Last active
May 3, 2022 11:48
-
-
Save nickboldt/52d7031fab62bfab7ed15195ddfc9e7f to your computer and use it in GitHub Desktop.
F31 VM setup
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
########################## | |
# VM CONFIG | |
########################## | |
# install rpmfusion free, non-free | |
sudo dnf install https://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm https://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm | |
# install kernel headers and gcc | |
dnf -y update | |
dnf -y install kernel kernel-headers kernel-devel gcc alien yum-utils | |
reboot | |
dnf -y install kernel-headers-$(uname -r) | |
# install VBox extensions; reboot | |
########################## | |
# BASE SOFTWARE INSTALLS | |
########################## | |
# download/install chrome, sublime, beyond compare | |
dnf -y install xfce4-screenshooter-plugin xfce4-notes-plugin xfce4-timer-plugin xfce4-screenshooter \ | |
xfce4-datetime-plugin xfce4-pulseaudio-plugin xfce4-terminal xfce4-clipman-plugin arandr pidgin firefox \ | |
ccrypt vim vim-common vim-enhanced httpd php perl python ruby java jre maven mock git sshfs openssl \ | |
kernel kernel-headers kernel-devel gcc-c++ gcc alien vpnc Xvfb gimp ImageMagick vinagre \ | |
krb5-auth-dialog krb5-libs kstart sssd-krb5-common sssd krb5-workstation bison sqlite-devel zlib-devel \ | |
java-1.8.0-openjdk-devel java-11-openjdk-devel libffi-devel libtool readline-devel jq \ | |
libyaml-devel openssl-devel maven-surefire-report-parser libreoffice-writer libreoffice-calc xsel xdotool xclip ncdu \ | |
podman buildah skopeo | |
# note, if using JDK 11 and latest Maven 3.6.2, also need plexus-utils 3.2+, eg., | |
yum install -y https://rpmfind.net/linux/fedora/linux/releases/31/Everything/x86_64/os/Packages/p/plexus-utils-3.2.0-2.fc31.noarch.rpm | |
# note: you want skopeo 0.1.40 or newer from F30 or F31 repo | |
# https://mirror.dst.ca/fedora/releases/30/Everything/x86_64/os/ (requires zip compression) | |
# https://mirror.dst.ca/fedora/releases/31/Everything/x86_64/os/ (requires Zstd compression; not compatible with RHEL 7) | |
sudo rpm -v --import https://download.sublimetext.com/sublimehq-rpm-pub.gpg | |
sudo dnf config-manager --add-repo https://download.sublimetext.com/rpm/stable/x86_64/sublime-text.repo | |
sudo dnf install sublime-text | |
# get chrome and vscode | |
# https://code.visualstudio.com/download# | |
################################################################ | |
# Forgot something? Here's the complete list of installs! | |
for i in $(dnf history | grep -v "Altered" | grep install | sed -e "s#[\t ]\+\([0-9]\+\)[\t ]\+|.\+#\1#" | tac); do | |
dnf history info $i | grep Command | sed -e "s#.\+ : #dnf -y #"; | |
done | |
################################################################ | |
########################## | |
# PANEL CONFIG | |
########################## | |
# panel prefs: 24px wide | |
# launchers: screenshooter, terminal, thunar, sublime, chrome, [others] | |
# terminal: xfce4-terminal --maximize | |
# chrome: /usr/bin/google-chrome-stable --auth-server-whitelist="*.openshift.com, *.redhat.com" --ignore-certificate-errors %U | |
# Set chrome launcher to use: | |
# /usr/bin/google-chrome-stable --auth-server-whitelist="*.redhat.com" %U | |
# Orage Panel clock | |
# font: Sans 8 | |
# height: 32 | |
# width: 70 | |
# line1: %Y-%m-%d %H:%M | |
# tooltip: %x %X / W%V | |
########################## | |
# HOME DIR SETUP | |
########################## | |
# set up symlinks | |
cd ~; mv ~/Downloads ~/tmp; ln -s tmp/ Downloads | |
# Copy to new machine: | |
~/bin folder (including sublime & bcompare licenses) | |
~/.alias, ~/.bashrc, ~/.bash_profile, ~/.gitconfig | |
~/.docker | |
~/.ssh | |
~/tmp, ~/4 ~/5 | |
~/.purple (pidgin) | |
~/Documents/2017 - 2020 | |
~/RedHat/2017 - 2020 | |
# copy sublime settings and plugins to new machine | |
unzip ~/bin/dot-config-sublime-text-3.zip -d ~/.config/ | |
# copy yum.repos.d files - add in RH internal URLs for Brew, etc. | |
scpr ~/bin/etc-yum.repos.d /etc/yum/repos.d/ | |
# disable selinux in /etc/selinux/config | |
# set up visudo | |
########################## | |
# VPN SETUP | |
########################## | |
# see http://hdn.corp.redhat.com/rhel7-csb-stage/repoview/redhat-internal-cert-install.html | |
# and http://hdn.corp.redhat.com/rhel7-csb-stage/RPMS/noarch/?C=M;O=D | |
# install vpn stuff (see ~/RedHat/2017/vpn/*.rpm) | |
dnf install -y redhat-internal-cert-install-* redhat-internal-NetworkManager-openvpn-profiles-0.1-29.el7.csb.noarch.rpm \ | |
redhat-internal-NetworkManager-openvpn-profiles-non-gnome-0.1-29.el7.csb.noarch.rpm redhat-internal-openvpn-profiles-0.1-29.el7.csb.noarch.rpm | |
#run VPN | |
V | |
########################## | |
# DEV ENV SETUP | |
########################## | |
# add ant-contrib to ant lib folder so it's available for mirroring devstudio TP requirements | |
# sudo yum -y install ant-contrib | |
# mkdir -p $HOME/.ant/lib | |
# cp /usr/share/java/ant-contrib/ant-contrib.jar $HOME/.ant/lib/ | |
# install pip and required packages | |
cd /tmp | |
wget https://bootstrap.pypa.io/get-pip.py | |
python get-pip.py | |
pip install --upgrade pip | |
pip install PyXB jira pygithub | |
pip install yq jsonschema --user | |
########################## | |
# RHEL SUBSCRIPTION | |
########################## | |
# subscription-manager register --auto-attach --username "$SUBSCRIPTION_USERNAME" --password "$SUBSCRIPTION_PASSWORD" | |
########################## | |
# set up rhpkg & fedpkg | |
########################## | |
# 1. install rpms | |
# from http://download-ipv4.eng.brq.redhat.com/rel-eng/RCMTOOLS/latest-RCMTOOLS-2-F-31/compose/Everything/x86_64/os/ | |
# from http://download-node-02.eng.bos.redhat.com/rel-eng/RCMTOOLS/latest-RCMTOOLS-2-F-30/compose/Everything/x86_64/os/ | |
dnf install -y javapackages-local fedora-packager brew-tools koji rhpkg brewkoji-test brewkoji-stage brewkoji \ | |
fedpkg python2-rpkg python-virtualenvwrapper libffi-devel sssd krb5-workstation krb5-auth-dialog xmvn | |
# 2. install certs: see https://docs.engineering.redhat.com/display/KB/Troubleshooting+Tips#TroubleshootingTips-SSLerrortroubleshooting and https://mojo.redhat.com/docs/DOC-999615#jive_content_id_Certificates | |
# 3. fix for using pip installed python - https://projects.engineering.redhat.com/browse/RCM-18993 | |
echo "" >> ~/.bashrc | |
echo "fix for using pip installed python - https://projects.engineering.redhat.com/browse/RCM-18993" >> ~/.bashrc | |
echo "export REQUESTS_CA_BUNDLE=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem" >> ~/.bashrc | |
# Set up kerberos/kinit (needed for rhpkg and many RCM systems accessed via chrome): | |
google-chrome https://source.redhat.com/groups/public/identity-access-management/identity__access_management_wiki/how_to_renew_a_kerberos_tgt | |
# set up keytab file for kinit: | |
google-chrome https://source.redhat.com/groups/public/certification-initiatives/infrastructureinitiatives/infrastructure_initiatives_wiki/creating_keytab_file_for_kerberos_login | |
########################## | |
# install hub and rvm | |
########################## | |
google-chrome https://github.com/github/hub/releases | |
# google-chrome https://rvm.io/rvm/install | |
# fix up perms in ~/.ssh and ~ | |
pushd ~/.ssh | |
chmod 700 . * | |
chmod 644 *.pub | |
chmod 770 known_hosts | |
chmod 755 ~ | |
popd | |
# install git hook via https://til.hashrocket.com/posts/c89a35a66c-global-git-hooks | |
mkdir -p ~/.git-templates/hooks | |
git config --global init.templatedir '~/.git-templates' | |
# use this hook to add Change-Id to all commits, so we can edit gerrits (push changes) instead of having to submit new ones | |
scp -p -P 29418 nickb@git.eclipse.org:hooks/commit-msg ~/.git-templates/hooks/ | |
# install node and npm | |
dnf install -y node npm | |
# enable JDK 11 as default instead of 8 | |
alternatives --config javac | |
alternatives --config java | |
# TODO: rebuild hudson-job-sync-plugin | |
# import certs from ~/bin/certs into JDK cert store using ~/bin/cert.import.sh | |
cd ~/2/maven-plugins/hudson-job-sync-plugin && mvn clean install | |
cp ~/bin/pom-*-internal.xml ~/truu/jbdevstudio-ci | |
# WHY? open ephemeral and 8080 ports on firewall | |
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT | |
iptables -I INPUT 1 -i eth0 -p tcp --dport 8080 -j ACCEPT | |
############################################# | |
# install docker-ce (not docker) | |
# from https://docs.docker.com/install/linux/docker-ce/fedora/#install-using-the-repository | |
dnf -y remove docker | |
dnf -y install dnf-plugins-core | |
dnf -y config-manager --add-repo https://download.docker.com/linux/fedora/docker-ce.repo | |
dnf -y install docker-ce docker-ce-cli containerd.io | |
# enable docker daemon | |
sudo systemctl start docker # started | |
sudo systemctl enable docker # enabled on startup | |
sudo groupadd docker | |
sudo usermod -aG docker $USER | |
# get oc and kubectl | |
cd /opt | |
OC_VERSION=4.2.13 | |
curl -o - -L https://mirror.openshift.com/pub/openshift-v4/clients/ocp/latest/openshift-client-linux-${OC_VERSION}.tar.gz \ | |
| tar xvz oc | |
# symlink from a PATH-visible folder like ~/bin | |
cd ~/bin/ | |
rm -f oc kubectl | |
ln -s /opt/oc | |
ln -s /opt/kubectl | |
# TODO: install chectl and crwctl | |
wget https://access.cdn.redhat.com/content/origin/files/sha256/ea/eaed71152067e4d70e3f9f11d4dd1603521fc67c1a43140ba07b56928987c810/codeready-workspaces-2.0.0-crwctl-linux-x64.tar.gz?_auth_=1578933105_4c5e6689c524459e90bbf848ad2610b4 | |
# fix missing symlinks in ~/bin | |
mkdir -p ~/bin; cd ~/bin | |
ln -s /opt/chectl/bin/chectl | |
ln -s /opt/crwctl/bin/crwctl | |
ln -s /home/nboldt/51/codeready-workspaces-productization/jenkins/bin/jpull-CRWCI.sh jpull-CRWCI.sh | |
ln -s /home/nboldt/51/codeready-workspaces-productization/jenkins/bin/jpush-CRWCI.sh jpush-CRWCI.sh | |
ln -s /home/nboldt/51/codeready-workspaces/product/getLatestImageTags.sh getLatestImageTags.sh | |
ln -s /home/nboldt/51/codeready-workspaces/product/updateBaseImages.sh updateBaseImages.sh | |
ln -s /home/nboldt/51/codeready-workspaces/product/getCommitSHAForTag.sh getCommitSHAForTag.sh | |
ln -s /home/nboldt/2/maven-plugins/hudson-job-sync-plugin/scripts/hudpull-eclipseJIPP.sh hudpull-eclipseJIPP.sh | |
ln -s /home/nboldt/2/maven-plugins/hudson-job-sync-plugin/scripts/hudpush-eclipseJIPP.sh hudpush-eclipseJIPP.sh | |
# use alternative bashrc/profile/alias for root user | |
sudo su | |
cd ~/ | |
mv .bashrc{,_OLD}; mv .bash_profile{,_OLD} | |
ln -s /home/nboldt/.bashrc | |
ln -s /home/nboldt/.bash_profile | |
ln -s /home/nboldt/.alias | |
exit | |
# get .gitconfig file | |
curl -o ~/.gitconfig https://gist.githubusercontent.com/nickboldt/67ad86895d1b10164ea0fdbcdadefd02/raw/a1a35a882fa4139c47811fb77906c044f5081002/.gitconfig | |
# enable hardware acceleration in Chrome | |
# see https://www.lifewire.com/hardware-acceleration-in-chrome-4125122 | |
# gpg key generation - rsa/dsa, 4096, 5yr | |
# see https://mojo.redhat.com/docs/DOC-1146306 | |
# then https://mojo.redhat.com/docs/DOC-1166450#jive_content_id_Configuring_a_freshly_installed_system | |
sudo yum -y localinstall http://sat63capsule.corp.redhat.com/pulp/repos/rhit/Library/custom/iam-idm/idm-legacy-configs/Packages/r/rhit-legacy-configs-1.0.0-21.noarch.rpm | |
echo "keyserver hkp://pool.sks-keyservers.net" > ~/.gnupg/gpg.conf | |
# then send your key with: | |
gpg --list-keys # get your key id | |
gpg --send-key F00BAFCAFEBABE00 | |
gpg --search-keys F00BAFCAFEBABE00 | |
gpg --keyserver pool.sks-keyservers.net --search-keys nboldt | |
# now ldap setup | |
gpg --fingerprint F00BAFCAFEBABE00 # get fingerprint | |
echo "dn: uid=nboldt,ou=users,dc=redhat,dc=com | |
changetype: modify | |
add: rhatGPGFingerprint | |
rhatGPGFingerprint: FING ERPR INT GOES HERE" > ~/bin/keytabs/ldap.fingerprint.txt | |
ldapmodify -Q -h ldapmaster.corp.redhat.com -f ~/bin/keytabs/ldap.fingerprint.txt | |
# verify | |
email=nboldt@redhat.com | |
gpg --fingerprint "$email" | |
ldapsearch -Q -LLL "mail=$email" mail rhatGPGFingerprint | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment