F31 VM setup
########################## | |
# VM CONFIG | |
########################## | |
# install rpmfusion free, non-free | |
sudo dnf install https://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm https://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm | |
# install kernel headers and gcc | |
dnf -y update | |
dnf -y install kernel kernel-headers kernel-devel gcc alien yum-utils | |
reboot | |
dnf -y install kernel-headers-$(uname -r) | |
# install VBox extensions; reboot | |
########################## | |
# BASE SOFTWARE INSTALLS | |
########################## | |
# download/install chrome, sublime, beyond compare | |
dnf -y install xfce4-screenshooter-plugin xfce4-notes-plugin xfce4-timer-plugin xfce4-screenshooter \ | |
xfce4-datetime-plugin xfce4-pulseaudio-plugin xfce4-terminal xfce4-clipman-plugin arandr pidgin firefox \ | |
ccrypt vim vim-common vim-enhanced httpd php perl python ruby java jre maven mock git sshfs openssl \ | |
kernel kernel-headers kernel-devel gcc-c++ gcc alien vpnc Xvfb gimp ImageMagick vinagre \ | |
krb5-auth-dialog krb5-libs kstart sssd-krb5-common sssd krb5-workstation bison sqlite-devel zlib-devel \ | |
java-1.8.0-openjdk-devel java-11-openjdk-devel libffi-devel libtool readline-devel jq \ | |
libyaml-devel openssl-devel maven-surefire-report-parser libreoffice-writer libreoffice-calc xsel xdotool xclip ncdu \ | |
podman buildah skopeo | |
# note, if using JDK 11 and latest Maven 3.6.2, also need plexus-utils 3.2+, eg., | |
yum install -y https://rpmfind.net/linux/fedora/linux/releases/31/Everything/x86_64/os/Packages/p/plexus-utils-3.2.0-2.fc31.noarch.rpm | |
# note: you want skopeo 0.1.40 or newer from F30 or F31 repo | |
# https://mirror.dst.ca/fedora/releases/30/Everything/x86_64/os/ (requires zip compression) | |
# https://mirror.dst.ca/fedora/releases/31/Everything/x86_64/os/ (requires Zstd compression; not compatible with RHEL 7) | |
sudo rpm -v --import https://download.sublimetext.com/sublimehq-rpm-pub.gpg | |
sudo dnf config-manager --add-repo https://download.sublimetext.com/rpm/stable/x86_64/sublime-text.repo | |
sudo dnf install sublime-text | |
# get chrome and vscode | |
# https://code.visualstudio.com/download# | |
################################################################ | |
# Forgot something? Here's the complete list of installs! | |
for i in $(dnf history | grep -v "Altered" | grep install | sed -e "s#[\t ]\+\([0-9]\+\)[\t ]\+|.\+#\1#" | tac); do | |
dnf history info $i | grep Command | sed -e "s#.\+ : #dnf -y #"; | |
done | |
################################################################ | |
########################## | |
# PANEL CONFIG | |
########################## | |
# panel prefs: 24px wide | |
# launchers: screenshooter, terminal, thunar, sublime, chrome, [others] | |
# terminal: xfce4-terminal --maximize | |
# chrome: /usr/bin/google-chrome-stable --auth-server-whitelist="*.openshift.com, *.redhat.com" --ignore-certificate-errors %U | |
# Set chrome launcher to use: | |
# /usr/bin/google-chrome-stable --auth-server-whitelist="*.redhat.com" %U | |
# Orage Panel clock | |
# font: Sans 8 | |
# height: 32 | |
# width: 70 | |
# line1: %Y-%m-%d %H:%M | |
# tooltip: %x %X / W%V | |
########################## | |
# HOME DIR SETUP | |
########################## | |
# set up symlinks | |
cd ~; mv ~/Downloads ~/tmp; ln -s tmp/ Downloads | |
# Copy to new machine: | |
~/bin folder (including sublime & bcompare licenses) | |
~/.alias, ~/.bashrc, ~/.bash_profile, ~/.gitconfig | |
~/.docker | |
~/.ssh | |
~/tmp, ~/4 ~/5 | |
~/.purple (pidgin) | |
~/Documents/2017 - 2020 | |
~/RedHat/2017 - 2020 | |
# copy sublime settings and plugins to new machine | |
unzip ~/bin/dot-config-sublime-text-3.zip -d ~/.config/ | |
# copy yum.repos.d files - add in RH internal URLs for Brew, etc. | |
scpr ~/bin/etc-yum.repos.d /etc/yum/repos.d/ | |
# disable selinux in /etc/selinux/config | |
# set up visudo | |
########################## | |
# VPN SETUP | |
########################## | |
# install vpn stuff (see ~/RedHat/2017/vpn/*.rpm) | |
dnf install -y redhat-internal-cert-install-0.1-7.el7.csb.noarch.rpm redhat-internal-NetworkManager-openvpn-profiles-0.1-29.el7.csb.noarch.rpm \ | |
redhat-internal-NetworkManager-openvpn-profiles-non-gnome-0.1-29.el7.csb.noarch.rpm redhat-internal-openvpn-profiles-0.1-29.el7.csb.noarch.rpm | |
#run VPN | |
V | |
########################## | |
# DEV ENV SETUP | |
########################## | |
# add ant-contrib to ant lib folder so it's available for mirroring devstudio TP requirements | |
# sudo yum -y install ant-contrib | |
# mkdir -p $HOME/.ant/lib | |
# cp /usr/share/java/ant-contrib/ant-contrib.jar $HOME/.ant/lib/ | |
# install pip and required packages | |
cd /tmp | |
wget https://bootstrap.pypa.io/get-pip.py | |
python get-pip.py | |
pip install --upgrade pip | |
pip install PyXB jira pygithub | |
pip install yq jsonschema --user | |
########################## | |
# RHEL SUBSCRIPTION | |
########################## | |
# subscription-manager register --auto-attach --username "$SUBSCRIPTION_USERNAME" --password "$SUBSCRIPTION_PASSWORD" | |
########################## | |
# set up rhpkg & fedpkg | |
########################## | |
# 1. install rpms | |
# from http://download-ipv4.eng.brq.redhat.com/rel-eng/RCMTOOLS/latest-RCMTOOLS-2-F-31/compose/Everything/x86_64/os/ | |
# from http://download-node-02.eng.bos.redhat.com/rel-eng/RCMTOOLS/latest-RCMTOOLS-2-F-30/compose/Everything/x86_64/os/ | |
dnf install -y javapackages-local fedora-packager brew-tools koji rhpkg brewkoji-test brewkoji-stage brewkoji \ | |
fedpkg python2-rpkg python-virtualenvwrapper libffi-devel sssd krb5-workstation krb5-auth-dialog xmvn | |
# 2. install certs: see https://docs.engineering.redhat.com/display/KB/Troubleshooting+Tips#TroubleshootingTips-SSLerrortroubleshooting and https://mojo.redhat.com/docs/DOC-999615#jive_content_id_Certificates | |
# 3. fix for using pip installed python - https://projects.engineering.redhat.com/browse/RCM-18993 | |
echo "" >> ~/.bashrc | |
echo "fix for using pip installed python - https://projects.engineering.redhat.com/browse/RCM-18993" >> ~/.bashrc | |
echo "export REQUESTS_CA_BUNDLE=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem" >> ~/.bashrc | |
# Set up kerberos/kinit (needed for rhpkg and many RCM systems accessed via chrome): | |
google-chrome https://mojo.redhat.com/docs/DOC-1011190 | |
# set up keytab file for kinit: | |
google-chrome https://mojo.redhat.com/docs/DOC-957809 | |
########################## | |
# install hub and rvm | |
########################## | |
google-chrome https://github.com/github/hub/releases | |
# google-chrome https://rvm.io/rvm/install | |
# fix up perms in ~/.ssh and ~ | |
pushd ~/.ssh | |
chmod 700 . * | |
chmod 644 *.pub | |
chmod 770 known_hosts | |
chmod 755 ~ | |
popd | |
# install git hook via https://til.hashrocket.com/posts/c89a35a66c-global-git-hooks | |
mkdir -p ~/.git-templates/hooks | |
git config --global init.templatedir '~/.git-templates' | |
# use this hook to add Change-Id to all commits, so we can edit gerrits (push changes) instead of having to submit new ones | |
scp -p -P 29418 nickb@git.eclipse.org:hooks/commit-msg ~/.git-templates/hooks/ | |
# install node and npm | |
dnf install -y node npm | |
# enable JDK 11 as default instead of 8 | |
alternatives --config javac | |
alternatives --config java | |
# TODO: rebuild hudson-job-sync-plugin | |
# import certs from ~/bin/certs into JDK cert store using ~/bin/cert.import.sh | |
cd ~/2/maven-plugins/hudson-job-sync-plugin && mvn clean install | |
cp ~/bin/pom-*-internal.xml ~/truu/jbdevstudio-ci | |
# WHY? open ephemeral and 8080 ports on firewall | |
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT | |
iptables -I INPUT 1 -i eth0 -p tcp --dport 8080 -j ACCEPT | |
############################################# | |
# install docker-ce (not docker) | |
# from https://docs.docker.com/install/linux/docker-ce/fedora/#install-using-the-repository | |
dnf -y remove docker | |
dnf -y install dnf-plugins-core | |
dnf -y config-manager --add-repo https://download.docker.com/linux/fedora/docker-ce.repo | |
dnf -y install docker-ce docker-ce-cli containerd.io | |
# enable docker daemon | |
sudo systemctl start docker # started | |
sudo systemctl enable docker # enabled on startup | |
sudo groupadd docker | |
sudo usermod -aG docker $USER | |
# get oc and kubectl | |
cd /opt | |
OC_VERSION=4.2.13 | |
curl -o - -L https://mirror.openshift.com/pub/openshift-v4/clients/ocp/latest/openshift-client-linux-${OC_VERSION}.tar.gz \ | |
| tar xvz oc | |
# symlink from a PATH-visible folder like ~/bin | |
cd ~/bin/ | |
rm -f oc kubectl | |
ln -s /opt/oc | |
ln -s /opt/kubectl | |
# TODO: install chectl and crwctl | |
wget https://access.cdn.redhat.com/content/origin/files/sha256/ea/eaed71152067e4d70e3f9f11d4dd1603521fc67c1a43140ba07b56928987c810/codeready-workspaces-2.0.0-crwctl-linux-x64.tar.gz?_auth_=1578933105_4c5e6689c524459e90bbf848ad2610b4 | |
# fix missing symlinks in ~/bin | |
mkdir -p ~/bin; cd ~/bin | |
ln -s /opt/chectl/bin/chectl | |
ln -s /opt/crwctl/bin/crwctl | |
ln -s /home/nboldt/51/codeready-workspaces-productization/jenkins/bin/jpull-CRWCI.sh jpull-CRWCI.sh | |
ln -s /home/nboldt/51/codeready-workspaces-productization/jenkins/bin/jpush-CRWCI.sh jpush-CRWCI.sh | |
ln -s /home/nboldt/51/codeready-workspaces/product/getLatestImageTags.sh getLatestImageTags.sh | |
ln -s /home/nboldt/51/codeready-workspaces/product/updateBaseImages.sh updateBaseImages.sh | |
ln -s /home/nboldt/51/codeready-workspaces/product/getCommitSHAForTag.sh getCommitSHAForTag.sh | |
ln -s /home/nboldt/2/maven-plugins/hudson-job-sync-plugin/scripts/hudpull-eclipseJIPP.sh hudpull-eclipseJIPP.sh | |
ln -s /home/nboldt/2/maven-plugins/hudson-job-sync-plugin/scripts/hudpush-eclipseJIPP.sh hudpush-eclipseJIPP.sh | |
# use alternative bashrc/profile/alias for root user | |
sudo su | |
cd ~/ | |
mv .bashrc{,_OLD}; mv .bash_profile{,_OLD} | |
ln -s /home/nboldt/.bashrc | |
ln -s /home/nboldt/.bash_profile | |
ln -s /home/nboldt/.alias | |
exit | |
# get .gitconfig file | |
curl -o ~/.gitconfig https://gist.githubusercontent.com/nickboldt/67ad86895d1b10164ea0fdbcdadefd02/raw/a1a35a882fa4139c47811fb77906c044f5081002/.gitconfig | |
# enable hardware acceleration in Chrome | |
# see https://www.lifewire.com/hardware-acceleration-in-chrome-4125122 | |
# gpg key generation - rsa/dsa, 4096, 5yr | |
# see https://mojo.redhat.com/docs/DOC-1146306 | |
# then https://mojo.redhat.com/docs/DOC-1166450#jive_content_id_Configuring_a_freshly_installed_system | |
sudo yum -y localinstall http://sat63capsule.corp.redhat.com/pulp/repos/rhit/Library/custom/iam-idm/idm-legacy-configs/Packages/r/rhit-legacy-configs-1.0.0-21.noarch.rpm | |
echo "keyserver hkp://pool.sks-keyservers.net" > ~/.gnupg/gpg.conf | |
# then send your key with: | |
gpg --list-keys # get your key id | |
gpg --send-key F00BAFCAFEBABE00 | |
gpg --search-keys F00BAFCAFEBABE00 | |
gpg --keyserver pool.sks-keyservers.net --search-keys nboldt | |
# now ldap setup | |
gpg --fingerprint F00BAFCAFEBABE00 # get fingerprint | |
echo "dn: uid=nboldt,ou=users,dc=redhat,dc=com | |
changetype: modify | |
add: rhatGPGFingerprint | |
rhatGPGFingerprint: FING ERPR INT GOES HERE" > ~/bin/keytabs/ldap.fingerprint.txt | |
ldapmodify -Q -h ldapmaster.corp.redhat.com -f ~/bin/keytabs/ldap.fingerprint.txt | |
# verify | |
email=nboldt@redhat.com | |
gpg --fingerprint "$email" | |
ldapsearch -Q -LLL "mail=$email" mail rhatGPGFingerprint | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment