--- /dev/null
+#!/bin/bash
+
+
+HASH_LINE="#######################################################################################"
+COBBLER_URL="http://192.168.88.8"
+
+echo "$(date --rfc-3339=seconds): Das ist das Post-Install-Script '$0'."
+echo
+
+if [[ -z "${hostname}" ]] ; then
+ hostname="template.pixelpark.com"
+fi
+IP_ADDRESS_ETH0=$( host "${hostname}" | sed -e 's/.*has address[ ][ ]*//' )
+DOMAIN=$( echo "${hostname}" | cut -d. -f2,3 )
+SIMPLE_HOSTNAME=$( echo "${hostname}" | cut -d. -f1 )
+
+ROOT_PW_CRYPTED="\$6\$I0yXrNsT\$YU3ekjNLy1KTWLRVNww8YM1xtO8FXgTEFhOANS.HB8baj7CxNMRCoxDQh5oFYkZbli67s4pwZ36aNchD2YL.G0"
+
+GIT_ACCOUNT="vmware-provisioning"
+GIT_PASSWD="shiesa&a4taich+iecah8Chu"
+GIT_REPO_DIR="postfix_config"
+GIT_SERVER="git.pixelpark.com"
+GIT_NAMESPACE="ppadmin"
+#GIT_REPO="https://@@acount@@:@@pwd@@@git.pixelpark.com/ppadmin/${GIT_REPO_DIR}.git"
+POSTFIX_MYORIGIN='pixelpark.net'
+POSTFIX_RELAYHOST='[mx.pixelpark.net]'
+
+ERROR_POINTER="/root/postinst-error.txt"
+
+echo
+echo "Some information:"
+echo " \$hostname: $hostname"
+echo " \$system_name: $system_name"
+echo " \$gateway: $gateway"
+echo " \$mac_address_eth0: $mac_address_eth0"
+echo " \$ip_address_eth0: $ip_address_eth0"
+echo " \$IP_ADDRESS_ETH0: $IP_ADDRESS_ETH0"
+echo " \$SIMPLE_HOSTNAME: $SIMPLE_HOSTNAME"
+echo " \$DOMAIN: $DOMAIN"
+
+#-----------------------------------------------------------
+log() {
+
+ echo "$(date --rfc-3339=seconds): $*"
+ echo "$*" >/dev/console
+}
+
+#-----------------------------------------------------------
+create_authkeys() {
+
+ echo
+ echo "${HASH_LINE}"
+ echo
+ local url="${COBBLER_URL}/custom/create-vmware-tpl/keys/auth_keys_pp_betrieb"
+
+ log "Creating /root/.ssh ..."
+ mkdir -pv /root/.ssh
+ chmod -v 0700 /root/.ssh
+
+ log "Creating /root/.ssh/authorized_keys ..."
+ echo "${HASH_LINE}" >> /root/.ssh/authorized_keys
+ echo "ssh-dss AAAAB3NzaC1kc3MAAACBAKDLJjA6G2vfqM55xaDspJetd/IUqWWExh3wyrroHY1+wUCF39Qj3kibUP5IfynjPWjVwrxB5JDEPnGdr1kiMO9mfXMiOVZMRcB26RLXfWjpuoXSR+aUKtzEiJv9s+0R3A4Xxj9Vzn5xcGVqU/X9o25Wjltvgp2QgR8OOPjj0PLfAAAAFQDtdQMaYrc70T6Tl+E9d2pAXjJfcwAAAIBVPIqPUg6jTRU6XJgudNtWlmWOD/GdU1nlaHsTm3rKDzQY9hAx+JMKg9ihimGCGdHxXNYQwEk8UnHe04GuKwEw7Lz3+w8x/o0VUBRAkjPAYt34nIO2r2RXEH8NZUBOHPjMng5aygavLlXYovtvlcA4TZsW0T5eqf/5zS3iWhwilAAAAIBrbamvXpY/cbsVDbkw6JmqFoVeOR0jro4a3+/+fDssUygSw+9fSSRAmoXxF1eXTtq28Wx5I5jBSEVYfwSh++3YT+y9cFsnClJ3OwA9JxIWy8JhmXbNdktn8msrIusjUbGjWhIIw7DLm1LMxLcWByR7f97z1MVdetAsGQB9sfxZzQ== softdist" >> /root/.ssh/authorized_keys
+ echo "${HASH_LINE}" >> /root/.ssh/authorized_keys
+ echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDZ3QNzqiDE6jUzmXnOzIM93mZBPZtSDbCgYQd8xwOz9ZROxqLcckr8qIvyLFDv/fedwQlLDTg90LGX/zHHAB0T+0DB2dMFOWeSloIMMp+0WwG9i6H0ty6NUVSktvG6h4jbgkhMhHGUEHhxgR2LgxTjq8fpcMOLJ4HLLGW9W3BQOVtoi8hiffKm5DB9Au0HgNvXP/UrCQkBtFzMyhRb7D7aFyDyU/7SuM6m17DIYNx1cg79AH3mjRTQXaOVBrOBJ4uaqy6srbGzWs5FSIMMbgOrcmZRw5GilrG5dBbT/OQSN+sHlECx216pyLrbSWcwG1Fo11iI53pnColRUljMIPJ+XRffxT2yINEfyvfr0GGMKi4c5fcDumgYwT2+foefy72sBhNwKhzjuGySPgRU/1PH8oIcu4TJWyW1xi0AfVZnJhjU5RKeWQ9VMhh1nDntpRdD5z+0FrAL+9AINW4Bjboc6OisikIABBeoT9mbYNNGdHA7rpdJwURycJDpJDhyr0voNnmQ15JF6KZebM0+OW9apTxdotKPKYJ8pFBRGXrTENSVvFNIBbYD55IJ2MlOD2eX6XX2/tnHMdZHCE9Gi22Y8p1oiahLtCU3Th8WwazQlh4H9xAJzK0jp7MOpI3Y553i8zBU47VpO5juELH2bCNwChpdbZbY0i6MxQF61d2iJw== create-vmware-tpl@pixelpark.com" >> /root/.ssh/authorized_keys
+
+ local tmp_file=$( mktemp )
+ wget -O "${tmp_file}" --dns-timeout=2 --connect-timeout=3 --read-timeout=3 "${url}" || true
+ if [[ -s "${tmp_file}" ]] ; then
+ cat "${tmp_file}" >> /root/.ssh/authorized_keys
+ fi
+ rm -v "${tmp_file}"
+}
+
+#-----------------------------------------------------------
+import_ssh_hostkeys() {
+
+ echo
+ echo "${HASH_LINE}"
+ echo
+ log "Importing SSH host keys ..."
+
+ mkdir -pv /etc/ssh
+ local tmp_file=
+ local stem=
+ local fullname=
+ local url=
+
+ for stem in ssh_host_ecdsa_key ssh_host_ed25519_key ssh_host_rsa_key ; do
+ for fullname in "${stem}" "${stem}.pub" ; do
+ tmp_file=$( mktemp )
+ url="${COBBLER_URL}/custom/create-vmware-tpl/keys/${fullname}"
+ wget -O "${tmp_file}" --dns-timeout=2 --connect-timeout=3 --read-timeout=3 "${url}"
+ if [[ -s "${tmp_file}" ]] ; then
+ mv -v "${tmp_file}" "/etc/ssh/${fullname}"
+ if [[ "${stem}" == "${fullname}" ]] ; then
+ chown -v root:ssh_keys "/etc/ssh/${fullname}"
+ chmod -v 0640 "/etc/ssh/${fullname}"
+ else
+ chmod -v 0644 "/etc/ssh/${fullname}"
+ fi
+ fi
+ rm -f "${tmp_file}"
+ done
+ done
+
+}
+
+#-----------------------------------------------------------
+create_etc_hosts() {
+
+ echo
+ echo "${HASH_LINE}"
+ echo
+ log "Generating /etc/hosts ..."
+
+ cat <<-EOF >/etc/hosts
+ # generated by pixelpark install server
+
+ 127.0.0.1 localhost
+ ${IP_ADDRESS_ETH0} ${hostname} ${SIMPLE_HOSTNAME}
+
+ EOF
+
+}
+
+#-----------------------------------------------------------
+set_hostname() {
+ echo
+ echo "${HASH_LINE}"
+ echo
+ log "Setting hostname ${hostname} ..."
+ hostnamectl set-hostname --static "${hostname}"
+ hostname > /etc/hostname
+ echo "Hostname normal: $(hostname)"
+ echo "Hostname simple: $(hostname -s)"
+ echo "Hostname FQDN: $(hostname -f)"
+}
+
+#-----------------------------------------------------------
+disable_ipv6() {
+ local sysctl_file="/etc/sysctl.d/99-disable-ipv6.conf"
+ echo
+ echo "${HASH_LINE}"
+ echo
+ log "Disabling IPv6 in '${sysctl_file}' ..."
+ mkdir -pv /etc/sysctl.d
+ echo "#disable ipv6" | tee -a "${sysctl_file}"
+ echo "net.ipv6.conf.all.disable_ipv6 = 1" | tee -a "${sysctl_file}"
+ echo "net.ipv6.conf.default.disable_ipv6 = 1" | tee -a "${sysctl_file}"
+ echo "net.ipv6.conf.lo.disable_ipv6 = 1" | tee -a "${sysctl_file}"
+}
+
+#-----------------------------------------------------------
+mac_exists() {
+
+ [[ -z "$1" ]] && return 1
+ local mac_address="$1"
+
+ ip -o link | grep -i "${mac_address}" 2>/dev/null >/dev/null
+ return $?
+
+}
+
+#-----------------------------------------------------------
+get_ifname() {
+
+ [[ -z "$1" ]] && return 1
+ local mac_address="$1"
+
+ ip -o link | grep -i "${mac_address}" | sed -e 's/^[0-9]*: //' -e 's/:.*//'
+
+}
+
+#-----------------------------------------------------------
+install_network() {
+
+ echo
+ echo "${HASH_LINE}"
+ echo
+ log "Generating network configuration ..."
+
+ local temp_dir=$( mktemp -p /tmp -d 'tmp.XXXXXXXXXX.cobbler' )
+ local tmp_nw_cfg="${temp_dir}/network"
+ local tmp_nw_script_dir="${temp_dir}/network-scripts"
+ local nw_script_dir="/etc/sysconfig/network-scripts"
+ local old_dir="${nw_script_dir}/.old"
+ local ifcfg_file=
+
+ mkdir -pv "${tmp_nw_script_dir}"
+ mkdir -pv "${old_dir}"
+
+ echo "Generating /etc/sysconfig/network ..."
+ #cp -pv /etc/sysconfig/network-scripts/ifcfg-lo "${tmp_nw_script_dir}"
+ grep -v 'GATEWAY|HOSTNAME' /etc/sysconfig/network > "${tmp_nw_cfg}"
+ echo "GATEWAY=${gateway}" >> "${tmp_nw_cfg}"
+ echo "HOSTNAME=${hostname}" >> "${tmp_nw_cfg}"
+ mv -v /etc/sysconfig/network "/etc/sysconfig/network.orig.$( date -r /etc/sysconfig/network +'%Y-%m-%d_%H:%M:%S' )"
+ mv -v "${tmp_nw_cfg}" /etc/sysconfig/network
+
+ # Also set the hostname now, some applications require it
+ /bin/hostname "${hostname}"
+
+ local dev_file="${tmp_nw_script_dir}/ifcfg-eth0"
+ echo "Generating '${dev_file}' ..."
+
+ cat <<-EOF >"${dev_file}"
+ Name="System eth0"
+ DEVICE=eth0
+ ONBOOT=yes
+ HWADDR=${mac_address_eth0}
+ TYPE=Ethernet
+ BOOTPROTO=none
+ IPADDR=${ip_address_eth0}
+ NETMASK=255.255.254.0
+ DEFROUTE=yes
+ IPV4_FAILURE_FATAL=yes
+ IPV6INIT=no
+ DNS1=217.66.52.10
+ DNS2=93.188.109.13
+ DNS3=212.91.225.75
+ DOMAIN="pixelpark.com pixelpark.net"
+
+ EOF
+
+ for ifcfg_file in ${nw_script_dir}/ifcfg-* ; do
+ local bname=$(basename "${ifcfg_file}" )
+ if [[ "${bname}" == "ifcfg-lo" ]] ; then
+ continue
+ fi
+ mv -v "${ifcfg_file}" "${old_dir}"
+ done
+ mv -v "${dev_file}" "${nw_script_dir}"
+
+ rm -vrf "${temp_dir}"
+
+}
+
+#-----------------------------------------------------------
+manage_dns() {
+
+ echo
+ echo "${HASH_LINE}"
+ echo
+ log "Generating /etc/resolv.conf ..."
+
+ rm -fv /etc/resolv.conf
+
+ cat <<-EOF >"/etc/resolv.conf"
+ search pixelpark.net pixelpark.com
+ nameserver 217.66.52.10
+ nameserver 93.188.109.13
+ nameserver 212.91.225.75
+
+ EOF
+
+}
+
+#-----------------------------------------------------------
+tweak_systemd() {
+
+ echo
+ echo "${HASH_LINE}"
+ echo
+ log "Tweaking systemd ..."
+
+ local sdir="/etc/systemd/system"
+ local getty_dir_tgt="${sdir}/getty.target.wants"
+ local getty_dir_at="${sdir}/getty@.service.d"
+ local getty_svc="/usr/lib/systemd/system/getty@.service"
+ local i=
+ local glink=
+
+ mkdir -pv "${getty_dir_at}"
+ echo "Generating ${getty_dir_at}/noclear.conf ..."
+ cat <<-EOF >"${getty_dir_at}/noclear.conf"
+ [Service]
+ TTYVTDisallocate=no
+ EOF
+
+ for i in 2 3 4 ; do
+ glink="${getty_dir_tgt}/gett@tty${i}.service"
+ ln -sv "${getty_svc}" "${glink}"
+ done
+
+}
+
+#-----------------------------------------------------------
+tweak_grub() {
+
+ local grub_cfg="/etc/default/grub"
+ if [[ -f "${grub_cfg}" ]] ; then
+
+ echo
+ echo "${HASH_LINE}"
+ echo
+ log "Tweaking '${grub_cfg}' ..."
+
+ echo "Selecting entry in /etc/grub2.cfg ..."
+ awk -F\' '$1=="menuentry " {print i++ " : " $2}' /etc/grub2.cfg
+ grub2-set-default 0
+ grub2-editenv list
+
+ echo "Removing quiet from '${grub_cfg}' ..."
+ sed --in-place -e 's/^\(GRUB_CMDLINE_LINUX=.*\)[ ]quiet\(.*\)/\1\2/' "${grub_cfg}"
+
+ echo "Removing rhgb (RedHat Graphical Boot) from '${grub_cfg}' ..."
+ sed --in-place -e 's/^\(GRUB_CMDLINE_LINUX=.*\)[ ]rhgb\(.*\)/\1\2/' "${grub_cfg}"
+
+ echo "Recreating /boot/grub2/grub.cfg ..."
+ grub2-mkconfig -o /boot/grub2/grub.cfg
+
+ fi
+
+}
+
+#-----------------------------------------------------------
+install_epel() {
+
+ echo
+ echo "${HASH_LINE}"
+ echo
+ log "Install EPEL repository package ..."
+
+ local url=
+ local tgt=
+ local bname=
+ local repo_file=
+
+ echo
+ echo "Backing up existing repo files -> /etc/yum.repos.d/.old ..."
+ mkdir -pv /etc/yum.repos.d/.old
+ for repo_file in /etc/yum.repos.d/*.repo ; do
+ if [[ ! -f "${repo_file}" ]] ; then
+ continue
+ fi
+ cp -pv "${repo_file}" /etc/yum.repos.d/.old
+ done
+
+ for bname in public-yum-ol7.repo epel.repo epel-testing.repo puppet.repo rpm-repo.pixelpark.com.repo ; do
+ url="${COBBLER_URL}/custom/create-vmware-tpl/yum.repos/${bname}"
+ tgt="/etc/yum.repos.d/${bname}"
+ echo
+ echo "Retrieving '${url}' -> '${tgt}' ..."
+ if wget -O "${tgt}" --dns-timeout=2 --connect-timeout=3 --read-timeout=3 "${url}" ; then
+ :
+ else
+ echo "[$(date)]: Could not get '${bname}' from '${url}'." | tee -a "${ERROR_POINTER}"
+ fi
+ chmod -v 0644 "${tgt}"
+ done
+
+ mkdir -pv "/etc/pki/rpm-gpg"
+ chmod -v 0755 "/etc/pki"
+ chmod -v 0755 "/etc/pki/rpm-gpg"
+
+ for bname in RPM-GPG-KEY-EPEL-7 RPM-GPG-KEY-pixelpark RPM-GPG-KEY-puppet-release ; do
+ url="${COBBLER_URL}/custom/create-vmware-tpl/yum.repos/${bname}"
+ tgt="/etc/pki/rpm-gpg/${bname}"
+ echo
+ echo "Retrieving '${url}' -> '${tgt}' ..."
+ if wget -O "${tgt}" --dns-timeout=2 --connect-timeout=3 --read-timeout=3 "${url}" ; then
+ :
+ else
+ echo "[$(date)]: Could not get '${bname}' from '${url}'." | tee -a "${ERROR_POINTER}"
+ fi
+ chmod -v 0644 "${tgt}"
+ done
+
+ echo
+ log "Cleaning YUM cache ..."
+ yum clean all
+
+ echo
+ log "Updating YUM cache ..."
+ if yum makecache fast ; then
+ :
+ else
+ echo "[$(date)]: Could not update YUM cache." | tee -a "${ERROR_POINTER}"
+ fi
+
+ echo
+ log "Installing perl-Config-IniFiles.noarch ..."
+ if yum install -y perl-Config-IniFiles.noarch ; then
+ :
+ else
+ echo "[$(date)]: Could not install perl-Config-IniFiles.noarch." | tee -a "${ERROR_POINTER}"
+ fi
+ sleep 3
+
+}
+
+#-----------------------------------------------------------
+install_pp_tcsh_env() {
+
+ echo
+ echo "${HASH_LINE}"
+ echo
+ log "Pulling pixelpark TCSH config .."
+
+ local cdir=$(pwd)
+ local url="${COBBLER_URL}/custom/shell/linux_tcsh.tar"
+ local local_tar=$( mktemp -p /tmp "linux_tcsh.XXXXXXXX.tar" )
+
+ echo "Local tar file: '${local_tar}'."
+ if wget -O "${local_tar}" --dns-timeout=2 --connect-timeout=3 --read-timeout=3 "${url}" ; then
+ :
+ else
+ echo "[$(date)]: Could not get 'linux_tcsh.tar' from '${url}'." | tee -a "${ERROR_POINTER}"
+ fi
+ if [[ -f "${local_tar}" && -s "${local_tar}" ]] ; then
+ cd /etc
+ echo "Unpacking '${local_tar}' ..."
+ sleep 1
+ tar xvf "${local_tar}"
+ mv -v /etc/.cshrc /etc/csh.cshrc
+ fi
+ rm -fv "${local_tar}"
+
+ echo
+ echo "${HASH_LINE}"
+ echo
+ log "Pulling BASH config .."
+
+ url="${COBBLER_URL}/custom/create-vmware-tpl/files/fbr.sh"
+ local tgt="/etc/profile.d/fbr.sh"
+ echo "Retrieving '${url}' -> '${tgt}' ..."
+ if wget -O "${tgt}" --dns-timeout=2 --connect-timeout=3 --read-timeout=3 "${url}"; then
+ :
+ else
+ echo "[$(date)]: Could not get 'fbr.sh' from '${url}'." | tee -a "${ERROR_POINTER}"
+ fi
+ chmod -v 0644 "${tgt}"
+
+}
+
+#-----------------------------------------------------------
+make_pp_dirs() {
+ echo
+ echo "${HASH_LINE}"
+ echo
+ log "Creating Pixelpark directories ..."
+ for bname in bin etc man ; do
+ mkdir -pv "/opt/PPlocal/${bname}"
+ done
+}
+
+#-----------------------------------------------------------
+misc_packages() {
+
+ local misc_pkgs="ksh tmux vim telnet curl git colordiff psmisc"
+ local misc_pkgs_remove="deltarpm nfs* rpcbind abrt*"
+
+ echo
+ echo "${HASH_LINE}"
+ echo "Disabling mysql-community in /etc/yum.conf ..."
+ echo "exclude=mysql-community*" >> /etc/yum.conf
+
+ echo
+ echo "${HASH_LINE}"
+ echo
+ log "Installing NetworkManager ..."
+ if yum install -y NetworkManager NetworkManager-config-server NetworkManager-tui ; then
+ :
+ else
+ echo "[$(date)]: Could not install NetworkManager." | tee -a "${ERROR_POINTER}"
+ fi
+ echo "Enabling NetworkManager ..."
+ systemctl enable NetworkManager
+
+ echo
+ log "Removing iptables-services ..."
+ yum remove -y iptables-services
+ echo "Stopping and disabling firewalld ..."
+ systemctl stop firewalld
+ systemctl disable firewalld
+
+ echo
+ log "Installng VLAN vconfig ..."
+ if yum install -y vconfig ; then
+ :
+ else
+ echo "[$(date)]: Could not install vconfig." | tee -a "${ERROR_POINTER}"
+ fi
+ echo
+ log "Installing packages: ${misc_pkgs}"
+ if yum install -y ${misc_pkgs} ; then
+ :
+ else
+ echo "[$(date)]: Could not install ${misc_pkgs}" | tee -a "${ERROR_POINTER}"
+ fi
+
+ echo
+ log "Removing packages mysql-community* ..."
+ yum remove -y mysql-community*
+
+ echo
+ log "Removing packages: ${misc_pkgs_remove}"
+ yum remove -y ${misc_pkgs_remove}
+
+ echo
+ echo "Creating /etc/gitconfig ..."
+ cat <<-EOF >/etc/gitconfig
+ [color]
+ ui = true
+ EOF
+
+}
+
+#-----------------------------------------------------------
+remove_ipv6_localhost() {
+
+ echo
+ echo "${HASH_LINE}"
+ echo
+ log "Removing ::1 from /etc/hosts ..."
+
+ sed -i -e '/^::1/ d' /etc/hosts
+
+}
+
+#-----------------------------------------------------------
+create_motd() {
+
+ echo
+ echo "${HASH_LINE}"
+ echo
+ local url="${COBBLER_URL}/custom/pp-scripts/mk_create_motd.ksh"
+
+ echo
+ log "Creating initial /etc/motd ..."
+ local mk_script=$( mktemp -p /tmp "mk_create_motd.XXXXXXXXXX.ksh" )
+ if wget -O "${mk_script}" --dns-timeout=2 --connect-timeout=3 --read-timeout=3 "${url}" ; then
+ chmod 0755 "${mk_script}"
+ "${mk_script}" -i 192.168.88.0/23 \
+ -p "Template VM" \
+ -l "L105 VMWare" \
+ -o "Pixelpark GmbH" > /etc/motd
+ else
+ echo "[$(date)]: Could not get 'mk_create_motd.ksh' from '${url}'." | tee -a "${ERROR_POINTER}"
+ fi
+ rm -fv "${mk_script}"
+
+}
+
+#-----------------------------------------------------------
+install_legato_networker() {
+
+ local url_client="${COBBLER_URL}/custom/legato/lgtoclnt-latest.x86_64.rpm"
+ local url_man="${COBBLER_URL}/custom/legato/lgtoman-latest.x86_64.rpm"
+
+ echo
+ echo "${HASH_LINE}"
+ echo
+ log "Installing Legato networker client ..."
+
+ echo "Installing from URL '${url_client}' ..."
+ if yum install -y "${url_client}" ; then
+ :
+ else
+ echo "[$(date)]: Could not install from ${url_client}" | tee -a "${ERROR_POINTER}"
+ fi
+ echo "Installing from URL '${url_man}' ..."
+ if yum install -y "${url_man}" ; then
+ :
+ else
+ echo "[$(date)]: Could not install from ${url_man}" | tee -a "${ERROR_POINTER}"
+ fi
+
+ mkdir -pv /nsr/res
+ echo "legato01.pixelpark.com" > /nsr/res/servers
+
+}
+
+#-----------------------------------------------------------
+install_ntp() {
+
+ echo
+ echo "${HASH_LINE}"
+ echo
+ log "Deinstalling chrony from whatever reason ..."
+ echo "Stopping chronyd ..."
+ systemctl stop chronyd
+ echo "Disabling chronyd ..."
+ systemctl disable chronyd
+ echo "Deinstalling chrony ..."
+ yum remove -y chrony
+
+ echo
+ log "Installing NTP ..."
+ if yum install -y ntp ; then
+ :
+ else
+ echo "[$(date)]: Could not install ntp." | tee -a "${ERROR_POINTER}"
+ fi
+
+ echo "Cofiguring ntpd ..."
+ mkdir -pv /etc/ntp
+
+ cat <<-EOF > /etc/ntp.conf
+ tinker panic 0
+ driftfile /var/lib/ntp/drift
+ # Permit time synchronization with our time source, but do not
+ # permit the source to query or modify the service on this system.
+ restrict default kod nomodify notrap nopeer noquery
+ restrict -6 default kod nomodify notrap nopeer noquery
+ restrict 127.0.0.1
+ restrict -6 ::1
+ server time01.pixelpark.com iburst
+ server time02.pixelpark.com iburst
+ server time03.pixelpark.com iburst
+
+ EOF
+
+ cat <<-EOF > /etc/ntp/step-tickers
+ time01.pixelpark.com
+ time02.pixelpark.com
+ time03.pixelpark.com
+ EOF
+
+ systemctl enable ntpd
+
+}
+
+#-----------------------------------------------------------
+install_openvm_tools() {
+
+ echo
+ echo "${HASH_LINE}"
+ echo
+ log "Installing open-vm-tools ..."
+
+ if yum install -y open-vm-tools ; then
+
+ echo "Enabling vmware-tools and vmtoolsd ..."
+ systemctl enable vmware-tools
+ systemctl enable vmtoolsd
+
+ vmware-toolbox-cmd timesync disable
+
+ else
+ echo "[$(date)]: Could not install open-vm-tools" | tee -a "${ERROR_POINTER}"
+ fi
+
+}
+
+#-----------------------------------------------------------
+remove_uek_packages() {
+
+ echo
+ echo "${HASH_LINE}"
+ echo
+ log "Switch kernel in /etc/sysconfig/kernel ..."
+
+ sed -i -e 's/^\(DEFAULTKERNEL=\).*/\1kernel/i' /etc/sysconfig/kernel
+
+ echo
+ log "Removing UEK packages ..."
+
+ yum remove -y *-uek-*
+
+ echo
+ log "Removing firmware packages ..."
+
+ rpm -qa | grep -- -firmware | xargs --no-run-if-empty yum remove -y
+
+}
+
+#-----------------------------------------------------------
+dist_upgrade() {
+
+ echo
+ echo "${HASH_LINE}"
+ echo
+ log "Upgrading all packages ..."
+ echo
+ if yum upgrade -y ; then
+ :
+ else
+ echo "[$(date)]: Upgrading system not successful." | tee -a "${ERROR_POINTER}"
+ fi
+
+}
+
+#-----------------------------------------------------------
+install_puppet() {
+
+ local pplabs_conf_dir="/etc/puppetlabs"
+ local puppet_conf_dir="${pplabs_conf_dir}/puppet"
+ local puppet_conf_file="${puppet_conf_dir}/puppet.conf"
+ local facter_conf_dir="${pplabs_conf_dir}/facter/facts.d"
+
+ echo
+ echo "${HASH_LINE}"
+ echo
+ log "Installing Puppet agent ..."
+ echo
+
+ echo "Creating group puppet ..."
+ groupadd -g 63000 puppet
+ getent group puppet
+
+ echo "Creating user puppet ..."
+ useradd -u 63000 -g puppet -d /var/lib/puppet -c "Puppet configuration management" -s /sbin/nologin puppet
+ getent passwd puppet
+ id puppet
+
+ echo
+ echo "Installing puppet package ..."
+ if yum install -y puppet-agent ; then
+ :
+ else
+ echo "[$(date)]: Could not install puppet-agent." | tee -a "${ERROR_POINTER}"
+ fi
+
+ echo
+ echo "Creating config dirs ..."
+ mkdir -pv "${puppet_conf_dir}" "${facter_conf_dir}"
+
+ echo
+ echo "Creating ${puppet_conf_file} ..."
+ cat <<-EOF >"${puppet_conf_file}"
+ [main]
+ ca_ttl = 10y
+ [agent]
+ # The file in which puppetd stores a list of the classes
+ # associated with the retrieved configuratiion. Can be loaded in
+ # the separate "puppet" executable using the "--loadclasses"
+ # option.
+ # The default value is '\$confdir/classes.txt'.
+ classfile = \$vardir/classes.txt
+
+ environment = production
+ report = true
+ pluginsync = true
+ splay = true
+ use_srv_records = true
+ srv_domain = pixelpark.info
+ pluginsource = puppet:///plugins
+ pluginfactsource = puppet:///pluginfacts
+
+ EOF
+
+ echo
+ echo "Creating ${facter_conf_dir}/customer.yaml"
+ cat <<-EOF >"${facter_conf_dir}/customer.yaml"
+ ---
+ customer: pixelpark
+ EOF
+
+ echo
+ echo "Creating ${facter_conf_dir}/host"
+ cat <<-EOF >"${facter_conf_dir}/host"
+ ---
+ pp_purpose: Unknown
+ pp_location: L105
+ pp_owner: Pixelpark AG
+ pp_contact: 8x5@pixelpark.com
+ pp_zonehost: Unknown
+ EOF
+
+ echo
+ echo "Creating ${facter_conf_dir}/tier.yaml"
+ cat <<-EOF >"${facter_conf_dir}/tier.yaml"
+ ---
+ tier: production
+ EOF
+
+ echo
+ echo "Disabling service puppet ..."
+ systemctl disable puppet
+
+}
+
+#-----------------------------------------------------------
+disable_floppy() {
+
+ echo
+ echo "${HASH_LINE}"
+ echo
+ log "Disabling floppy kernel module ..."
+
+ cat <<-EOF >"/etc/modprobe.d/local-blacklist.conf"
+ blacklist floppy
+ EOF
+
+}
+
+#-----------------------------------------------------------
+set_root_pw() {
+
+ echo
+ echo "${HASH_LINE}"
+ echo
+ log "Setting root password ..."
+ usermod -p "${ROOT_PW_CRYPTED}" root
+
+}
+
+#-----------------------------------------------------------
+disable_root_login_pw() {
+
+ echo
+ echo "${HASH_LINE}"
+ echo
+ log "Disabling SSH access for root with password ..."
+
+ perl -p -i -e 's/^\s*#?\s*PermitRootLogin\s.*/PermitRootLogin without-password/i' /etc/ssh/sshd_config
+
+}
+
+#-----------------------------------------------------------
+install_clamav() {
+
+ echo
+ echo "${HASH_LINE}"
+ echo
+ log "Installing and configuring ClamAV ..."
+
+ yum install -y clamav clamav-update
+
+ echo "Tweaking /etc/freshclam.conf ..."
+
+ sed -e '/^#*Example/ d' \
+ -e 's/^[ ]*DatabaseMirror[ ].*/DatabaseMirror clamav.pixelpark.com/i' \
+ -e 's/\(#PrivateMirror mirror2.mynetwork.com\)/\1\nPrivateMirror clamav.pixelpark.com/i' \
+ -i /etc/freshclam.conf
+
+ echo
+ log "Running freshclam ..."
+ freshclam --verbose
+
+}
+
+#-----------------------------------------------------------
+install_postfix() {
+
+ echo
+ echo "${HASH_LINE}"
+ echo
+ log "Installing and configuring Postfix ..."
+
+ local -a main_options_remove=(
+ 'address_verify_map'
+ 'address_verify_relay_transport'
+ 'broken_sasl_auth_clients'
+ 'command_directory'
+ 'daemon_directory'
+ 'data_directory'
+ 'debug_peer_level'
+ 'debugger_command'
+ 'hash_queue_depth'
+ 'html_directory'
+ 'lmtp_tls_loglevel'
+ 'mail_owner'
+ 'manpage_directory'
+ 'masquerade_domains'
+ 'master_service_disable'
+ 'maximal_queue_lifetime'
+ 'queue_directory'
+ 'readme_directory'
+ 'recipient_canonical_maps'
+ 'recipient_delimiter'
+ 'relay_domains'
+ 'sample_directory'
+ 'sender_dependent_default_transport_maps'
+ 'sender_dependent_relayhost_maps'
+ 'setgid_group'
+ 'smtp_sasl_auth_enable'
+ 'smtp_tls_cert_file'
+ 'smtp_tls_enforce_peername'
+ 'smtp_tls_key_file'
+ 'smtp_tls_loglevel'
+ 'smtp_tls_per_site'
+ 'smtp_tls_policy_maps'
+ 'smtp_tls_session_cache_database'
+ 'smtp_use_tls'
+ 'smtpd_client_restrictions'
+ 'smtpd_helo_restrictions'
+ 'smtpd_recipient_restrictions'
+ 'smtpd_relay_restrictions'
+ 'smtpd_sasl_auth_enable'
+ 'smtpd_sasl_authenticated_header'
+ 'smtpd_sasl_local_domain'
+ 'smtpd_sender_restrictions'
+ 'smtpd_tls_auth_only'
+ 'smtpd_tls_CAfile'
+ 'smtpd_tls_cert_file'
+ 'smtpd_tls_key_file'
+ 'smtpd_tls_loglevel'
+ 'smtpd_tls_received_header'
+ 'smtpd_tls_session_cache_database'
+ 'smtpd_use_tls'
+ 'tls_random_prng_update_period'
+ 'tls_random_source'
+ 'transport_maps'
+ 'unknown_local_recipient_reject_code'
+ 'unverified_recipient_reject_code'
+ )
+
+ local -a main_options_set=(
+ 'alias_database = ${default_database_type}:/etc/aliases'
+ 'alias_maps ='
+ 'append_dot_mydomain = no'
+ 'biff = no'
+ 'default_database_type = hash'
+ 'inet_protocols = all'
+ 'local_recipient_maps ='
+ 'local_transport = error:5.1.1 Mailbox unavailable'
+ 'mailbox_size_limit = 0'
+ 'message_size_limit = 358400000'
+ 'mydestination ='
+ "mydomain = ${POSTFIX_MYORIGIN}"
+ "myhostname = ${hostname}"
+ 'mynetworks = 127.0.0.0/8'
+ "relayhost = ${POSTFIX_RELAYHOST}"
+ 'smtp_generic_maps = ${default_database_type}:/etc/postfix/generic'
+ 'smtp_tls_note_starttls_offer = yes'
+ 'smtp_tls_security_level = none'
+ 'smtpd_banner = $myhostname ESMTP $mail_name $mail_version'
+ 'smtpd_tls_security_level = none'
+ 'virtual_alias_maps = ${default_database_type}:/etc/postfix/virtual'
+ )
+
+
+ if yum install -y postfix mailx ; then
+ :
+ else
+ echo "[$(date)]: Could not install postfix and mailx." | tee -a "${ERROR_POINTER}"
+ fi
+
+ cat <<-EOF >"/etc/postfix/generic"
+
+ root root+${hostname}
+ root@localhost root+${hostname}
+ icinga icinga+${hostname}
+ icinga@localhost icinga+${hostname}
+ nagios nagios+${hostname}
+ nagios@localhost nagios+${hostname}
+ xymon xymon+${hostname}
+ xymon@localhost xymon+${hostname}
+
+ EOF
+
+ postmap hash:/etc/postfix/generic
+
+ echo "Backup Postfix configuration ..."
+ cp -pv "/etc/postfix/main.cf" \
+ "/etc/postfix/main.cf.$( date -r /etc/postfix/main.cf +'%Y-%m-%d_%H:%M:%S' ).bak"
+ cp -pv "/etc/postfix/master.cf" \
+ "/etc/postfix/master.cf.$( date -r /etc/postfix/master.cf +'%Y-%m-%d_%H:%M:%S' ).bak"
+ if [[ -f "/etc/postfix/virtual" ]] ; then
+ cp -pv "/etc/postfix/virtual" \
+ "/etc/postfix/virtual.$( date -r /etc/postfix/virtual +'%Y-%m-%d_%H:%M:%S' ).bak"
+ fi
+
+ local option=
+ for option in "${main_options_remove[@]}" ; do
+ echo "Removing postfix option '${option}' ..."
+ postconf -X "${option}"
+ done
+
+ for option in "${main_options_set[@]}" ; do
+ echo "Setting postfix option: '${option}' ..."
+ postconf -e "${option}"
+ done
+
+ mkdir -pv /var/tmp
+ cd /var/tmp
+
+# local url=$( echo "${GIT_REPO}" | sed -e "s/@@acount@@/${GIT_ACCOUNT}/" \
+# -e "s/@@pwd@@/${GIT_PASSWD}/" )
+ local url="https://${GIT_ACCOUNT}:${GIT_PASSWD}@${GIT_SERVER}/${GIT_NAMESPACE}/${GIT_REPO_DIR}.git"
+ echo "Using Git URL: '${url}' ..."
+
+ git clone "${url}"
+ cd "${GIT_REPO_DIR}"
+
+ echo "Copying virtual ..."
+ cp -pv maps/virtual-nullclient-webmaster /etc/postfix/virtual
+ postmap hash:/etc/postfix/virtual
+
+ echo "Copying master.cf ..."
+ cp -pv master-nullclient.cf /etc/postfix/master.cf
+
+ cd ..
+ echo "Removing '${GIT_REPO_DIR}'"
+ rm -rf "${GIT_REPO_DIR}"
+ cd
+
+ echo
+ echo "${HASH_LINE}"
+ echo "Generated main postfix configuration:"
+ echo
+ postconf -n
+ echo
+ echo "${HASH_LINE}"
+ echo "Generated master postfix configuration:"
+ echo
+ postconf -M
+ echo
+
+}
+
+#-----------------------------------------------------------
+config_rsyslog_to_remote() {
+
+ echo
+ echo "${HASH_LINE}"
+ echo
+ log "Adding loghost to rsyslog configuration ..."
+
+ mkdir -pv /etc/rsyslog.d
+
+ cat <<-EOF > "/etc/rsyslog.d/loghost.conf"
+ \$ModLoad imklog
+ *.* @loghost.pixelpark.com:514
+ EOF
+
+}
+
+#-----------------------------------------------------------
+config_logrotate() {
+
+ echo
+ echo "${HASH_LINE}"
+ echo
+ log "Configuring logrotation ..."
+ echo
+
+ mkdir -pv /etc/logrotate.d
+
+ local base_url="${COBBLER_URL}/custom/create-vmware-tpl/files"
+
+ local tmp_file=$( mktemp )
+ local url="${base_url}/logrotate.conf"
+ local tgt="/etc/logrotate.conf"
+
+ echo "Getting ${url} => ${tgt} ..."
+ if wget -O "${tmp_file}" --dns-timeout=2 --connect-timeout=3 --read-timeout=3 "${url}" ; then
+ :
+ else
+ echo "[$(date)]: Could not get 'logrotate.conf' from '${url}'." | tee -a "${ERROR_POINTER}"
+ fi
+ if [[ -s "${tmp_file}" ]] ; then
+ cp -v "${tmp_file}" "${tgt}"
+ fi
+
+ local base=
+ for base in btmp syslog wtmp ; do
+ url="${base_url}/logrotate.d.${base}"
+ tgt="/etc/logrotate.d/${base}"
+ cp -v /dev/null "${tmp_file}"
+ echo "Getting ${url} => ${tgt} ..."
+ if wget -O "${tmp_file}" --dns-timeout=2 --connect-timeout=3 --read-timeout=3 "${url}" ; then
+ :
+ else
+ echo "[$(date)]: Could not get '${base}' from '${url}'." | tee -a "${ERROR_POINTER}"
+ fi
+ if [[ -s "${tmp_file}" ]] ; then
+ cp -v "${tmp_file}" "${tgt}"
+ fi
+ done
+
+ rm -v "${tmp_file}"
+
+}
+
+#-----------------------------------------------------------
+main() {
+
+ create_authkeys
+ import_ssh_hostkeys
+ create_etc_hosts
+ set_hostname
+ disable_ipv6
+ install_network
+ manage_dns
+ tweak_systemd
+ install_epel
+ install_pp_tcsh_env
+ make_pp_dirs
+ misc_packages
+ remove_ipv6_localhost
+ create_motd
+ install_legato_networker
+ install_ntp
+ install_openvm_tools
+ remove_uek_packages
+ disable_floppy
+ set_root_pw
+ disable_root_login_pw
+ dist_upgrade
+ install_clamav
+ install_puppet
+ install_postfix
+ config_logrotate
+ config_rsyslog_to_remote
+ remove_ipv6_localhost
+
+ tweak_grub
+
+}
+
+
+#-----------------------------------------------------------
+main "$@"
+
+# vim: ts=4 et list
projects / pixelpark / create-vmware-tpl.git / commitdiff