-
-
Save gtmanfred/875175587e095ea8dc2750bebe78658f to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
set -e | |
print_help() { | |
echo "Help for support_packages.sh" | |
echo -e "\t-t, --help display this helptext" | |
echo -e "\t--datacenter datacenter the server is in" | |
echo -e "\t--force don't exit on killchecks" | |
echo -e "\t--cloud-init-timeout timeout for checking for cloud-init (DEFAULT: 180s)" | |
return 1 | |
} | |
if (( ! $# )); then | |
print_help | |
fi | |
while (( $# )); do | |
case $1 in | |
--datacenter) | |
export DATACENTER=$(tr '[:upper:]' '[:lower:]' <<< "$2") | |
case $DATACENTER in | |
dfw*|ord*) TIMEZONE="America/Chicago";; | |
iad*) TIMEZONE="America/New_York";; | |
syd*) TIMEZONE="Australia/Sydney";; | |
lon*) TIMEZONE="Europe/London";; | |
hkg*) TIMEZONE="Asia/Hong_Kong";; | |
esac | |
export TIMEZONE | |
shift 2 | |
;; | |
--force) | |
export FORCE=1 | |
shift 1 | |
;; | |
--cloud-init-timeout) | |
export CLOUD_INIT_TIMEOUT=$2 | |
shift 2 | |
;; | |
-h|--help) | |
print_help | |
;; | |
*) | |
echo "Unknown arg $1" | |
print_help | |
;; | |
esac | |
done | |
START_TIME=$(date +%s) | |
trap 'echo "Completed in $(($(date +%s) - START_TIME)) seconds"' EXIT | |
# for rhel 5 | |
if ! command -v timeout >/dev/null; then | |
timeout() { /bin/bash /usr/share/doc/bash-3.2/scripts/timeout "${@}"; } | |
fi | |
timeout ${CLOUD_INIT_TIMEOUT:-180}s bash <<HERE | |
wait_for_cloud_init() { | |
echo "Checking for cloud-init processes" | |
while pgrep -f '[c]loud-init'; do | |
sleep 5 | |
done | |
if [[ -f /var/lib/cloud/instance/boot-finished ]]; then | |
echo "Cloud-init completion file found: /var/lib/cloud/instance/boot-finished" | |
return 0 | |
else | |
echo "WARNING: Cloud-init completion file not found but no running instances" | |
fi | |
return 0 | |
} | |
wait_for_cloud_init | |
HERE | |
setup_ius_epel() { | |
if [[ ! -f /etc/yum.repos.d/epel.repo ]]; then | |
echo "Setting up epel repository: /etc/yum.repos.d/epel.repo" | |
EPEL_KEY='http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL' | |
MIRROR='mirror.rackspace.com' | |
EPEL="[epel]\n" | |
EPEL+="name=Extra Packages for Enterprise Linux $VERSION - \$basearch\n" | |
EPEL+="baseurl=http://$MIRROR/epel/$VESION/\$basearch\n" | |
EPEL+="enabled=1\n" | |
EPEL+="gpgcheck=1\n" | |
EPEL+="gpgkey=$EPEL_KEY\n" | |
echo -e "${EPEL}" > /etc/yum.repos.d/epel.repo | |
else | |
echo "Epel repository found: /etc/yum.repos.d/epel.repo" | |
fi | |
if [[ ! -f /etc/yum.repos.d/ius.repo ]]; then | |
echo "Setting up ius repository: /etc/yum.repos.d/ius.repo" | |
IUS_KEY='http://dl.iuscommunity.org/pub/ius/IUS-COMMUNITY-GPG-KEY' | |
MIRROR='mirror.rackspace.com' | |
IUS="[ius]\n" | |
IUS+="name=IUS Community Packages for Enterprise Linux $VERSION - \$basearch\n" | |
IUS+="baseurl=http://$MIRROR/ius/stable/$DIST/$VERSION/\$basearch\n" | |
IUS+="enabled=1\n" | |
IUS+="gpgcheck=1\n" | |
IUS+="gpgkey=$IUS_KEY\n" | |
echo -e "${IUS}" > /etc/yum.repos.d/ius.repo | |
else | |
echo "IUS repository found: /etc/yum.repos.d/ius.repo" | |
fi | |
} | |
switch_to_rackspace_mirror() { | |
MIRROR="mirror.rackspace.com" | |
echo "Changing mirrors to use internal: $MIRROR" | |
if (( CENTOS )); then | |
REPL=$(printf 's,^mirrorlist,#&,g;s,#baseurl=http://mirror.centos.org,baseurl=http://%s,g' $MIRROR) | |
sed -i $REPL /etc/yum.repos.d/CentOS-Base.repo | |
elif (( DEBIAN || UBUNTU )); then | |
REPL=$(printf 's:(us.archive|archive|security).ubuntu.com:%s:g' $MIRROR) | |
sed -ri $REPL /etc/apt/sources.list | |
fi | |
} | |
setup_timezone() { | |
if [[ -z $TIMEZONE ]]; then | |
return 0 | |
fi | |
echo "Changing timezone: $TIMEZONE" | |
if (( REDHAT || CENTOS )); then | |
printf "ZONE=\"%s\"\nUTC=true\nARC=false\n" $TIMEZONE > /etc/sysconfig/clock | |
cp "/usr/share/zoneinfo/$TIMEZONE" /etc/localtime | |
if (( VERSION == 5 )); then | |
service syslog restart | |
elif (( VERSION == 6 )); then | |
service rsyslog restart | |
elif (( VERSION == 7 )); then | |
systemctl restart rsyslog.service | |
fi | |
elif (( DEBIAN || UBUNTU )); then | |
echo "$TIMEZONE" > /etc/timezone | |
dpkg-reconfigure --frontend noninteractive tzdata | |
service rsyslog restart | |
fi | |
} | |
setup_ntp() { | |
if [[ -z $DATACENTER ]]; then | |
return 0 | |
fi | |
echo "Setting up ntp: time.${DATACENTER}.rackspace.com" | |
NTP_CONFIG="driftfile /var/lib/ntp/ntp.drift\n\n" | |
NTP_CONFIG+="server time.${DATACENTER}.rackspace.com pool.ntp.org\n" | |
echo -e $NTP_CONFIG > /etc/ntp.conf | |
if (( REDHAT || CENTOS )); then | |
if service ntpd status >/dev/null; then | |
service ntpd restart | |
else | |
service ntpd start | |
fi | |
elif (( DEBIAN || UBUNTU )); then | |
service ntp restart | |
fi | |
} | |
setup_sysstat() { | |
if (( DEBIAN || UBUNTU )); then | |
echo "Enabling sysstat" | |
sed -i 's/ENABLED="false"/ENABLED="true"/g' /etc/default/sysstat | |
fi | |
} | |
setup_logrotate() { | |
echo "Enabling logrotate compression" | |
sed -e 's,^#compress$,compress,' -i /etc/logrotate.conf | |
} | |
setup_histformat() { | |
echo "Setting up Histtimeformat: /etc/profile.d/histformat.sh" | |
echo 'export HISTTIMEFORMAT="%F %T "' > /etc/profile.d/histformat.sh | |
} | |
setup_resize() { | |
echo "Setting up resize: /etc/profile.d/resize.sh" | |
cat > /etc/profile.d/resize.sh <<HERE | |
if ! command -v resize >/dev/null 2>&1; then | |
alias resize='shopt -s checkwinsize;COLUMNS=$(tput cols);\ | |
LINES=$(tput lines);export COLUMNS LINES;\ | |
echo -e "COLUMNS=$COLUMNS;\\nLINES=$LINES;\\nexport COLUMNS LINES;"' | |
fi | |
HERE | |
} | |
setup_ssh() { | |
echo "Setting up sshd_config" | |
if ! /usr/sbin/sshd -t >/dev/null; then | |
ssh-keygen -A | |
fi | |
sed -i 's,^\(PasswordAuthentication\) no$,\1 yes,' /etc/ssh/sshd_config | |
if ! test $(tail -c1 /etc/ssh/sshd_config) '\n' >/dev/null 2>&1; then | |
echo >> /etc/ssh/sshd_config | |
fi | |
if ! grep '^Match User rack' /etc/ssh/sshd_config >/dev/null; then | |
echo "Enabling Match User rack block in sshd_config" | |
cat >> /etc/ssh/sshd_config <<HERE | |
Match User rack | |
PasswordAuthentication yes | |
HERE | |
if ! /usr/sbin/sshd -t; then | |
echo "SSH match conditional block is resulting in an invalid ssh config. Removing" | |
sed '/Match User rack/,+1 d' -i /etc/ssh/sshd_config | |
fi | |
fi | |
echo "Restarting sshd" | |
if (( REDHAT || CENTOS )); then | |
service sshd restart | |
elif (( DEBIAN )); then | |
/etc/init.d/ssh restart | |
elif (( UBUNTU )); then | |
if (( $(echo $VERSION 14 | awk '{print ($1 < $2)}') )); then | |
service ssh restart | |
else | |
/etc/init.d/ssh restart | |
fi | |
fi | |
if grep 'THIS SERVER IS MANAGED BY RACKSPACE' /etc/ssh/sshd_config >/dev/null; then | |
return 0 | |
fi | |
echo "Adding banner to sshd_config" | |
echo "########################################################### | |
# THIS SERVER IS MANAGED BY RACKSPACE # | |
########################################################### | |
# # | |
# When connecting to your server, Rackspace will login # | |
# as the user 'rack' using PasswordAuthentication on # | |
# port 22. To ensure that we have access to your server # | |
# in times of need, we request that you do not change # | |
# these configurations. # | |
# # | |
# In addition, rebuilding or building a new server # | |
# from a snapshot will require that root logins are # | |
# enabled via 'PermitRootLogin yes'. # | |
# # | |
# If you insist on changing these values, please speak # | |
# with an administrator at Rackspace to do so in a way # | |
# that does not impact our ability to provide you with # | |
# Fanatical Support. # | |
# # | |
# - Your Rackspace Support Team # | |
# # | |
########################################################### | |
$(cat /etc/ssh/sshd_config) | |
" > /etc/ssh/sshd_config | |
} | |
install_deb_packages() { | |
if (( DEBIAN )); then | |
dpkg --force-all -P exim4 exim4-base exim4-config exim4-daemon-light | |
fi | |
aptitude update | |
aptitude --safe-resolver -oAptitude::Delete-Unused=false -oAptitude::Purge-Unused=false install -y "${PACKAGES[@]}" | |
} | |
install_rpm_packages() { | |
yum install -y "${PACKAGES[@]}" | |
} | |
install_packages() { | |
echo "Installing packages: ${PACKAGES[@]}" | |
if (( REDHAT || CENTOS )); then | |
install_rpm_packages | |
elif (( DEBIAN || UBUNTU )); then | |
install_deb_packages | |
fi | |
} | |
legacy_killchecks() { | |
echo "Checking for /etc/rackspace/.chefinstall" | |
if (( FORCE )) && [[ -f /etc/rackspace/.chefinstall ]]; then | |
return 1 | |
fi | |
echo "Checking for /root/.noupdate" | |
if [[ -f /root/.noupdate ]]; then | |
return 1 | |
fi | |
} | |
legacy_start_scripts() { | |
echo "Executing scripts in /etc/rackspace/pre.chef.d" | |
if [[ -d /etc/rackspace/pre.chef.d ]]; then | |
for script in /etc/rackspace/pre.chef.d/*; do | |
echo "Running script: $script" | |
$script | |
done | |
fi | |
} | |
legacy_end_scripts() { | |
echo "Executing scripts in /etc/rackspace/post.chef.d" | |
if [[ -d /etc/rackspace/post.chef.d ]]; then | |
for script in /etc/rackspace/post.chef.d/*; do | |
echo "Running script: $script" | |
$script | |
done | |
fi | |
} | |
DIST="$(python -c 'import platform; print platform.dist()[0].lower()')" | |
[[ $DIST == redhat ]] && export REDHAT=1 DIST=Redhat | |
[[ $DIST == centos ]] && export CENTOS=1 DIST=CentOS | |
[[ $DIST == debian ]] && export DEBIAN=1 | |
[[ $DIST == ubuntu ]] && export UBUNTU=1 | |
LINUX=$((DEBIAN || UBUNTU || CENTOS || FEDORA || REDHAT)) | |
PACKAGES=(sysstat traceroute lsof apg strace telnet screen tcpdump ntp) | |
if [[ ! $(hostname |awk -F '.' '{print $NF}') =~ ^[0-9]*$ ]]; then | |
POSTFIX=1 | |
PACKAGES+=(postfix) | |
fi | |
if (( CENTOS || REDHAT )); then | |
VERSION="$(python -c 'import platform; print platform.dist()[1][0]')" | |
PACKAGES+=(vim-enhanced bind-utils jwhois mailx tmpwatch) | |
if (( POSTFIX )); then | |
PACKAGES+=(cyrus-sasl-lib cyrus-sasl-md5 cyrus-sasl-plain) | |
fi | |
setup_ius_epel | |
elif (( DEBIAN || UBUNTU )); then | |
VERSION="$(python -c 'import platform; print platform.dist()[1]')" | |
PACKAGES+=(vim dnsutils bind9-host psmisc whois tmpreaper ntpdate curl) | |
export DEBIAN_FRONTEND=noninteractive | |
if ! command -v aptitude; then | |
apt-get update | |
apt-get install -y aptitude | |
fi | |
fi | |
export PACKAGES VERSION | |
switch_to_rackspace_mirror | |
legacy_killchecks || exit 0 | |
legacy_start_scripts | |
install_packages | |
setup_timezone | |
setup_ntp | |
setup_sysstat | |
setup_logrotate | |
setup_histformat | |
setup_resize | |
setup_ssh | |
legacy_end_scripts |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment