Skip to content

Instantly share code, notes, and snippets.

@nickboldt
Last active May 3, 2022 11:48
Show Gist options
  • Save nickboldt/52d7031fab62bfab7ed15195ddfc9e7f to your computer and use it in GitHub Desktop.
Save nickboldt/52d7031fab62bfab7ed15195ddfc9e7f to your computer and use it in GitHub Desktop.
F31 VM setup
##########################
# VM CONFIG
##########################
# install rpmfusion free, non-free
sudo dnf install https://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm https://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm
# install kernel headers and gcc
dnf -y update
dnf -y install kernel kernel-headers kernel-devel gcc alien yum-utils
reboot
dnf -y install kernel-headers-$(uname -r)
# install VBox extensions; reboot
##########################
# BASE SOFTWARE INSTALLS
##########################
# download/install chrome, sublime, beyond compare
dnf -y install xfce4-screenshooter-plugin xfce4-notes-plugin xfce4-timer-plugin xfce4-screenshooter \
xfce4-datetime-plugin xfce4-pulseaudio-plugin xfce4-terminal xfce4-clipman-plugin arandr pidgin firefox \
ccrypt vim vim-common vim-enhanced httpd php perl python ruby java jre maven mock git sshfs openssl \
kernel kernel-headers kernel-devel gcc-c++ gcc alien vpnc Xvfb gimp ImageMagick vinagre \
krb5-auth-dialog krb5-libs kstart sssd-krb5-common sssd krb5-workstation bison sqlite-devel zlib-devel \
java-1.8.0-openjdk-devel java-11-openjdk-devel libffi-devel libtool readline-devel jq \
libyaml-devel openssl-devel maven-surefire-report-parser libreoffice-writer libreoffice-calc xsel xdotool xclip ncdu \
podman buildah skopeo
# note, if using JDK 11 and latest Maven 3.6.2, also need plexus-utils 3.2+, eg.,
yum install -y https://rpmfind.net/linux/fedora/linux/releases/31/Everything/x86_64/os/Packages/p/plexus-utils-3.2.0-2.fc31.noarch.rpm
# note: you want skopeo 0.1.40 or newer from F30 or F31 repo
# https://mirror.dst.ca/fedora/releases/30/Everything/x86_64/os/ (requires zip compression)
# https://mirror.dst.ca/fedora/releases/31/Everything/x86_64/os/ (requires Zstd compression; not compatible with RHEL 7)
sudo rpm -v --import https://download.sublimetext.com/sublimehq-rpm-pub.gpg
sudo dnf config-manager --add-repo https://download.sublimetext.com/rpm/stable/x86_64/sublime-text.repo
sudo dnf install sublime-text
# get chrome and vscode
# https://code.visualstudio.com/download#
################################################################
# Forgot something? Here's the complete list of installs!
for i in $(dnf history | grep -v "Altered" | grep install | sed -e "s#[\t ]\+\([0-9]\+\)[\t ]\+|.\+#\1#" | tac); do
dnf history info $i | grep Command | sed -e "s#.\+ : #dnf -y #";
done
################################################################
##########################
# PANEL CONFIG
##########################
# panel prefs: 24px wide
# launchers: screenshooter, terminal, thunar, sublime, chrome, [others]
# terminal: xfce4-terminal --maximize
# chrome: /usr/bin/google-chrome-stable --auth-server-whitelist="*.openshift.com, *.redhat.com" --ignore-certificate-errors %U
# Set chrome launcher to use:
# /usr/bin/google-chrome-stable --auth-server-whitelist="*.redhat.com" %U
# Orage Panel clock
# font: Sans 8
# height: 32
# width: 70
# line1: %Y-%m-%d %H:%M
# tooltip: %x %X / W%V
##########################
# HOME DIR SETUP
##########################
# set up symlinks
cd ~; mv ~/Downloads ~/tmp; ln -s tmp/ Downloads
# Copy to new machine:
~/bin folder (including sublime & bcompare licenses)
~/.alias, ~/.bashrc, ~/.bash_profile, ~/.gitconfig
~/.docker
~/.ssh
~/tmp, ~/4 ~/5
~/.purple (pidgin)
~/Documents/2017 - 2020
~/RedHat/2017 - 2020
# copy sublime settings and plugins to new machine
unzip ~/bin/dot-config-sublime-text-3.zip -d ~/.config/
# copy yum.repos.d files - add in RH internal URLs for Brew, etc.
scpr ~/bin/etc-yum.repos.d /etc/yum/repos.d/
# disable selinux in /etc/selinux/config
# set up visudo
##########################
# VPN SETUP
##########################
# see http://hdn.corp.redhat.com/rhel7-csb-stage/repoview/redhat-internal-cert-install.html
# and http://hdn.corp.redhat.com/rhel7-csb-stage/RPMS/noarch/?C=M;O=D
# install vpn stuff (see ~/RedHat/2017/vpn/*.rpm)
dnf install -y redhat-internal-cert-install-* redhat-internal-NetworkManager-openvpn-profiles-0.1-29.el7.csb.noarch.rpm \
redhat-internal-NetworkManager-openvpn-profiles-non-gnome-0.1-29.el7.csb.noarch.rpm redhat-internal-openvpn-profiles-0.1-29.el7.csb.noarch.rpm
#run VPN
V
##########################
# DEV ENV SETUP
##########################
# add ant-contrib to ant lib folder so it's available for mirroring devstudio TP requirements
# sudo yum -y install ant-contrib
# mkdir -p $HOME/.ant/lib
# cp /usr/share/java/ant-contrib/ant-contrib.jar $HOME/.ant/lib/
# install pip and required packages
cd /tmp
wget https://bootstrap.pypa.io/get-pip.py
python get-pip.py
pip install --upgrade pip
pip install PyXB jira pygithub
pip install yq jsonschema --user
##########################
# RHEL SUBSCRIPTION
##########################
# subscription-manager register --auto-attach --username "$SUBSCRIPTION_USERNAME" --password "$SUBSCRIPTION_PASSWORD"
##########################
# set up rhpkg & fedpkg
##########################
# 1. install rpms
# from http://download-ipv4.eng.brq.redhat.com/rel-eng/RCMTOOLS/latest-RCMTOOLS-2-F-31/compose/Everything/x86_64/os/
# from http://download-node-02.eng.bos.redhat.com/rel-eng/RCMTOOLS/latest-RCMTOOLS-2-F-30/compose/Everything/x86_64/os/
dnf install -y javapackages-local fedora-packager brew-tools koji rhpkg brewkoji-test brewkoji-stage brewkoji \
fedpkg python2-rpkg python-virtualenvwrapper libffi-devel sssd krb5-workstation krb5-auth-dialog xmvn
# 2. install certs: see https://docs.engineering.redhat.com/display/KB/Troubleshooting+Tips#TroubleshootingTips-SSLerrortroubleshooting and https://mojo.redhat.com/docs/DOC-999615#jive_content_id_Certificates
# 3. fix for using pip installed python - https://projects.engineering.redhat.com/browse/RCM-18993
echo "" >> ~/.bashrc
echo "fix for using pip installed python - https://projects.engineering.redhat.com/browse/RCM-18993" >> ~/.bashrc
echo "export REQUESTS_CA_BUNDLE=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem" >> ~/.bashrc
# Set up kerberos/kinit (needed for rhpkg and many RCM systems accessed via chrome):
google-chrome https://source.redhat.com/groups/public/identity-access-management/identity__access_management_wiki/how_to_renew_a_kerberos_tgt
# set up keytab file for kinit:
google-chrome https://source.redhat.com/groups/public/certification-initiatives/infrastructureinitiatives/infrastructure_initiatives_wiki/creating_keytab_file_for_kerberos_login
##########################
# install hub and rvm
##########################
google-chrome https://github.com/github/hub/releases
# google-chrome https://rvm.io/rvm/install
# fix up perms in ~/.ssh and ~
pushd ~/.ssh
chmod 700 . *
chmod 644 *.pub
chmod 770 known_hosts
chmod 755 ~
popd
# install git hook via https://til.hashrocket.com/posts/c89a35a66c-global-git-hooks
mkdir -p ~/.git-templates/hooks
git config --global init.templatedir '~/.git-templates'
# use this hook to add Change-Id to all commits, so we can edit gerrits (push changes) instead of having to submit new ones
scp -p -P 29418 nickb@git.eclipse.org:hooks/commit-msg ~/.git-templates/hooks/
# install node and npm
dnf install -y node npm
# enable JDK 11 as default instead of 8
alternatives --config javac
alternatives --config java
