class pgsql_init {
file { '/var/lib/pgsql/data/pg_hba.conf':
owner => 'postgres',
group => 'postgres',
mode => '0600',
source => "$manifest_dir/pg_hba.conf",
require => [Exec['initdb'], Exec['init_pw']],
}
exec {
'initdb':
path => ['/sbin', '/bin'],
command => 'postgresql-setup initdb',
logoutput => true,
creates => '/var/lib/pgsql/data/PG_VERSION',
notify => Exec['init_pw'],
;
'init_pw':
path => ['/sbin', '/bin'],
command => 'service postgresql start && \
su - postgres -c "psql -w -c \
\"ALTER USER postgres encrypted password \'pas4pgsql\'\"" && \
service postgresql stop',
logoutput => true,
refreshonly => true,
;
}
}
include 'pgsql_install'
include 'pgsql_init'
include 'pgsql_service'
Class['pgsql_install'] -> Class['pgsql_init'] ~> Class['pgsql_service']
Class['pgsql_install'] ~> Class['pgsql_service']
EOF
cat <<'EOF' >/var/www/html/files/pg_hba.conf
# TYPE DATABASE USER CIDR-ADDRESS METHOD
local all all md5
host all all 127.0.0.1/32 md5
host all all ::1/128 md5
EOF
wget -O /var/www/html/files/fedora-19.x86_64.qcow2 http://cloud.fedoraproject.org/fedora-19.x86_64.qcow2
}
function prep_repos {
set -x
if ! grep -q Fedora-18-x86_64-DVD.iso /etc/fstab; then
if [[ ! -f /var/lib/libvirt/images/Fedora-18-x86_64-DVD.iso ]]; then
cp /root/setup/Fedora-18-x86_64-DVD.iso /var/lib/libvirt/images/
fi
echo "/var/lib/libvirt/images/Fedora-18-x86_64-DVD.iso /var/www/html/repo/Fedora18/os iso9660 defaults,_netdev 0 0" >> /etc/fstab
mkdir -p /var/www/html/repo/Fedora18/os
mount /var/www/html/repo/Fedora18/os
fi
if ! grep -q CentOS-6.4-x86_64-bin-DVD1.iso /etc/fstab; then
if [[ ! -f /var/lib/libvirt/images/CentOS-6.4-x86_64-bin-DVD1.iso ]]; then
cp /root/setup/CentOS-6.4-x86_64-bin-DVD1.iso /var/lib/libvirt/images/
fi
echo "/var/lib/libvirt/images/CentOS-6.4-x86_64-bin-DVD1.iso /var/www/html/repo/CentOS64 iso9660 defaults,_netdev 0 0" >> /etc/fstab
mkdir -p /var/www/html/repo/CentOS64
mount /var/www/html/repo/CentOS64
fi
if [[ ! -a /var/www/html/repo/rdo ]]; then
ln -s /mnt/repo/rdo /var/www/html/repo/rdo
fi
if [[ ! -a /var/www/html/repo/Fedora18/fedora ]]; then
ln -s /mnt/repo/Fedora18/fedora /var/www/html/repo/Fedora18/fedora
fi
if [[ ! -a /var/www/html/repo/Fedora18/updates ]]; then
ln -s /mnt/repo/Fedora18/updates /var/www/html/repo/Fedora18/updates
fi
chcon -R -t httpd_sys_content_t /mnt/repo
}
# main
localectl set-locale LANG="ja_JP.UTF-8"
localectl set-keymap jp106
prep_network
prep_vncserver
prep_httpd
peruser_settings
#prep_repos
#prep_files
# Before prep_repo, do the following:
# Download the following iso's
# /root/setup/Fedora-18-x86_64-DVD.iso
# /root/setup/CentOS-6.4-x86_64-bin-DVD1.iso
# Official repos should be reposynced with reposync/wget to:
# /mnt/repo/Fedora18/fedora
# /mnt/repo/Fedora18/updates
# /mnt/repo/rdo/fedora-18
# How to download rdo and Fedora repo
# mkdir -p /mnt/repo/rdo && cd /mnt/repo/rdo && wget -r -nH -np http://repos.fedorapeople.org/repos/openstack/openstack-grizzly/fedora-18/
# mv repos/openstack/openstack-grizzly/fedora-18 ./
# rm -rf repos
# mkdir -p /mnt/repo/Fedora18 && cd /mnt/repo/Fedora18 && reposync -n
# createrepo fedora
# createrepo updates
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment