jatkins/node_setup.sh

## node_setup.sh
#!/bin/bash

# Add keys for external APT sources
wget -O- http://download.gluster.org/pub/gluster/glusterfs/LATEST/Debian/jessie/apt/pub.key | apt-key add -
wget -O- https://download.newrelic.com/548C16BF.gpg | apt-key add -

# Add external APT source list
echo deb http://download.gluster.org/pub/gluster/glusterfs/3.7/3.7.3/Debian/jessie/apt jessie main > /etc/apt/sources.list.d/gluster.list
echo deb http://apt.newrelic.com/debian/ newrelic non-free >> /etc/apt/sources.list.d/newrelic.list

# Perform APT actions
apt-get update
apt-get -y upgrade
apt-get -y dist-upgrade
apt-get -y autoremove
apt-get -y install newrelic-sysmond iptables-persistent vim ntp fail2ban sudo

# Set NewRelic license key
nrsysmond-config --set license_key=888095ca6dd874600482fc53713e4eeb724cf30f

dpkg-reconfigure tzdata

fallocate -l1G /swapfile
chmod 0600 /swapfile
mkswap /swapfile
echo -e "/swapfile\tnone\t\tswap\tsw\t0 0" >> /etc/fstab
echo "vm.swappiness=10" >> /etc/sysctl.conf
echo "vm.vfs_cache_pressure=50" >> /etc/sysctl.conf

adduser --ingroup 27 --disabled-password caesar
mkdir /home/caesar/.ssh
chmod 700 /home/caesar/.ssh
cd /home/caesar/.ssh
touch authorized_keys
chmod 600 authorized_keys
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsCOqvgEuKrLwiQeyPwyXJ7/xiUAFFRva2YF/Y+e8V4q9XD4VaxnNZJoK4L5A/PF9ueQQF5qICfMR+1tebAPUZPbvjnMIsXwvo2f9xDLpNJKmvffNVrxPp3JMEC0Nqi9kLB36CS4a0xkEwIfudjeBGAjbYDsB6IMhIdnjzaCoXNz7C7IWJHExc2YwlbBlJOiThZw/aRI2zN+Vu6Flj+RANgqYtjB4KLeW7tEx+pxpi3d5MdWvTPdcfOkrDfWlGmHgVFqmGmniJeocdCVvtpZvyzVRMSspilxEx1XusALfcRS8TCkwdicKDsFwyag1+3XaD2K3QQMe6X9Ui2rG6C1u/" > authorized_keys

echo "YOU NEED TO REBOOT!!!!!!"

## web_setup.sh
#!/bin/bash

$REMOTE_GFS_HOST="0.0.0.0"

apt-get -y install nginx php5-fpm php5-mysql php5-gd libssh2-php

sed -i s/\;cgi\.fix_pathinfo=1/cgi\.fix_pathinfo=0/g /etc/php5/fpm/php.ini

## webNN_iptables.rules4
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -d 127.0.0.0/8 ! -i lo -j REJECT --reject-with icmp-port-unreachable
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A INPUT -i eth1 -p tcp -m tcp --dport 24007 -s GFS_PEER_PRIVATE_IP -j ACCEPT
-A INPUT -i eth1 -p tcp -m tcp --dport 24008 -s GFS_PEER_PRIVATE_IP -j ACCEPT
-A INPUT -i eth1 -p tcp -m tcp --dport 49152:49153 -s GFS_PEER_PRIVATE_IP -j ACCEPT
-A INPUT -i eth1 -p tcp -m tcp --dport 111 -s GFS_PEER_PRIVATE_IP -j ACCEPT
-A INPUT -i eth1 -p udp -m udp --dport 111 -s GFS_PEER_PRIVATE_IP -j ACCEPT

-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
-A INPUT -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -j ACCEPT
COMMIT
	#!/bin/bash

	# Add keys for external APT sources
	wget -O- http://download.gluster.org/pub/gluster/glusterfs/LATEST/Debian/jessie/apt/pub.key \| apt-key add -
	wget -O- https://download.newrelic.com/548C16BF.gpg \| apt-key add -

	# Add external APT source list
	echo deb http://download.gluster.org/pub/gluster/glusterfs/3.7/3.7.3/Debian/jessie/apt jessie main > /etc/apt/sources.list.d/gluster.list
	echo deb http://apt.newrelic.com/debian/ newrelic non-free >> /etc/apt/sources.list.d/newrelic.list

	# Perform APT actions
	apt-get update
	apt-get -y upgrade
	apt-get -y dist-upgrade
	apt-get -y autoremove
	apt-get -y install newrelic-sysmond iptables-persistent vim ntp fail2ban sudo

	# Set NewRelic license key
	nrsysmond-config --set license_key=888095ca6dd874600482fc53713e4eeb724cf30f

	dpkg-reconfigure tzdata

	fallocate -l1G /swapfile
	chmod 0600 /swapfile
	mkswap /swapfile
	echo -e "/swapfile\tnone\t\tswap\tsw\t0 0" >> /etc/fstab
	echo "vm.swappiness=10" >> /etc/sysctl.conf
	echo "vm.vfs_cache_pressure=50" >> /etc/sysctl.conf

	adduser --ingroup 27 --disabled-password caesar
	mkdir /home/caesar/.ssh
	chmod 700 /home/caesar/.ssh
	cd /home/caesar/.ssh
	touch authorized_keys
	chmod 600 authorized_keys
	echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsCOqvgEuKrLwiQeyPwyXJ7/xiUAFFRva2YF/Y+e8V4q9XD4VaxnNZJoK4L5A/PF9ueQQF5qICfMR+1tebAPUZPbvjnMIsXwvo2f9xDLpNJKmvffNVrxPp3JMEC0Nqi9kLB36CS4a0xkEwIfudjeBGAjbYDsB6IMhIdnjzaCoXNz7C7IWJHExc2YwlbBlJOiThZw/aRI2zN+Vu6Flj+RANgqYtjB4KLeW7tEx+pxpi3d5MdWvTPdcfOkrDfWlGmHgVFqmGmniJeocdCVvtpZvyzVRMSspilxEx1XusALfcRS8TCkwdicKDsFwyag1+3XaD2K3QQMe6X9Ui2rG6C1u/" > authorized_keys

	echo "YOU NEED TO REBOOT!!!!!!"
	#!/bin/bash

	$REMOTE_GFS_HOST="0.0.0.0"

	apt-get -y install nginx php5-fpm php5-mysql php5-gd libssh2-php

	sed -i s/\;cgi\.fix_pathinfo=1/cgi\.fix_pathinfo=0/g /etc/php5/fpm/php.ini
	*filter
	:INPUT ACCEPT [0:0]
	:FORWARD ACCEPT [0:0]
	:OUTPUT ACCEPT [0:0]
	-A INPUT -i lo -j ACCEPT
	-A INPUT -d 127.0.0.0/8 ! -i lo -j REJECT --reject-with icmp-port-unreachable
	-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
	-A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
	-A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
	-A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
	-A INPUT -i eth1 -p tcp -m tcp --dport 24007 -s GFS_PEER_PRIVATE_IP -j ACCEPT
	-A INPUT -i eth1 -p tcp -m tcp --dport 24008 -s GFS_PEER_PRIVATE_IP -j ACCEPT
	-A INPUT -i eth1 -p tcp -m tcp --dport 49152:49153 -s GFS_PEER_PRIVATE_IP -j ACCEPT
	-A INPUT -i eth1 -p tcp -m tcp --dport 111 -s GFS_PEER_PRIVATE_IP -j ACCEPT
	-A INPUT -i eth1 -p udp -m udp --dport 111 -s GFS_PEER_PRIVATE_IP -j ACCEPT

	-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
	-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
	-A INPUT -j REJECT --reject-with icmp-port-unreachable
	-A FORWARD -j REJECT --reject-with icmp-port-unreachable
	-A OUTPUT -j ACCEPT
	COMMIT