# TODO: rebuild hudson-job-sync-plugin
# import certs from ~/bin/certs into JDK cert store using ~/bin/cert.import.sh
cd ~/2/maven-plugins/hudson-job-sync-plugin && mvn clean install
cp ~/bin/pom-*-internal.xml ~/truu/jbdevstudio-ci
# WHY? open ephemeral and 8080 ports on firewall
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -I INPUT 1 -i eth0 -p tcp --dport 8080 -j ACCEPT
#############################################
# install docker-ce (not docker)
# from https://docs.docker.com/install/linux/docker-ce/fedora/#install-using-the-repository
dnf -y remove docker
dnf -y install dnf-plugins-core
dnf -y config-manager --add-repo https://download.docker.com/linux/fedora/docker-ce.repo
dnf -y install docker-ce docker-ce-cli containerd.io
# enable docker daemon
sudo systemctl start docker # started
sudo systemctl enable docker # enabled on startup
sudo groupadd docker
sudo usermod -aG docker $USER
# get oc and kubectl
cd /opt
OC_VERSION=4.2.13
curl -o - -L https://mirror.openshift.com/pub/openshift-v4/clients/ocp/latest/openshift-client-linux-${OC_VERSION}.tar.gz \
| tar xvz oc
# symlink from a PATH-visible folder like ~/bin
cd ~/bin/
rm -f oc kubectl
ln -s /opt/oc
ln -s /opt/kubectl
# TODO: install chectl and crwctl
wget https://access.cdn.redhat.com/content/origin/files/sha256/ea/eaed71152067e4d70e3f9f11d4dd1603521fc67c1a43140ba07b56928987c810/codeready-workspaces-2.0.0-crwctl-linux-x64.tar.gz?_auth_=1578933105_4c5e6689c524459e90bbf848ad2610b4
# fix missing symlinks in ~/bin
mkdir -p ~/bin; cd ~/bin
ln -s /opt/chectl/bin/chectl
ln -s /opt/crwctl/bin/crwctl
ln -s /home/nboldt/51/codeready-workspaces-productization/jenkins/bin/jpull-CRWCI.sh jpull-CRWCI.sh
ln -s /home/nboldt/51/codeready-workspaces-productization/jenkins/bin/jpush-CRWCI.sh jpush-CRWCI.sh
ln -s /home/nboldt/51/codeready-workspaces/product/getLatestImageTags.sh getLatestImageTags.sh
ln -s /home/nboldt/51/codeready-workspaces/product/updateBaseImages.sh updateBaseImages.sh
ln -s /home/nboldt/51/codeready-workspaces/product/getCommitSHAForTag.sh getCommitSHAForTag.sh
ln -s /home/nboldt/2/maven-plugins/hudson-job-sync-plugin/scripts/hudpull-eclipseJIPP.sh hudpull-eclipseJIPP.sh
ln -s /home/nboldt/2/maven-plugins/hudson-job-sync-plugin/scripts/hudpush-eclipseJIPP.sh hudpush-eclipseJIPP.sh
# use alternative bashrc/profile/alias for root user
sudo su
cd ~/
mv .bashrc{,_OLD}; mv .bash_profile{,_OLD}
ln -s /home/nboldt/.bashrc
ln -s /home/nboldt/.bash_profile
ln -s /home/nboldt/.alias
exit
# get .gitconfig file
curl -o ~/.gitconfig https://gist.githubusercontent.com/nickboldt/67ad86895d1b10164ea0fdbcdadefd02/raw/a1a35a882fa4139c47811fb77906c044f5081002/.gitconfig
# enable hardware acceleration in Chrome
# see https://www.lifewire.com/hardware-acceleration-in-chrome-4125122
# gpg key generation - rsa/dsa, 4096, 5yr
# see https://mojo.redhat.com/docs/DOC-1146306
# then https://mojo.redhat.com/docs/DOC-1166450#jive_content_id_Configuring_a_freshly_installed_system
sudo yum -y localinstall http://sat63capsule.corp.redhat.com/pulp/repos/rhit/Library/custom/iam-idm/idm-legacy-configs/Packages/r/rhit-legacy-configs-1.0.0-21.noarch.rpm
echo "keyserver hkp://pool.sks-keyservers.net" > ~/.gnupg/gpg.conf
# then send your key with:
gpg --list-keys # get your key id
gpg --send-key F00BAFCAFEBABE00
gpg --search-keys F00BAFCAFEBABE00
gpg --keyserver pool.sks-keyservers.net --search-keys nboldt
# now ldap setup
gpg --fingerprint F00BAFCAFEBABE00 # get fingerprint
echo "dn: uid=nboldt,ou=users,dc=redhat,dc=com
changetype: modify
add: rhatGPGFingerprint
rhatGPGFingerprint: FING ERPR INT GOES HERE" > ~/bin/keytabs/ldap.fingerprint.txt
ldapmodify -Q -h ldapmaster.corp.redhat.com -f ~/bin/keytabs/ldap.fingerprint.txt
# verify
email=nboldt@redhat.com
gpg --fingerprint "$email"
ldapsearch -Q -LLL "mail=$email" mail rhatGPGFingerprint
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment