ww898/setup_rhel.9-s390x.sh

## setup_rhel.9-s390x.sh
# Required for .NET v7.0. See https://www.redhat.com/en/blog/rhel-security-sha-1-package-signatures-distrusted-rhel-9
sudo update-crypto-policies --set DEFAULT:SHA1

sudo yum upgrade -y
sudo yum clean packages -y

sudo yum install curl nano mc tmux git dotnet-sdk-6.0 dotnet-sdk-7.0 dotnet-sdk-8.0 java-17-openjdk nodejs

# No htop package in rhel.9, so install it from fedora.38
curl -fLO https://rpmfind.net/linux/fedora-secondary/releases/38/Everything/s390x/os/Packages/h/htop-3.2.2-2.fc38.s390x.rpm
sudo rpm -i htop-3.2.2-2.fc38.s390x.rpm

# Install GitHub runner
sudo useradd builduser -m -s /usr/sbin/nologin
curl -fLO https://github.com/ChristopherHX/github-act-runner/releases/download/v0.6.7/binary-linux-s390x.tar.gz
sudo mkdir -p /opt/github-runner
cd /opt/github-runner
sudo tar xzvf ~/binary-linux-s390x.tar.gz
sudo chown -R root:root .

cd /home/builduser
/opt/github-runner/github-act-runner configure

sudo tee '/lib/systemd/system/github-runner.service' <<EOF
[Unit]
Description=GitHub Act Runner
After=network.target local-fs.target

[Service]
Type=simple
User=builduser
Group=builduser
WorkingDirectory=/home/builduser
ExecStart=/opt/github-runner/github-act-runner run
ExecStop=/bin/kill -HUP $MAINPID
RestartSec=120
Restart=always
TasksMax=infinity

[Install]
WantedBy=multi-user.target
EOF

# Install node_exporter
sudo useradd monituser -M -s /usr/sbin/nologin
curl -fLO https://github.com/prometheus/node_exporter/releases/download/v1.7.0/node_exporter-1.7.0.linux-s390x.tar.gz
sudo mkdir -p /opt/node_exporter
cd /opt/node_exporter
sudo tar xzvf ~/node_exporter-1.7.0.linux-s390x.tar.gz

sudo mkdir -p /var/lib/node_exporter/textfile_collector
sudo chown monituser:monituser /var/lib/node_exporter/textfile_collector

sudo tee "/opt/node_exporter/node_exporter_options" <<EOF
ARGS="--collector.netclass.ignored-devices=^(lo|docker[0-9]|kube-ipvs0|dummy0|veth.+|br\-.+|cali\w{11})\$ \
--collector.netdev.device-exclude=^(lo|docker[0-9]|kube-ipvs0|dummy0|veth.+|br\-.+|cali\w{11})\$ \
--collector.filesystem.mount-points-exclude=^/(dev|sys|proc|host|etc|var/lib/kubelet|var/lib/docker/.+|home/.+|data/local-pv/.+|snap/.+)(\$|/) \
--collector.filesystem.fs-types-exclude=^(aufs|autofs|binfmt_misc|cgroup|configfs|debugfs|devpts|devtmpfs|efivarfs|tmpfs|nsfs|fuse[.]lxcfs|fusectl|hugetlbfs|mqueue|overlay|proc|procfs|pstore|rootfs|rpc_pipefs|securityfs|squashfs|sysfs|tracefs)\$ \
--collector.diskstats.ignored-devices=^(ram|loop|fd|(h|s|v|xv)d[a-z]|nvme[0-9]+n[0-9]+p|dm-|sr|nbd)[0-9]+\$ \
--no-collector.bcache \
--no-collector.infiniband \
--no-collector.wifi \
--no-collector.ipvs \
--collector.textfile.directory \"/var/lib/node_exporter/textfile_collector\""
EOF

sudo tee /lib/systemd/system/node_exporter.service <<EOF
[Unit]
Description=Node Exporter
After=network.target

[Service]
User=monituser
Group=monituser
EnvironmentFile=/opt/node_exporter/node_exporter_options
ExecStart=/opt/node_exporter/node_exporter \$ARGS
ExecReload=/bin/kill -HUP \$MAINPID
TimeoutStopSec=20s
SendSIGKILL=no
Restart=always

[Install]
WantedBy=multi-user.target
EOF

sudo systemctl daemon-reload

sudo systemctl enable node_exporter
sudo systemctl start node_exporter

sudo systemctl enable github-runner
sudo systemctl start github-runner

# Accept connections to node_exporter
echo "iptables -I INPUT 1 -s 217.110.28.18/32,54.228.10.171/32,54.155.149.0/32,54.73.219.83/32 -p tcp --dport 9100 -j ACCEPT" | sudo tee -a /etc/rc.local
iptables -I INPUT 1 -s 217.110.28.18/32,54.228.10.171/32,54.155.149.0/32,54.73.219.83/32 -p tcp --dport 9100 -j ACCEPT

# Append swapfile
sudo fallocate -l 4G /swapfile
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile
echo "/swapfile none swap sw 0 0" | sudo tee -a /etc/fstab
	# Required for .NET v7.0. See https://www.redhat.com/en/blog/rhel-security-sha-1-package-signatures-distrusted-rhel-9
	sudo update-crypto-policies --set DEFAULT:SHA1

	sudo yum upgrade -y
	sudo yum clean packages -y

	sudo yum install curl nano mc tmux git dotnet-sdk-6.0 dotnet-sdk-7.0 dotnet-sdk-8.0 java-17-openjdk nodejs

	# No htop package in rhel.9, so install it from fedora.38
	curl -fLO https://rpmfind.net/linux/fedora-secondary/releases/38/Everything/s390x/os/Packages/h/htop-3.2.2-2.fc38.s390x.rpm
	sudo rpm -i htop-3.2.2-2.fc38.s390x.rpm

	# Install GitHub runner
	sudo useradd builduser -m -s /usr/sbin/nologin
	curl -fLO https://github.com/ChristopherHX/github-act-runner/releases/download/v0.6.7/binary-linux-s390x.tar.gz
	sudo mkdir -p /opt/github-runner
	cd /opt/github-runner
	sudo tar xzvf ~/binary-linux-s390x.tar.gz
	sudo chown -R root:root .

	cd /home/builduser
	/opt/github-runner/github-act-runner configure

	sudo tee '/lib/systemd/system/github-runner.service' <<EOF
	[Unit]
	Description=GitHub Act Runner
	After=network.target local-fs.target

	[Service]
	Type=simple
	User=builduser
	Group=builduser
	WorkingDirectory=/home/builduser
	ExecStart=/opt/github-runner/github-act-runner run
	ExecStop=/bin/kill -HUP $MAINPID
	RestartSec=120
	Restart=always
	TasksMax=infinity

	[Install]
	WantedBy=multi-user.target
	EOF

	# Install node_exporter
	sudo useradd monituser -M -s /usr/sbin/nologin
	curl -fLO https://github.com/prometheus/node_exporter/releases/download/v1.7.0/node_exporter-1.7.0.linux-s390x.tar.gz
	sudo mkdir -p /opt/node_exporter
	cd /opt/node_exporter
	sudo tar xzvf ~/node_exporter-1.7.0.linux-s390x.tar.gz

	sudo mkdir -p /var/lib/node_exporter/textfile_collector
	sudo chown monituser:monituser /var/lib/node_exporter/textfile_collector

	sudo tee "/opt/node_exporter/node_exporter_options" <<EOF
	ARGS="--collector.netclass.ignored-devices=^(lo\|docker[0-9]\|kube-ipvs0\|dummy0\|veth.+\|br\-.+\|cali\w{11})\$ \
	--collector.netdev.device-exclude=^(lo\|docker[0-9]\|kube-ipvs0\|dummy0\|veth.+\|br\-.+\|cali\w{11})\$ \
	--collector.filesystem.mount-points-exclude=^/(dev\|sys\|proc\|host\|etc\|var/lib/kubelet\|var/lib/docker/.+\|home/.+\|data/local-pv/.+\|snap/.+)(\$\|/) \
	--collector.filesystem.fs-types-exclude=^(aufs\|autofs\|binfmt_misc\|cgroup\|configfs\|debugfs\|devpts\|devtmpfs\|efivarfs\|tmpfs\|nsfs\|fuse[.]lxcfs\|fusectl\|hugetlbfs\|mqueue\|overlay\|proc\|procfs\|pstore\|rootfs\|rpc_pipefs\|securityfs\|squashfs\|sysfs\|tracefs)\$ \
	--collector.diskstats.ignored-devices=^(ram\|loop\|fd\|(h\|s\|v\|xv)d[a-z]\|nvme[0-9]+n[0-9]+p\|dm-\|sr\|nbd)[0-9]+\$ \
	--no-collector.bcache \
	--no-collector.infiniband \
	--no-collector.wifi \
	--no-collector.ipvs \
	--collector.textfile.directory \"/var/lib/node_exporter/textfile_collector\""
	EOF

	sudo tee /lib/systemd/system/node_exporter.service <<EOF
	[Unit]
	Description=Node Exporter
	After=network.target

	[Service]
	User=monituser
	Group=monituser
	EnvironmentFile=/opt/node_exporter/node_exporter_options
	ExecStart=/opt/node_exporter/node_exporter \$ARGS
	ExecReload=/bin/kill -HUP \$MAINPID
	TimeoutStopSec=20s
	SendSIGKILL=no
	Restart=always

	[Install]
	WantedBy=multi-user.target
	EOF

	sudo systemctl daemon-reload

	sudo systemctl enable node_exporter
	sudo systemctl start node_exporter

	sudo systemctl enable github-runner
	sudo systemctl start github-runner

	# Accept connections to node_exporter
	echo "iptables -I INPUT 1 -s 217.110.28.18/32,54.228.10.171/32,54.155.149.0/32,54.73.219.83/32 -p tcp --dport 9100 -j ACCEPT" \| sudo tee -a /etc/rc.local
	iptables -I INPUT 1 -s 217.110.28.18/32,54.228.10.171/32,54.155.149.0/32,54.73.219.83/32 -p tcp --dport 9100 -j ACCEPT

	# Append swapfile
	sudo fallocate -l 4G /swapfile
	sudo chmod 600 /swapfile
	sudo mkswap /swapfile
	sudo swapon /swapfile
	echo "/swapfile none swap sw 0 0" \| sudo tee -a /etc/fstab