From 9433872ffa4babd7ae6cc840a024e5da77513d1e Mon Sep 17 00:00:00 2001 From: Frank Brehm Date: Thu, 30 May 2024 09:42:02 +0200 Subject: [PATCH] Removing old postinst scripts --- bin/postinst | 1131 ----------------------------------------- bin/postinst.chrony | 1170 ------------------------------------------- 2 files changed, 2301 deletions(-) delete mode 100644 bin/postinst delete mode 100644 bin/postinst.chrony diff --git a/bin/postinst b/bin/postinst deleted file mode 100644 index a927c78..0000000 --- a/bin/postinst +++ /dev/null @@ -1,1131 +0,0 @@ -#!/bin/bash - - -HASH_LINE="#######################################################################################" -COBBLER_URL="http://192.168.88.8" - -echo "$(date --rfc-3339=seconds): Das ist das Post-Install-Script '$0'." -echo - -if [[ -z "${hostname}" ]] ; then - hostname="template.pixelpark.com" -fi -IP_ADDRESS_ETH0=$( host "${hostname}" | sed -e 's/.*has address[ ][ ]*//' ) -DOMAIN=$( echo "${hostname}" | cut -d. -f2,3 ) -SIMPLE_HOSTNAME=$( echo "${hostname}" | cut -d. -f1 ) - -if [[ -z "${ip_address_eth0}" ]] ; then - ip_address_eth0="${IP_ADDRESS_ETH0}" -fi - -ROOT_PW_CRYPTED="\$6\$I0yXrNsT\$YU3ekjNLy1KTWLRVNww8YM1xtO8FXgTEFhOANS.HB8baj7CxNMRCoxDQh5oFYkZbli67s4pwZ36aNchD2YL.G0" - -GIT_ACCOUNT="vmware-provisioning" -GIT_PASSWD="shiesa&a4taich+iecah8Chu" -GIT_REPO_DIR="postfix_config" -GIT_SERVER="git.pixelpark.com" -GIT_NAMESPACE="ppadmin" -#GIT_REPO="https://@@acount@@:@@pwd@@@git.pixelpark.com/ppadmin/${GIT_REPO_DIR}.git" -POSTFIX_MYORIGIN='pixelpark.net' -POSTFIX_RELAYHOST='[mx.pixelpark.net]' - -ERROR_POINTER="/root/postinst-error.txt" - -echo -echo "Some information:" -echo " \$hostname: $hostname" -echo " \$system_name: $system_name" -echo " \$gateway: $gateway" -echo " \$mac_address_eth0: $mac_address_eth0" -echo " \$ip_address_eth0: $ip_address_eth0" -echo " \$IP_ADDRESS_ETH0: $IP_ADDRESS_ETH0" -echo " \$SIMPLE_HOSTNAME: $SIMPLE_HOSTNAME" -echo " \$DOMAIN: $DOMAIN" - -#----------------------------------------------------------- -log() { - - echo "$(date --rfc-3339=seconds): $*" - echo "$*" >/dev/console -} - -#----------------------------------------------------------- -create_authkeys() { - - echo - echo "${HASH_LINE}" - echo - local url="${COBBLER_URL}/custom/create-vmware-tpl/keys/auth_keys_pp_betrieb" - - log "Creating /root/.ssh ..." - mkdir -pv /root/.ssh - chmod -v 0700 /root/.ssh - - log "Creating /root/.ssh/authorized_keys ..." - echo "${HASH_LINE}" >> /root/.ssh/authorized_keys - echo "ssh-dss AAAAB3NzaC1kc3MAAACBAKDLJjA6G2vfqM55xaDspJetd/IUqWWExh3wyrroHY1+wUCF39Qj3kibUP5IfynjPWjVwrxB5JDEPnGdr1kiMO9mfXMiOVZMRcB26RLXfWjpuoXSR+aUKtzEiJv9s+0R3A4Xxj9Vzn5xcGVqU/X9o25Wjltvgp2QgR8OOPjj0PLfAAAAFQDtdQMaYrc70T6Tl+E9d2pAXjJfcwAAAIBVPIqPUg6jTRU6XJgudNtWlmWOD/GdU1nlaHsTm3rKDzQY9hAx+JMKg9ihimGCGdHxXNYQwEk8UnHe04GuKwEw7Lz3+w8x/o0VUBRAkjPAYt34nIO2r2RXEH8NZUBOHPjMng5aygavLlXYovtvlcA4TZsW0T5eqf/5zS3iWhwilAAAAIBrbamvXpY/cbsVDbkw6JmqFoVeOR0jro4a3+/+fDssUygSw+9fSSRAmoXxF1eXTtq28Wx5I5jBSEVYfwSh++3YT+y9cFsnClJ3OwA9JxIWy8JhmXbNdktn8msrIusjUbGjWhIIw7DLm1LMxLcWByR7f97z1MVdetAsGQB9sfxZzQ== softdist" >> /root/.ssh/authorized_keys - echo "${HASH_LINE}" >> /root/.ssh/authorized_keys - echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDZ3QNzqiDE6jUzmXnOzIM93mZBPZtSDbCgYQd8xwOz9ZROxqLcckr8qIvyLFDv/fedwQlLDTg90LGX/zHHAB0T+0DB2dMFOWeSloIMMp+0WwG9i6H0ty6NUVSktvG6h4jbgkhMhHGUEHhxgR2LgxTjq8fpcMOLJ4HLLGW9W3BQOVtoi8hiffKm5DB9Au0HgNvXP/UrCQkBtFzMyhRb7D7aFyDyU/7SuM6m17DIYNx1cg79AH3mjRTQXaOVBrOBJ4uaqy6srbGzWs5FSIMMbgOrcmZRw5GilrG5dBbT/OQSN+sHlECx216pyLrbSWcwG1Fo11iI53pnColRUljMIPJ+XRffxT2yINEfyvfr0GGMKi4c5fcDumgYwT2+foefy72sBhNwKhzjuGySPgRU/1PH8oIcu4TJWyW1xi0AfVZnJhjU5RKeWQ9VMhh1nDntpRdD5z+0FrAL+9AINW4Bjboc6OisikIABBeoT9mbYNNGdHA7rpdJwURycJDpJDhyr0voNnmQ15JF6KZebM0+OW9apTxdotKPKYJ8pFBRGXrTENSVvFNIBbYD55IJ2MlOD2eX6XX2/tnHMdZHCE9Gi22Y8p1oiahLtCU3Th8WwazQlh4H9xAJzK0jp7MOpI3Y553i8zBU47VpO5juELH2bCNwChpdbZbY0i6MxQF61d2iJw== create-vmware-tpl@pixelpark.com" >> /root/.ssh/authorized_keys - - local tmp_file=$( mktemp ) - curl -s -S -o "${tmp_file}" --connect-timeout 3 "${url}" || true - if [[ -s "${tmp_file}" ]] ; then - cat "${tmp_file}" >> /root/.ssh/authorized_keys - fi - rm -v "${tmp_file}" -} - -#----------------------------------------------------------- -import_ssh_hostkeys() { - - echo - echo "${HASH_LINE}" - echo - log "Importing SSH host keys ..." - - mkdir -pv /etc/ssh - local tmp_file= - local stem= - local fullname= - local url= - - for stem in ssh_host_ecdsa_key ssh_host_ed25519_key ssh_host_rsa_key ; do - for fullname in "${stem}" "${stem}.pub" ; do - tmp_file=$( mktemp ) - url="${COBBLER_URL}/custom/create-vmware-tpl/keys/${fullname}" - curl -s -S -o "${tmp_file}" --connect-timeout 3 "${url}" - if [[ -s "${tmp_file}" ]] ; then - mv -v "${tmp_file}" "/etc/ssh/${fullname}" - if [[ "${stem}" == "${fullname}" ]] ; then - chown -v root:ssh_keys "/etc/ssh/${fullname}" - chmod -v 0640 "/etc/ssh/${fullname}" - else - chmod -v 0644 "/etc/ssh/${fullname}" - fi - fi - rm -f "${tmp_file}" - done - done - -} - -#----------------------------------------------------------- -create_etc_hosts() { - - echo - echo "${HASH_LINE}" - echo - log "Generating /etc/hosts ..." - - cat <<-EOF >/etc/hosts - # generated by pixelpark install server - - 127.0.0.1 localhost - ${IP_ADDRESS_ETH0} ${hostname} ${SIMPLE_HOSTNAME} - - EOF - -} - -#----------------------------------------------------------- -set_hostname() { - echo - echo "${HASH_LINE}" - echo - log "Setting hostname ${hostname} ..." - hostnamectl set-hostname --static "${hostname}" - hostname > /etc/hostname - echo "Hostname normal: $(hostname)" - echo "Hostname simple: $(hostname -s)" - echo "Hostname FQDN: $(hostname -f)" -} - -#----------------------------------------------------------- -disable_ipv6() { - local sysctl_file="/etc/sysctl.d/99-disable-ipv6.conf" - echo - echo "${HASH_LINE}" - echo - log "Disabling IPv6 in '${sysctl_file}' ..." - mkdir -pv /etc/sysctl.d - echo "#disable ipv6" | tee -a "${sysctl_file}" - echo "net.ipv6.conf.all.disable_ipv6 = 1" | tee -a "${sysctl_file}" - echo "net.ipv6.conf.default.disable_ipv6 = 1" | tee -a "${sysctl_file}" - echo "net.ipv6.conf.lo.disable_ipv6 = 1" | tee -a "${sysctl_file}" -} - -#----------------------------------------------------------- -mac_exists() { - - [[ -z "$1" ]] && return 1 - local mac_address="$1" - - ip -o link | grep -i "${mac_address}" 2>/dev/null >/dev/null - return $? - -} - -#----------------------------------------------------------- -get_ifname() { - - [[ -z "$1" ]] && return 1 - local mac_address="$1" - - ip -o link | grep -i "${mac_address}" | sed -e 's/^[0-9]*: //' -e 's/:.*//' - -} - -#----------------------------------------------------------- -install_network() { - - echo - echo "${HASH_LINE}" - echo - log "Generating network configuration ..." - - local temp_dir=$( mktemp -p /tmp -d 'tmp.XXXXXXXXXX.cobbler' ) - local tmp_nw_cfg="${temp_dir}/network" - local tmp_nw_script_dir="${temp_dir}/network-scripts" - local nw_script_dir="/etc/sysconfig/network-scripts" - local old_dir="${nw_script_dir}/.old" - local ifcfg_file= - - mkdir -pv "${tmp_nw_script_dir}" - mkdir -pv "${old_dir}" - - echo "Generating /etc/sysconfig/network ..." - #cp -pv /etc/sysconfig/network-scripts/ifcfg-lo "${tmp_nw_script_dir}" - grep -v 'GATEWAY|HOSTNAME' /etc/sysconfig/network > "${tmp_nw_cfg}" - echo "GATEWAY=${gateway}" >> "${tmp_nw_cfg}" - echo "HOSTNAME=${hostname}" >> "${tmp_nw_cfg}" - mv -v /etc/sysconfig/network "/etc/sysconfig/network.orig.$( date -r /etc/sysconfig/network +'%Y-%m-%d_%H:%M:%S' )" - mv -v "${tmp_nw_cfg}" /etc/sysconfig/network - - echo "Generated /etc/sysconfig/network:" - cat /etc/sysconfig/network || true - echo - - # Also set the hostname now, some applications require it - /bin/hostname "${hostname}" - - local dev_file="${tmp_nw_script_dir}/ifcfg-eth0" - echo "Generating '${dev_file}' ..." - - cat <<-EOF >"${dev_file}" - Name="System eth0" - DEVICE=eth0 - ONBOOT=yes - HWADDR=${mac_address_eth0} - TYPE=Ethernet - BOOTPROTO=none - IPADDR=${ip_address_eth0} - NETMASK=255.255.254.0 - DEFROUTE=yes - IPV4_FAILURE_FATAL=yes - IPV6INIT=no - DNS1=217.66.52.10 - DNS2=93.188.109.13 - DNS3=212.91.225.75 - DOMAIN="pixelpark.com pixelpark.net" - - EOF - - for ifcfg_file in ${nw_script_dir}/ifcfg-* ; do - local bname=$(basename "${ifcfg_file}" ) - if [[ "${bname}" == "ifcfg-lo" ]] ; then - continue - fi - mv -v "${ifcfg_file}" "${old_dir}" - done - mv -v "${dev_file}" "${nw_script_dir}" - rm -vrf "${temp_dir}" - - echo "Generated ${nw_script_dir}/ifcfg-eth0:" - cat "${nw_script_dir}/ifcfg-eth0" || true - echo - -} - -#----------------------------------------------------------- -manage_dns() { - - echo - echo "${HASH_LINE}" - echo - log "Generating /etc/resolv.conf ..." - - rm -fv /etc/resolv.conf - - cat <<-EOF >"/etc/resolv.conf" - search pixelpark.net pixelpark.com - nameserver 93.188.109.13 - nameserver 217.66.52.10 - nameserver 212.91.225.75 - - EOF - - log "New /etc/resolv.conf:\n$(cat /etc/resolv.conf )" - -} - -#----------------------------------------------------------- -tweak_systemd() { - - echo - echo "${HASH_LINE}" - echo - log "Tweaking systemd ..." - - local sdir="/etc/systemd/system" - local getty_dir_tgt="${sdir}/getty.target.wants" - local getty_dir_at="${sdir}/getty@.service.d" - local getty_svc="/usr/lib/systemd/system/getty@.service" - local i= - local glink= - - mkdir -pv "${getty_dir_at}" - echo "Generating ${getty_dir_at}/noclear.conf ..." - cat <<-EOF >"${getty_dir_at}/noclear.conf" - [Service] - TTYVTDisallocate=no - EOF - - for i in 2 3 4 ; do - glink="${getty_dir_tgt}/gett@tty${i}.service" - ln -sv "${getty_svc}" "${glink}" - done - -} - -#----------------------------------------------------------- -tweak_grub() { - - local grub_cfg="/etc/default/grub" - if [[ -f "${grub_cfg}" ]] ; then - - echo - echo "${HASH_LINE}" - echo - log "Tweaking '${grub_cfg}' ..." - - echo "Selecting entry in /etc/grub2.cfg ..." - awk -F\' '$1=="menuentry " {print i++ " : " $2}' /etc/grub2.cfg - grub2-set-default 0 - grub2-editenv list - - echo "Removing quiet from '${grub_cfg}' ..." - sed --in-place -e 's/^\(GRUB_CMDLINE_LINUX=.*\)[ ]quiet\(.*\)/\1\2/' "${grub_cfg}" - - echo "Removing rhgb (RedHat Graphical Boot) from '${grub_cfg}' ..." - sed --in-place -e 's/^\(GRUB_CMDLINE_LINUX=.*\)[ ]rhgb\(.*\)/\1\2/' "${grub_cfg}" - - echo "Recreating /boot/grub2/grub.cfg ..." - grub2-mkconfig -o /boot/grub2/grub.cfg - - fi - -} - -#----------------------------------------------------------- -install_epel() { - - echo - echo "${HASH_LINE}" - echo - log "Install EPEL repository package ..." - - local url= - local tgt= - local bname= - local repo_file= - - echo - echo "Backing up existing repo files -> /etc/yum.repos.d/.old ..." - mkdir -pv /etc/yum.repos.d/.old - for repo_file in /etc/yum.repos.d/*.repo ; do - if [[ ! -f "${repo_file}" ]] ; then - continue - fi - mv -v "${repo_file}" /etc/yum.repos.d/.old - done - - local repo_files="epel.repo epel-testing.repo puppet.repo pixelpark.repo" - if [[ -f "/etc/oracle-release" ]] ; then - repo_files="ol7_addons.repo ol7_latest.repo ol7_optional_latest.repo ${repo_files}" - elif [[ -f /etc/centos-release ]] ; then - repo_files="centos-base.repo ${repo_files}" - fi - - for bname in ${repo_files} ; do - url="${COBBLER_URL}/custom/create-vmware-tpl/yum.repos/${bname}" - tgt="/etc/yum.repos.d/${bname}" - echo - echo "Retrieving '${url}' -> '${tgt}' ..." - if curl -s -S -o "${tgt}" --connect-timeout 3 "${url}" ; then - : - else - echo "[$(date)]: Could not get '${bname}' from '${url}'." | tee -a "${ERROR_POINTER}" - fi - chmod -v 0644 "${tgt}" - done - - mkdir -pv "/etc/pki/rpm-gpg" - chmod -v 0755 "/etc/pki" - chmod -v 0755 "/etc/pki/rpm-gpg" - - local key_files="RPM-GPG-KEY-CentOS-SIG-Storage RPM-GPG-KEY-EPEL-7 RPM-GPG-KEY-oracle" - key_files+=" RPM-GPG-KEY-pixelpark RPM-GPG-KEY-puppet-release RPM-GPG-KEY-puppetlabs" - - for bname in ${key_files} ; do - url="${COBBLER_URL}/custom/create-vmware-tpl/yum.repos/${bname}" - tgt="/etc/pki/rpm-gpg/${bname}" - echo - echo "Retrieving '${url}' -> '${tgt}' ..." - if curl -s -S -o "${tgt}" --connect-timeout 3 "${url}" ; then - : - else - echo "[$(date)]: Could not get '${bname}' from '${url}'." | tee -a "${ERROR_POINTER}" - fi - chmod -v 0644 "${tgt}" - done - - echo - log "Cleaning YUM cache ..." - yum clean all - - echo - log "Updating YUM cache ..." - if yum makecache fast ; then - : - else - echo "[$(date)]: Could not update YUM cache." | tee -a "${ERROR_POINTER}" - fi - - echo - log "Installing perl-Config-IniFiles.noarch ..." - if yum install -y perl-Config-IniFiles.noarch ; then - : - else - echo "[$(date)]: Could not install perl-Config-IniFiles.noarch." | tee -a "${ERROR_POINTER}" - fi - sleep 3 - -} - -#----------------------------------------------------------- -install_pp_tcsh_env() { - - echo - echo "${HASH_LINE}" - echo - log "Pulling pixelpark TCSH config .." - - local cdir=$(pwd) - local url="${COBBLER_URL}/custom/shell/linux_tcsh.tar" - local local_tar=$( mktemp -p /tmp "linux_tcsh.XXXXXXXX.tar" ) - - echo "Local tar file: '${local_tar}'." - if curl -s -S -o "${local_tar}" --connect-timeout 3 "${url}" ; then - : - else - echo "[$(date)]: Could not get 'linux_tcsh.tar' from '${url}'." | tee -a "${ERROR_POINTER}" - fi - if [[ -f "${local_tar}" && -s "${local_tar}" ]] ; then - cd /etc - echo "Unpacking '${local_tar}' ..." - sleep 1 - tar xvf "${local_tar}" - mv -v /etc/.cshrc /etc/csh.cshrc - fi - rm -fv "${local_tar}" - - echo - echo "${HASH_LINE}" - echo - log "Pulling BASH config .." - - url="${COBBLER_URL}/custom/create-vmware-tpl/files/fbr.sh" - local tgt="/etc/profile.d/fbr.sh" - echo "Retrieving '${url}' -> '${tgt}' ..." - if curl -s -S -o "${tgt}" --connect-timeout 3 "${url}" ; then - : - else - echo "[$(date)]: Could not get 'fbr.sh' from '${url}'." | tee -a "${ERROR_POINTER}" - fi - chmod -v 0644 "${tgt}" - -} - -#----------------------------------------------------------- -make_pp_dirs() { - echo - echo "${HASH_LINE}" - echo - log "Creating Pixelpark directories ..." - for bname in bin etc man ; do - mkdir -pv "/opt/PPlocal/${bname}" - done -} - -#----------------------------------------------------------- -misc_packages() { - - local misc_pkgs="ksh tmux vim telnet curl git colordiff psmisc" - local misc_pkgs_remove="deltarpm nfs* rpcbind abrt*" - - echo - echo "${HASH_LINE}" - echo "Disabling mysql-community in /etc/yum.conf ..." - echo "exclude=mysql-community*" >> /etc/yum.conf - - echo - echo "${HASH_LINE}" - echo - log "Installing NetworkManager ..." - if yum install -y NetworkManager NetworkManager-config-server NetworkManager-tui ; then - : - else - echo "[$(date)]: Could not install NetworkManager." | tee -a "${ERROR_POINTER}" - fi - echo "Enabling NetworkManager ..." - systemctl enable NetworkManager - - echo - log "Removing iptables-services ..." - yum remove -y iptables-services - echo "Stopping and disabling firewalld ..." - systemctl stop firewalld - systemctl disable firewalld - - echo - log "Installng VLAN vconfig ..." - if yum install -y vconfig ; then - : - else - echo "[$(date)]: Could not install vconfig." | tee -a "${ERROR_POINTER}" - fi - echo - log "Installing packages: ${misc_pkgs}" - if yum install -y ${misc_pkgs} ; then - : - else - echo "[$(date)]: Could not install ${misc_pkgs}" | tee -a "${ERROR_POINTER}" - fi - - echo - log "Removing packages mysql-community* ..." - yum remove -y mysql-community* - - echo - log "Removing packages: ${misc_pkgs_remove}" - yum remove -y ${misc_pkgs_remove} - - echo - echo "Creating /etc/gitconfig ..." - cat <<-EOF >/etc/gitconfig - [color] - ui = true - EOF - -} - -#----------------------------------------------------------- -remove_ipv6_localhost() { - - echo - echo "${HASH_LINE}" - echo - log "Removing ::1 from /etc/hosts ..." - - sed -i -e '/^::1/ d' /etc/hosts - -} - -#----------------------------------------------------------- -create_motd() { - - echo - echo "${HASH_LINE}" - echo - local url="${COBBLER_URL}/custom/pp-scripts/mk_create_motd.ksh" - - echo - log "Creating initial /etc/motd ..." - local mk_script=$( mktemp -p /tmp "mk_create_motd.XXXXXXXXXX.ksh" ) - if curl -s -S -o "${mk_script}" --connect-timeout 3 "${url}"; then - chmod 0755 "${mk_script}" - "${mk_script}" -i 192.168.88.0/23 \ - -p "Template VM" \ - -l "L105 VMWare" \ - -o "Pixelpark GmbH" > /etc/motd - else - echo "[$(date)]: Could not get 'mk_create_motd.ksh' from '${url}'." | tee -a "${ERROR_POINTER}" - fi - rm -fv "${mk_script}" - -} - -#----------------------------------------------------------- -install_legato_networker() { - - local url_client="${COBBLER_URL}/custom/legato/lgtoclnt-latest.x86_64.rpm" - local url_man="${COBBLER_URL}/custom/legato/lgtoman-latest.x86_64.rpm" - - echo - echo "${HASH_LINE}" - echo - log "Installing Legato networker client ..." - - echo "Installing from URL '${url_client}' ..." - if yum install -y "${url_client}" ; then - : - else - echo "[$(date)]: Could not install from ${url_client}" | tee -a "${ERROR_POINTER}" - fi - echo "Installing from URL '${url_man}' ..." - if yum install -y "${url_man}" ; then - : - else - echo "[$(date)]: Could not install from ${url_man}" | tee -a "${ERROR_POINTER}" - fi - - mkdir -pv /nsr/res - echo "legato01.pixelpark.com" > /nsr/res/servers - -} - -#----------------------------------------------------------- -install_ntp() { - - echo - echo "${HASH_LINE}" - echo - log "Deinstalling chrony from whatever reason ..." - echo "Stopping chronyd ..." - systemctl stop chronyd - echo "Disabling chronyd ..." - systemctl disable chronyd - echo "Deinstalling chrony ..." - yum remove -y chrony - - echo - log "Installing NTP ..." - if yum install -y ntp ; then - : - else - echo "[$(date)]: Could not install ntp." | tee -a "${ERROR_POINTER}" - fi - - echo "Cofiguring ntpd ..." - mkdir -pv /etc/ntp - - cat <<-EOF > /etc/ntp.conf - tinker panic 0 - driftfile /var/lib/ntp/drift - # Permit time synchronization with our time source, but do not - # permit the source to query or modify the service on this system. - restrict default kod nomodify notrap nopeer noquery - restrict -6 default kod nomodify notrap nopeer noquery - restrict 127.0.0.1 - restrict -6 ::1 - server time01.pixelpark.com iburst - server time02.pixelpark.com iburst - server time03.pixelpark.com iburst - - EOF - - cat <<-EOF > /etc/ntp/step-tickers - time01.pixelpark.com - time02.pixelpark.com - time03.pixelpark.com - EOF - - systemctl enable ntpd - -} - -#----------------------------------------------------------- -install_openvm_tools() { - - echo - echo "${HASH_LINE}" - echo - log "Installing open-vm-tools ..." - - if yum install -y open-vm-tools ; then - - echo "Enabling vmware-tools and vmtoolsd ..." - systemctl enable vmware-tools - systemctl enable vmtoolsd - - vmware-toolbox-cmd timesync disable - - else - echo "[$(date)]: Could not install open-vm-tools" | tee -a "${ERROR_POINTER}" - fi - -} - -#----------------------------------------------------------- -remove_uek_packages() { - - echo - echo "${HASH_LINE}" - echo - log "Switch kernel in /etc/sysconfig/kernel ..." - - sed -i -e 's/^\(DEFAULTKERNEL=\).*/\1kernel/i' /etc/sysconfig/kernel - - echo - log "Removing UEK packages ..." - - yum remove -y *-uek-* - - echo - log "Removing firmware packages ..." - - rpm -qa | grep -- -firmware | xargs --no-run-if-empty yum remove -y - -} - -#----------------------------------------------------------- -dist_upgrade() { - - echo - echo "${HASH_LINE}" - echo - log "Upgrading all packages ..." - echo - if yum upgrade -y ; then - : - else - echo "[$(date)]: Upgrading system not successful." | tee -a "${ERROR_POINTER}" - fi - -} - -#----------------------------------------------------------- -install_puppet() { - - local pplabs_conf_dir="/etc/puppetlabs" - local puppet_conf_dir="${pplabs_conf_dir}/puppet" - local puppet_conf_file="${puppet_conf_dir}/puppet.conf" - local facter_conf_dir="${pplabs_conf_dir}/facter/facts.d" - - echo - echo "${HASH_LINE}" - echo - log "Installing Puppet agent ..." - echo - - echo "Creating group puppet ..." - groupadd -g 63000 puppet - getent group puppet - - echo "Creating user puppet ..." - useradd -u 63000 -g puppet -d /var/lib/puppet -c "Puppet configuration management" -s /sbin/nologin puppet - getent passwd puppet - id puppet - - echo - echo "Installing puppet package ..." - if yum install -y puppet-agent ; then - : - else - echo "[$(date)]: Could not install puppet-agent." | tee -a "${ERROR_POINTER}" - fi - - echo - echo "Creating config dirs ..." - mkdir -pv "${puppet_conf_dir}" "${facter_conf_dir}" - - echo - echo "Creating ${puppet_conf_file} ..." - cat <<-EOF >"${puppet_conf_file}" - [main] - ca_ttl = 10y - [agent] - # The file in which puppetd stores a list of the classes - # associated with the retrieved configuratiion. Can be loaded in - # the separate "puppet" executable using the "--loadclasses" - # option. - # The default value is '\$confdir/classes.txt'. - classfile = \$vardir/classes.txt - - environment = production - report = true - pluginsync = true - splay = true - use_srv_records = true - srv_domain = pixelpark.info - pluginsource = puppet:///plugins - pluginfactsource = puppet:///pluginfacts - - EOF - - echo - echo "Creating ${facter_conf_dir}/customer.yaml" - cat <<-EOF >"${facter_conf_dir}/customer.yaml" - --- - customer: pixelpark - EOF - - echo - echo "Creating ${facter_conf_dir}/host.yaml" - cat <<-EOF >"${facter_conf_dir}/host.yaml" - --- - pp_purpose: Unknown - pp_location: L105 - pp_owner: Pixelpark AG - pp_contact: 8x5@pixelpark.com - pp_zonehost: Unknown - EOF - - echo - echo "Creating ${facter_conf_dir}/tier.yaml" - cat <<-EOF >"${facter_conf_dir}/tier.yaml" - --- - tier: production - EOF - - echo - echo "Disabling service puppet ..." - systemctl disable puppet - -} - -#----------------------------------------------------------- -disable_floppy() { - - echo - echo "${HASH_LINE}" - echo - log "Disabling floppy kernel module ..." - - cat <<-EOF >"/etc/modprobe.d/local-blacklist.conf" - blacklist floppy - EOF - -} - -#----------------------------------------------------------- -set_root_pw() { - - echo - echo "${HASH_LINE}" - echo - log "Setting root password ..." - usermod -p "${ROOT_PW_CRYPTED}" root - -} - -#----------------------------------------------------------- -disable_root_login_pw() { - - echo - echo "${HASH_LINE}" - echo - log "Disabling SSH access for root with password ..." - - perl -p -i -e 's/^\s*#?\s*PermitRootLogin\s.*/PermitRootLogin without-password/i' /etc/ssh/sshd_config - -} - -#----------------------------------------------------------- -install_clamav() { - - echo - echo "${HASH_LINE}" - echo - log "Installing and configuring ClamAV ..." - - yum install -y clamav clamav-update - - echo "Tweaking /etc/freshclam.conf ..." - - sed -e '/^#*Example/ d' \ - -e 's/^[ ]*DatabaseMirror[ ].*/DatabaseMirror clamav.pixelpark.com/i' \ - -e 's/\(#PrivateMirror mirror2.mynetwork.com\)/\1\nPrivateMirror clamav.pixelpark.com/i' \ - -i /etc/freshclam.conf - - echo - log "Running freshclam ..." - freshclam --verbose - -} - -#----------------------------------------------------------- -install_postfix() { - - echo - echo "${HASH_LINE}" - echo - log "Installing and configuring Postfix ..." - - local -a main_options_remove=( - 'address_verify_map' - 'address_verify_relay_transport' - 'broken_sasl_auth_clients' - 'command_directory' - 'daemon_directory' - 'data_directory' - 'debug_peer_level' - 'debugger_command' - 'hash_queue_depth' - 'html_directory' - 'lmtp_tls_loglevel' - 'mail_owner' - 'manpage_directory' - 'masquerade_domains' - 'master_service_disable' - 'maximal_queue_lifetime' - 'queue_directory' - 'readme_directory' - 'recipient_canonical_maps' - 'recipient_delimiter' - 'relay_domains' - 'sample_directory' - 'sender_dependent_default_transport_maps' - 'sender_dependent_relayhost_maps' - 'setgid_group' - 'smtp_sasl_auth_enable' - 'smtp_tls_cert_file' - 'smtp_tls_enforce_peername' - 'smtp_tls_key_file' - 'smtp_tls_loglevel' - 'smtp_tls_per_site' - 'smtp_tls_policy_maps' - 'smtp_tls_session_cache_database' - 'smtp_use_tls' - 'smtpd_client_restrictions' - 'smtpd_helo_restrictions' - 'smtpd_recipient_restrictions' - 'smtpd_relay_restrictions' - 'smtpd_sasl_auth_enable' - 'smtpd_sasl_authenticated_header' - 'smtpd_sasl_local_domain' - 'smtpd_sender_restrictions' - 'smtpd_tls_auth_only' - 'smtpd_tls_CAfile' - 'smtpd_tls_cert_file' - 'smtpd_tls_key_file' - 'smtpd_tls_loglevel' - 'smtpd_tls_received_header' - 'smtpd_tls_session_cache_database' - 'smtpd_use_tls' - 'tls_random_prng_update_period' - 'tls_random_source' - 'transport_maps' - 'unknown_local_recipient_reject_code' - 'unverified_recipient_reject_code' - ) - - local -a main_options_set=( - 'alias_database = ${default_database_type}:/etc/aliases' - 'alias_maps =' - 'append_dot_mydomain = no' - 'biff = no' - 'default_database_type = hash' - 'inet_protocols = all' - 'local_recipient_maps =' - 'local_transport = error:5.1.1 Mailbox unavailable' - 'mailbox_size_limit = 0' - 'message_size_limit = 358400000' - 'mydestination =' - "mydomain = ${POSTFIX_MYORIGIN}" - "myhostname = ${hostname}" - 'mynetworks = 127.0.0.0/8' - "relayhost = ${POSTFIX_RELAYHOST}" - 'smtp_generic_maps = ${default_database_type}:/etc/postfix/generic' - 'smtp_tls_note_starttls_offer = yes' - 'smtp_tls_security_level = none' - 'smtpd_banner = $myhostname ESMTP $mail_name $mail_version' - 'smtpd_tls_security_level = none' - 'virtual_alias_maps = ${default_database_type}:/etc/postfix/virtual' - ) - - - if yum install -y postfix mailx ; then - : - else - echo "[$(date)]: Could not install postfix and mailx." | tee -a "${ERROR_POINTER}" - fi - - cat <<-EOF >"/etc/postfix/generic" - - root root+${hostname} - root@localhost root+${hostname} - icinga icinga+${hostname} - icinga@localhost icinga+${hostname} - nagios nagios+${hostname} - nagios@localhost nagios+${hostname} - xymon xymon+${hostname} - xymon@localhost xymon+${hostname} - - EOF - - postmap hash:/etc/postfix/generic - - echo "Backup Postfix configuration ..." - cp -pv "/etc/postfix/main.cf" \ - "/etc/postfix/main.cf.$( date -r /etc/postfix/main.cf +'%Y-%m-%d_%H:%M:%S' ).bak" - cp -pv "/etc/postfix/master.cf" \ - "/etc/postfix/master.cf.$( date -r /etc/postfix/master.cf +'%Y-%m-%d_%H:%M:%S' ).bak" - if [[ -f "/etc/postfix/virtual" ]] ; then - cp -pv "/etc/postfix/virtual" \ - "/etc/postfix/virtual.$( date -r /etc/postfix/virtual +'%Y-%m-%d_%H:%M:%S' ).bak" - fi - - local option= - for option in "${main_options_remove[@]}" ; do - echo "Removing postfix option '${option}' ..." - postconf -X "${option}" - done - - for option in "${main_options_set[@]}" ; do - echo "Setting postfix option: '${option}' ..." - postconf -e "${option}" - done - - mkdir -pv /var/tmp - cd /var/tmp - -# local url=$( echo "${GIT_REPO}" | sed -e "s/@@acount@@/${GIT_ACCOUNT}/" \ -# -e "s/@@pwd@@/${GIT_PASSWD}/" ) - local url="https://${GIT_ACCOUNT}:${GIT_PASSWD}@${GIT_SERVER}/${GIT_NAMESPACE}/${GIT_REPO_DIR}.git" - echo "Using Git URL: '${url}' ..." - - git clone "${url}" - cd "${GIT_REPO_DIR}" - - echo "Copying virtual ..." - cp -pv maps/virtual-nullclient-webmaster /etc/postfix/virtual - postmap hash:/etc/postfix/virtual - - echo "Copying master.cf ..." - cp -pv master-nullclient.cf /etc/postfix/master.cf - - cd .. - echo "Removing '${GIT_REPO_DIR}'" - rm -rf "${GIT_REPO_DIR}" - cd - - echo - echo "${HASH_LINE}" - echo "Generated main postfix configuration:" - echo - postconf -n - echo - echo "${HASH_LINE}" - echo "Generated master postfix configuration:" - echo - postconf -M - echo - -} - -#----------------------------------------------------------- -config_rsyslog_to_remote() { - - echo - echo "${HASH_LINE}" - echo - log "Adding loghost to rsyslog configuration ..." - - mkdir -pv /etc/rsyslog.d - - cat <<-EOF > "/etc/rsyslog.d/loghost.conf" - \$ModLoad imklog - *.* @loghost.pixelpark.com:514 - EOF - -} - -#----------------------------------------------------------- -config_logrotate() { - - echo - echo "${HASH_LINE}" - echo - log "Configuring logrotation ..." - echo - - mkdir -pv /etc/logrotate.d - - local base_url="${COBBLER_URL}/custom/create-vmware-tpl/files" - - local tmp_file=$( mktemp ) - local url="${base_url}/logrotate.conf" - local tgt="/etc/logrotate.conf" - - echo "Getting ${url} => ${tgt} ..." - if curl -s -S -o "${tmp_file}" --connect-timeout 3 "${url}" ; then - : - else - echo "[$(date)]: Could not get 'logrotate.conf' from '${url}'." | tee -a "${ERROR_POINTER}" - fi - if [[ -s "${tmp_file}" ]] ; then - cp -v "${tmp_file}" "${tgt}" - fi - - local base= - for base in btmp syslog wtmp ; do - url="${base_url}/logrotate.d.${base}" - tgt="/etc/logrotate.d/${base}" - cp -v /dev/null "${tmp_file}" - echo "Getting ${url} => ${tgt} ..." - if curl -s -S -o "${tmp_file}" --connect-timeout 3 "${url}" ; then - : - else - echo "[$(date)]: Could not get '${base}' from '${url}'." | tee -a "${ERROR_POINTER}" - fi - if [[ -s "${tmp_file}" ]] ; then - cp -v "${tmp_file}" "${tgt}" - fi - done - - rm -v "${tmp_file}" - -} - -#----------------------------------------------------------- -main() { - - create_authkeys - import_ssh_hostkeys - create_etc_hosts - set_hostname - disable_ipv6 - install_network - manage_dns - tweak_systemd - install_epel - install_pp_tcsh_env - make_pp_dirs - misc_packages - remove_ipv6_localhost - create_motd - install_legato_networker - install_ntp - install_openvm_tools - remove_uek_packages - disable_floppy - set_root_pw - disable_root_login_pw - dist_upgrade - # install_clamav - install_puppet - install_postfix - config_logrotate - config_rsyslog_to_remote - remove_ipv6_localhost - - tweak_grub - -} - - -#----------------------------------------------------------- -main "$@" - -# vim: ts=4 et list diff --git a/bin/postinst.chrony b/bin/postinst.chrony deleted file mode 100644 index 21e6185..0000000 --- a/bin/postinst.chrony +++ /dev/null @@ -1,1170 +0,0 @@ -#!/bin/bash - - -HASH_LINE="#######################################################################################" -COBBLER_URL="http://192.168.88.8" - -echo "$(date --rfc-3339=seconds): Das ist das Post-Install-Script '$0'." -echo - -if [[ -z "${hostname}" ]] ; then - hostname="template.pixelpark.com" -fi -IP_ADDRESS_ETH0=$( host "${hostname}" | sed -e 's/.*has address[ ][ ]*//' ) -DOMAIN=$( echo "${hostname}" | cut -d. -f2,3 ) -SIMPLE_HOSTNAME=$( echo "${hostname}" | cut -d. -f1 ) - -ROOT_PW_CRYPTED="\$6\$I0yXrNsT\$YU3ekjNLy1KTWLRVNww8YM1xtO8FXgTEFhOANS.HB8baj7CxNMRCoxDQh5oFYkZbli67s4pwZ36aNchD2YL.G0" - -GIT_ACCOUNT="vmware-provisioning" -GIT_PASSWD="shiesa&a4taich+iecah8Chu" -GIT_REPO_DIR="postfix_config" -GIT_SERVER="git.pixelpark.com" -GIT_NAMESPACE="ppadmin" -#GIT_REPO="https://@@acount@@:@@pwd@@@git.pixelpark.com/ppadmin/${GIT_REPO_DIR}.git" -POSTFIX_MYORIGIN='pixelpark.net' -POSTFIX_RELAYHOST='[mx.pixelpark.net]' - -ERROR_POINTER="/root/postinst-error.txt" - -echo -echo "Some information:" -echo " \$hostname: $hostname" -echo " \$system_name: $system_name" -echo " \$gateway: $gateway" -echo " \$mac_address_eth0: $mac_address_eth0" -echo " \$ip_address_eth0: $ip_address_eth0" -echo " \$IP_ADDRESS_ETH0: $IP_ADDRESS_ETH0" -echo " \$SIMPLE_HOSTNAME: $SIMPLE_HOSTNAME" -echo " \$DOMAIN: $DOMAIN" - -#----------------------------------------------------------- -log() { - - echo "$(date --rfc-3339=seconds): $*" - echo "$*" >/dev/console -} - -#----------------------------------------------------------- -create_authkeys() { - - echo - echo "${HASH_LINE}" - echo - local url="${COBBLER_URL}/custom/create-vmware-tpl/keys/auth_keys_pp_betrieb" - - log "Creating /root/.ssh ..." - mkdir -pv /root/.ssh - chmod -v 0700 /root/.ssh - - log "Creating /root/.ssh/authorized_keys ..." - echo "${HASH_LINE}" >> /root/.ssh/authorized_keys - echo "ssh-dss AAAAB3NzaC1kc3MAAACBAKDLJjA6G2vfqM55xaDspJetd/IUqWWExh3wyrroHY1+wUCF39Qj3kibUP5IfynjPWjVwrxB5JDEPnGdr1kiMO9mfXMiOVZMRcB26RLXfWjpuoXSR+aUKtzEiJv9s+0R3A4Xxj9Vzn5xcGVqU/X9o25Wjltvgp2QgR8OOPjj0PLfAAAAFQDtdQMaYrc70T6Tl+E9d2pAXjJfcwAAAIBVPIqPUg6jTRU6XJgudNtWlmWOD/GdU1nlaHsTm3rKDzQY9hAx+JMKg9ihimGCGdHxXNYQwEk8UnHe04GuKwEw7Lz3+w8x/o0VUBRAkjPAYt34nIO2r2RXEH8NZUBOHPjMng5aygavLlXYovtvlcA4TZsW0T5eqf/5zS3iWhwilAAAAIBrbamvXpY/cbsVDbkw6JmqFoVeOR0jro4a3+/+fDssUygSw+9fSSRAmoXxF1eXTtq28Wx5I5jBSEVYfwSh++3YT+y9cFsnClJ3OwA9JxIWy8JhmXbNdktn8msrIusjUbGjWhIIw7DLm1LMxLcWByR7f97z1MVdetAsGQB9sfxZzQ== softdist" >> /root/.ssh/authorized_keys - echo "${HASH_LINE}" >> /root/.ssh/authorized_keys - echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDZ3QNzqiDE6jUzmXnOzIM93mZBPZtSDbCgYQd8xwOz9ZROxqLcckr8qIvyLFDv/fedwQlLDTg90LGX/zHHAB0T+0DB2dMFOWeSloIMMp+0WwG9i6H0ty6NUVSktvG6h4jbgkhMhHGUEHhxgR2LgxTjq8fpcMOLJ4HLLGW9W3BQOVtoi8hiffKm5DB9Au0HgNvXP/UrCQkBtFzMyhRb7D7aFyDyU/7SuM6m17DIYNx1cg79AH3mjRTQXaOVBrOBJ4uaqy6srbGzWs5FSIMMbgOrcmZRw5GilrG5dBbT/OQSN+sHlECx216pyLrbSWcwG1Fo11iI53pnColRUljMIPJ+XRffxT2yINEfyvfr0GGMKi4c5fcDumgYwT2+foefy72sBhNwKhzjuGySPgRU/1PH8oIcu4TJWyW1xi0AfVZnJhjU5RKeWQ9VMhh1nDntpRdD5z+0FrAL+9AINW4Bjboc6OisikIABBeoT9mbYNNGdHA7rpdJwURycJDpJDhyr0voNnmQ15JF6KZebM0+OW9apTxdotKPKYJ8pFBRGXrTENSVvFNIBbYD55IJ2MlOD2eX6XX2/tnHMdZHCE9Gi22Y8p1oiahLtCU3Th8WwazQlh4H9xAJzK0jp7MOpI3Y553i8zBU47VpO5juELH2bCNwChpdbZbY0i6MxQF61d2iJw== create-vmware-tpl@pixelpark.com" >> /root/.ssh/authorized_keys - - local tmp_file=$( mktemp ) - curl -s -S -o "${tmp_file}" --connect-timeout 3 "${url}" || true - if [[ -s "${tmp_file}" ]] ; then - cat "${tmp_file}" >> /root/.ssh/authorized_keys - fi - rm -v "${tmp_file}" -} - -#----------------------------------------------------------- -import_ssh_hostkeys() { - - echo - echo "${HASH_LINE}" - echo - log "Importing SSH host keys ..." - - mkdir -pv /etc/ssh - local tmp_file= - local stem= - local fullname= - local url= - - for stem in ssh_host_ecdsa_key ssh_host_ed25519_key ssh_host_rsa_key ; do - for fullname in "${stem}" "${stem}.pub" ; do - tmp_file=$( mktemp ) - url="${COBBLER_URL}/custom/create-vmware-tpl/keys/${fullname}" - curl -s -S -o "${tmp_file}" --connect-timeout 3 "${url}" - if [[ -s "${tmp_file}" ]] ; then - mv -v "${tmp_file}" "/etc/ssh/${fullname}" - if [[ "${stem}" == "${fullname}" ]] ; then - chown -v root:ssh_keys "/etc/ssh/${fullname}" - chmod -v 0640 "/etc/ssh/${fullname}" - else - chmod -v 0644 "/etc/ssh/${fullname}" - fi - fi - rm -f "${tmp_file}" - done - done - -} - -#----------------------------------------------------------- -create_etc_hosts() { - - echo - echo "${HASH_LINE}" - echo - log "Generating /etc/hosts ..." - - cat <<-EOF >/etc/hosts - # generated by pixelpark install server - - 127.0.0.1 localhost - ${IP_ADDRESS_ETH0} ${hostname} ${SIMPLE_HOSTNAME} - - EOF - -} - -#----------------------------------------------------------- -set_hostname() { - echo - echo "${HASH_LINE}" - echo - log "Setting hostname ${hostname} ..." - hostnamectl set-hostname --static "${hostname}" - hostname > /etc/hostname - echo "Hostname normal: $(hostname)" - echo "Hostname simple: $(hostname -s)" - echo "Hostname FQDN: $(hostname -f)" -} - -#----------------------------------------------------------- -disable_ipv6() { - local sysctl_file="/etc/sysctl.d/99-disable-ipv6.conf" - echo - echo "${HASH_LINE}" - echo - log "Disabling IPv6 in '${sysctl_file}' ..." - mkdir -pv /etc/sysctl.d - echo "#disable ipv6" | tee -a "${sysctl_file}" - echo "net.ipv6.conf.all.disable_ipv6 = 1" | tee -a "${sysctl_file}" - echo "net.ipv6.conf.default.disable_ipv6 = 1" | tee -a "${sysctl_file}" - echo "net.ipv6.conf.lo.disable_ipv6 = 1" | tee -a "${sysctl_file}" -} - -#----------------------------------------------------------- -mac_exists() { - - [[ -z "$1" ]] && return 1 - local mac_address="$1" - - ip -o link | grep -i "${mac_address}" 2>/dev/null >/dev/null - return $? - -} - -#----------------------------------------------------------- -get_ifname() { - - [[ -z "$1" ]] && return 1 - local mac_address="$1" - - ip -o link | grep -i "${mac_address}" | sed -e 's/^[0-9]*: //' -e 's/:.*//' - -} - -#----------------------------------------------------------- -install_network() { - - echo - echo "${HASH_LINE}" - echo - log "Generating network configuration ..." - - local temp_dir=$( mktemp -p /tmp -d 'tmp.XXXXXXXXXX.cobbler' ) - local tmp_nw_cfg="${temp_dir}/network" - local tmp_nw_script_dir="${temp_dir}/network-scripts" - local nw_script_dir="/etc/sysconfig/network-scripts" - local old_dir="${nw_script_dir}/.old" - local ifcfg_file= - - mkdir -pv "${tmp_nw_script_dir}" - mkdir -pv "${old_dir}" - - echo "Generating /etc/sysconfig/network ..." - #cp -pv /etc/sysconfig/network-scripts/ifcfg-lo "${tmp_nw_script_dir}" - grep -v 'GATEWAY|HOSTNAME' /etc/sysconfig/network > "${tmp_nw_cfg}" - echo "GATEWAY=${gateway}" >> "${tmp_nw_cfg}" - echo "HOSTNAME=${hostname}" >> "${tmp_nw_cfg}" - mv -v /etc/sysconfig/network "/etc/sysconfig/network.orig.$( date -r /etc/sysconfig/network +'%Y-%m-%d_%H:%M:%S' )" - mv -v "${tmp_nw_cfg}" /etc/sysconfig/network - - # Also set the hostname now, some applications require it - /bin/hostname "${hostname}" - - local dev_file="${tmp_nw_script_dir}/ifcfg-eth0" - echo "Generating '${dev_file}' ..." - - cat <<-EOF >"${dev_file}" - Name="System eth0" - DEVICE=eth0 - ONBOOT=yes - HWADDR=${mac_address_eth0} - TYPE=Ethernet - BOOTPROTO=none - IPADDR=${ip_address_eth0} - NETMASK=255.255.254.0 - DEFROUTE=yes - IPV4_FAILURE_FATAL=yes - IPV6INIT=no - DNS1=217.66.52.10 - DNS2=93.188.109.13 - DNS3=212.91.225.75 - DOMAIN="pixelpark.com pixelpark.net" - - EOF - - for ifcfg_file in ${nw_script_dir}/ifcfg-* ; do - local bname=$(basename "${ifcfg_file}" ) - if [[ "${bname}" == "ifcfg-lo" ]] ; then - continue - fi - mv -v "${ifcfg_file}" "${old_dir}" - done - mv -v "${dev_file}" "${nw_script_dir}" - - rm -vrf "${temp_dir}" - -} - -#----------------------------------------------------------- -manage_dns() { - - echo - echo "${HASH_LINE}" - echo - log "Generating /etc/resolv.conf ..." - - rm -fv /etc/resolv.conf - - cat <<-EOF >"/etc/resolv.conf" - search pixelpark.net pixelpark.com - nameserver 93.188.109.13 - nameserver 217.66.52.10 - nameserver 212.91.225.75 - - EOF - - log "New /etc/resolv.conf:\n$(cat /etc/resolv.conf )" - -} - -#----------------------------------------------------------- -tweak_systemd() { - - echo - echo "${HASH_LINE}" - echo - log "Tweaking systemd ..." - - local sdir="/etc/systemd/system" - local getty_dir_tgt="${sdir}/getty.target.wants" - local getty_dir_at="${sdir}/getty@.service.d" - local getty_svc="/usr/lib/systemd/system/getty@.service" - local i= - local glink= - - mkdir -pv "${getty_dir_at}" - echo "Generating ${getty_dir_at}/noclear.conf ..." - cat <<-EOF >"${getty_dir_at}/noclear.conf" - [Service] - TTYVTDisallocate=no - EOF - - for i in 2 3 4 ; do - glink="${getty_dir_tgt}/gett@tty${i}.service" - ln -sv "${getty_svc}" "${glink}" - done - -} - -#----------------------------------------------------------- -tweak_grub() { - - local grub_cfg="/etc/default/grub" - if [[ -f "${grub_cfg}" ]] ; then - - echo - echo "${HASH_LINE}" - echo - log "Tweaking '${grub_cfg}' ..." - - echo "Selecting entry in /etc/grub2.cfg ..." - awk -F\' '$1=="menuentry " {print i++ " : " $2}' /etc/grub2.cfg - grub2-set-default 0 - grub2-editenv list - - echo "Removing quiet from '${grub_cfg}' ..." - sed --in-place -e 's/^\(GRUB_CMDLINE_LINUX=.*\)[ ]quiet\(.*\)/\1\2/' "${grub_cfg}" - - echo "Recreating /boot/grub2/grub.cfg ..." - grub2-mkconfig -o /boot/grub2/grub.cfg - - fi - -} - -#----------------------------------------------------------- -install_epel() { - - echo - echo "${HASH_LINE}" - echo - log "Install EPEL repository package ..." - - local url= - local tgt= - local bname= - local repo_file= - - echo - echo "Backing up existing repo files -> /etc/yum.repos.d/.old ..." - mkdir -pv /etc/yum.repos.d/.old - for repo_file in /etc/yum.repos.d/*.repo ; do - if [[ ! -f "${repo_file}" ]] ; then - continue - fi - mv -v "${repo_file}" /etc/yum.repos.d/.old - done - - local repo_files="epel.repo epel-testing.repo puppet.repo pixelpark.repo" - if [[ -f "/etc/oracle-release" ]] ; then - repo_files="ol7_addons.repo ol7_latest.repo ol7_optional_latest.repo ${repo_files}" - elif [[ -f /etc/centos-release ]] ; then - repo_files="centos-base.repo ${repo_files}" - fi - - for bname in ${repo_files} ; do - url="${COBBLER_URL}/custom/create-vmware-tpl/yum.repos/${bname}" - tgt="/etc/yum.repos.d/${bname}" - echo - echo "Retrieving '${url}' -> '${tgt}' ..." - if curl -s -S -o "${tgt}" --connect-timeout 3 "${url}" ; then - : - else - echo "[$(date)]: Could not get '${bname}' from '${url}'." | tee -a "${ERROR_POINTER}" - fi - chmod -v 0644 "${tgt}" - done - - mkdir -pv "/etc/pki/rpm-gpg" - chmod -v 0755 "/etc/pki" - chmod -v 0755 "/etc/pki/rpm-gpg" - - local key_files="RPM-GPG-KEY-CentOS-SIG-Storage RPM-GPG-KEY-EPEL-7 RPM-GPG-KEY-oracle" - key_files+=" RPM-GPG-KEY-pixelpark RPM-GPG-KEY-puppet-release RPM-GPG-KEY-puppetlabs" - - for bname in ${key_files} ; do - url="${COBBLER_URL}/custom/create-vmware-tpl/yum.repos/${bname}" - tgt="/etc/pki/rpm-gpg/${bname}" - echo - echo "Retrieving '${url}' -> '${tgt}' ..." - if curl -s -S -o "${tgt}" --connect-timeout 3 "${url}" ; then - : - else - echo "[$(date)]: Could not get '${bname}' from '${url}'." | tee -a "${ERROR_POINTER}" - fi - chmod -v 0644 "${tgt}" - done - - echo - log "Cleaning YUM cache ..." - yum clean all - - echo - log "Updating YUM cache ..." - if yum makecache fast ; then - : - else - echo "[$(date)]: Could not update YUM cache." | tee -a "${ERROR_POINTER}" - fi - - echo - log "Installing perl-Config-IniFiles.noarch ..." - if yum install -y perl-Config-IniFiles.noarch ; then - : - else - echo "[$(date)]: Could not install perl-Config-IniFiles.noarch." | tee -a "${ERROR_POINTER}" - fi - sleep 3 - -} - -#----------------------------------------------------------- -install_pp_tcsh_env() { - - echo - echo "${HASH_LINE}" - echo - log "Pulling pixelpark TCSH config .." - - local cdir=$(pwd) - local url="${COBBLER_URL}/custom/shell/linux_tcsh.tar" - local local_tar=$( mktemp -p /tmp "linux_tcsh.XXXXXXXX.tar" ) - - echo "Local tar file: '${local_tar}'." - if curl -s -S -o "${local_tar}" --connect-timeout 3 "${url}" ; then - : - else - echo "[$(date)]: Could not get 'linux_tcsh.tar' from '${url}'." | tee -a "${ERROR_POINTER}" - fi - if [[ -f "${local_tar}" && -s "${local_tar}" ]] ; then - cd /etc - echo "Unpacking '${local_tar}' ..." - sleep 1 - tar xvf "${local_tar}" - mv -v /etc/.cshrc /etc/csh.cshrc - fi - rm -fv "${local_tar}" - - echo - echo "${HASH_LINE}" - echo - log "Pulling BASH config .." - - url="${COBBLER_URL}/custom/create-vmware-tpl/files/fbr.sh" - local tgt="/etc/profile.d/fbr.sh" - echo "Retrieving '${url}' -> '${tgt}' ..." - if curl -s -S -o "${tgt}" --connect-timeout 3 "${url}" ; then - : - else - echo "[$(date)]: Could not get 'fbr.sh' from '${url}'." | tee -a "${ERROR_POINTER}" - fi - chmod -v 0644 "${tgt}" - -} - -#----------------------------------------------------------- -make_pp_dirs() { - echo - echo "${HASH_LINE}" - echo - log "Creating Pixelpark directories ..." - for bname in bin etc man ; do - mkdir -pv "/opt/PPlocal/${bname}" - done -} - -#----------------------------------------------------------- -misc_packages() { - - local misc_pkgs="ksh tmux vim telnet curl git colordiff psmisc" - local misc_pkgs_remove="deltarpm nfs* rpcbind abrt*" - - echo - echo "${HASH_LINE}" - echo "Disabling mysql-community in /etc/yum.conf ..." - echo "exclude=mysql-community*" >> /etc/yum.conf - - echo - echo "${HASH_LINE}" - echo - log "Installing NetworkManager ..." - if yum install -y NetworkManager NetworkManager-config-server NetworkManager-tui ; then - : - else - echo "[$(date)]: Could not install NetworkManager." | tee -a "${ERROR_POINTER}" - fi - echo "Enabling NetworkManager ..." - systemctl enable NetworkManager - - echo - log "Removing iptables-services ..." - yum remove -y iptables-services - echo "Stopping and disabling firewalld ..." - systemctl stop firewalld - systemctl disable firewalld - - echo - log "Installng VLAN vconfig ..." - if yum install -y vconfig ; then - : - else - echo "[$(date)]: Could not install vconfig." | tee -a "${ERROR_POINTER}" - fi - echo - log "Installing packages: ${misc_pkgs}" - if yum install -y ${misc_pkgs} ; then - : - else - echo "[$(date)]: Could not install ${misc_pkgs}" | tee -a "${ERROR_POINTER}" - fi - - echo - log "Removing packages mysql-community* ..." - yum remove -y mysql-community* - - echo - log "Removing packages: ${misc_pkgs_remove}" - yum remove -y ${misc_pkgs_remove} - - echo - echo "Creating /etc/gitconfig ..." - cat <<-EOF >/etc/gitconfig - [color] - ui = true - EOF - -} - -#----------------------------------------------------------- -remove_ipv6_localhost() { - - echo - echo "${HASH_LINE}" - echo - log "Removing ::1 from /etc/hosts ..." - - sed -i -e '/^::1/ d' /etc/hosts - -} - -#----------------------------------------------------------- -create_motd() { - - echo - echo "${HASH_LINE}" - echo - local url="${COBBLER_URL}/custom/pp-scripts/mk_create_motd.ksh" - - echo - log "Creating initial /etc/motd ..." - local mk_script=$( mktemp -p /tmp "mk_create_motd.XXXXXXXXXX.ksh" ) - if curl -s -S -o "${mk_script}" --connect-timeout 3 "${url}" ; then - chmod 0755 "${mk_script}" - "${mk_script}" -i 192.168.88.0/23 \ - -p "Template VM" \ - -l "L105 VMWare" \ - -o "Pixelpark GmbH" > /etc/motd - else - echo "[$(date)]: Could not get 'mk_create_motd.ksh' from '${url}'." | tee -a "${ERROR_POINTER}" - fi - rm -fv "${mk_script}" - -} - -#----------------------------------------------------------- -install_legato_networker() { - - local url_client="${COBBLER_URL}/custom/legato/lgtoclnt-latest.x86_64.rpm" - local url_man="${COBBLER_URL}/custom/legato/lgtoman-latest.x86_64.rpm" - - echo - echo "${HASH_LINE}" - echo - log "Installing Legato networker client ..." - - echo "Installing from URL '${url_client}' ..." - if yum install -y "${url_client}" ; then - : - else - echo "[$(date)]: Could not install from ${url_client}" | tee -a "${ERROR_POINTER}" - fi - echo "Installing from URL '${url_man}' ..." - if yum install -y "${url_man}" ; then - : - else - echo "[$(date)]: Could not install from ${url_man}" | tee -a "${ERROR_POINTER}" - fi - - mkdir -pv /nsr/res - echo "legato01.pixelpark.com" > /nsr/res/servers - -} - -#----------------------------------------------------------- -install_chrony() { - - echo - echo "${HASH_LINE}" - echo - log "Deinstalling ntp ..." - echo "Stopping ntpd.service ..." - systemctl stop ntpd.service - echo "Disabling ntpd.service ..." - systemctl disable ntpd.service - echo "Deinstalling ntp ..." - yum remove -y ntp - - echo - log "Installing Chrony ..." - if yum install -y chrony ; then - : - else - echo "[$(date)]: Could not install chrony" | tee -a "${ERROR_POINTER}" - fi - - echo "Configuring chrony ..." - - cat <<-EOF > /etc/chrony.conf - # Chrony configuration - - # Using timeservers of pixelpark - server time01.pixelpark.com iburst - server time02.pixelpark.com iburst - server time03.pixelpark.com iburst - - # Record the rate at which the system clock gains/losses time. - driftfile /var/lib/chrony/drift - - # Allow the system clock to be stepped in the first three updates - # if its offset is larger than 1 second. - makestep 1.0 3 - - # Enable kernel synchronization of the real-time clock (RTC). - rtcsync - - # Enable hardware timestamping on all interfaces that support it. - #hwtimestamp * - - # Increase the minimum number of selectable sources required to adjust - # the system clock. - minsources 2 - - # Allow NTP client access from local network. - #allow 192.168.0.0/16 - allow 10/8 - allow 192.168/16 - allow 172.16/12 - - # Serve time even if not synchronized to a time source. - local stratum 10 - - # Specify file containing keys for NTP authentication. - keyfile /etc/chrony.keys - - # Specify directory for log files. - logdir /var/log/chrony - - # Select which information is logged. - log measurements statistics tracking - - EOF - - echo "Configuring chrony keys ..." - - cat <<-EOF > /etc/chrony.keys - # This is the chrony keys file. It is used for NTP authentication with - # symmetric keys. It should be readable only by root or the user to which - # chronyd is configured to switch to after start. - - # Examples of valid keys: - - #1 MD5 AVeryLongAndRandomPassword - #2 MD5 HEX:12114855C7931009B4049EF3EFC48A139C3F989F - #3 SHA1 HEX:B2159C05D6A219673A3B7E896B6DE07F6A440995 - - 1 SHA256 HEX:4739BD84604DE5A1CCEE906C23EB3947398B31DA33BD0C5FE9A863B4CA9BA4AA - 2 MD5 HEX:4D534773C63AA638BE493B154844AADEEFFCA0AB98358E61815FA12466C8C807 - EOF - - chown -v root:chrony /etc/chrony.keys - chmod -v 0640 /etc/chrony.keys - - echo "Ensuring /var/lib/chrony ..." - mkdir -pv /var/lib/chrony - cmmod -v 0755 /var/lib/chrony - chown -v chrony:chrony /var/lib/chrony - - echo "Ensuring /var/log/chrony ..." - mkdir -pv /var/log/chrony - cmmod -v 0755 /var/log/chrony - chown -v chrony:chrony /var/log/chrony - - systemctl enable chronyd.service - -} - -#----------------------------------------------------------- -install_openvm_tools() { - - echo - echo "${HASH_LINE}" - echo - log "Installing open-vm-tools ..." - - if yum install -y open-vm-tools ; then - - echo "Enabling vmware-tools and vmtoolsd ..." - systemctl enable vmware-tools - systemctl enable vmtoolsd - - vmware-toolbox-cmd timesync disable - - else - echo "[$(date)]: Could not install open-vm-tools" | tee -a "${ERROR_POINTER}" - fi - -} - -#----------------------------------------------------------- -remove_uek_packages() { - - echo - echo "${HASH_LINE}" - echo - log "Switch kernel in /etc/sysconfig/kernel ..." - - sed -i -e 's/^\(DEFAULTKERNEL=\).*/\1kernel/i' /etc/sysconfig/kernel - - echo - log "Removing UEK packages ..." - - yum remove -y *-uek-* - - echo - log "Removing firmware packages ..." - - rpm -qa | grep -- -firmware | xargs --no-run-if-empty yum remove -y - -} - -#----------------------------------------------------------- -dist_upgrade() { - - echo - echo "${HASH_LINE}" - echo - log "Upgrading all packages ..." - echo - if yum upgrade -y ; then - : - else - echo "[$(date)]: Upgrading system not successful." | tee -a "${ERROR_POINTER}" - fi - -} - -#----------------------------------------------------------- -install_puppet() { - - local pplabs_conf_dir="/etc/puppetlabs" - local puppet_conf_dir="${pplabs_conf_dir}/puppet" - local puppet_conf_file="${puppet_conf_dir}/puppet.conf" - local facter_conf_dir="${pplabs_conf_dir}/facter/facts.d" - - echo - echo "${HASH_LINE}" - echo - log "Installing Puppet agent ..." - echo - - echo "Creating group puppet ..." - groupadd -g 63000 puppet - getent group puppet - - echo "Creating user puppet ..." - useradd -u 63000 -g puppet -d /var/lib/puppet -c "Puppet configuration management" -s /sbin/nologin puppet - getent passwd puppet - id puppet - - echo - echo "Installing puppet package ..." - if yum install -y puppet-agent ; then - : - else - echo "[$(date)]: Could not install puppet-agent." | tee -a "${ERROR_POINTER}" - fi - - echo - echo "Creating config dirs ..." - mkdir -pv "${puppet_conf_dir}" "${facter_conf_dir}" - - echo - echo "Creating ${puppet_conf_file} ..." - cat <<-EOF >"${puppet_conf_file}" - [main] - ca_ttl = 10y - [agent] - # The file in which puppetd stores a list of the classes - # associated with the retrieved configuratiion. Can be loaded in - # the separate "puppet" executable using the "--loadclasses" - # option. - # The default value is '\$confdir/classes.txt'. - classfile = \$vardir/classes.txt - - environment = production - report = true - pluginsync = true - splay = true - use_srv_records = true - srv_domain = pixelpark.info - pluginsource = puppet:///plugins - pluginfactsource = puppet:///pluginfacts - - EOF - - echo - echo "Creating ${facter_conf_dir}/customer.yaml" - cat <<-EOF >"${facter_conf_dir}/customer.yaml" - --- - customer: pixelpark - EOF - - echo - echo "Creating ${facter_conf_dir}/host.yaml" - cat <<-EOF >"${facter_conf_dir}/host.yaml" - --- - pp_purpose: Unknown - pp_location: L105 - pp_owner: Pixelpark AG - pp_contact: 8x5@pixelpark.com - pp_zonehost: Unknown - EOF - - echo - echo "Creating ${facter_conf_dir}/tier.yaml" - cat <<-EOF >"${facter_conf_dir}/tier.yaml" - --- - tier: production - EOF - - echo - echo "Disabling service puppet ..." - systemctl disable puppet - -} - -#----------------------------------------------------------- -disable_floppy() { - - echo - echo "${HASH_LINE}" - echo - log "Disabling floppy kernel module ..." - - cat <<-EOF >"/etc/modprobe.d/local-blacklist.conf" - blacklist floppy - EOF - -} - -#----------------------------------------------------------- -set_root_pw() { - - echo - echo "${HASH_LINE}" - echo - log "Setting root password ..." - usermod -p "${ROOT_PW_CRYPTED}" root - -} - -#----------------------------------------------------------- -disable_root_login_pw() { - - echo - echo "${HASH_LINE}" - echo - log "Disabling SSH access for root with password ..." - - perl -p -i -e 's/^\s*#?\s*PermitRootLogin\s.*/PermitRootLogin without-password/i' /etc/ssh/sshd_config - -} - -#----------------------------------------------------------- -install_clamav() { - - echo - echo "${HASH_LINE}" - echo - log "Installing and configuring ClamAV ..." - - yum install -y clamav clamav-update - - echo "Tweaking /etc/freshclam.conf ..." - - sed -e '/^#*Example/ d' \ - -e 's/^[ ]*DatabaseMirror[ ].*/DatabaseMirror clamav.pixelpark.com/i' \ - -e 's/\(#PrivateMirror mirror2.mynetwork.com\)/\1\nPrivateMirror clamav.pixelpark.com/i' \ - -i /etc/freshclam.conf - - echo - log "Running freshclam ..." - freshclam --verbose - -} - -#----------------------------------------------------------- -install_postfix() { - - echo - echo "${HASH_LINE}" - echo - log "Installing and configuring Postfix ..." - - local -a main_options_remove=( - 'address_verify_map' - 'address_verify_relay_transport' - 'broken_sasl_auth_clients' - 'command_directory' - 'daemon_directory' - 'data_directory' - 'debug_peer_level' - 'debugger_command' - 'hash_queue_depth' - 'html_directory' - 'lmtp_tls_loglevel' - 'mail_owner' - 'manpage_directory' - 'masquerade_domains' - 'master_service_disable' - 'maximal_queue_lifetime' - 'queue_directory' - 'readme_directory' - 'recipient_canonical_maps' - 'recipient_delimiter' - 'relay_domains' - 'sample_directory' - 'sender_dependent_default_transport_maps' - 'sender_dependent_relayhost_maps' - 'setgid_group' - 'smtp_sasl_auth_enable' - 'smtp_tls_cert_file' - 'smtp_tls_enforce_peername' - 'smtp_tls_key_file' - 'smtp_tls_loglevel' - 'smtp_tls_per_site' - 'smtp_tls_policy_maps' - 'smtp_tls_session_cache_database' - 'smtp_use_tls' - 'smtpd_client_restrictions' - 'smtpd_helo_restrictions' - 'smtpd_recipient_restrictions' - 'smtpd_relay_restrictions' - 'smtpd_sasl_auth_enable' - 'smtpd_sasl_authenticated_header' - 'smtpd_sasl_local_domain' - 'smtpd_sender_restrictions' - 'smtpd_tls_auth_only' - 'smtpd_tls_CAfile' - 'smtpd_tls_cert_file' - 'smtpd_tls_key_file' - 'smtpd_tls_loglevel' - 'smtpd_tls_received_header' - 'smtpd_tls_session_cache_database' - 'smtpd_use_tls' - 'tls_random_prng_update_period' - 'tls_random_source' - 'transport_maps' - 'unknown_local_recipient_reject_code' - 'unverified_recipient_reject_code' - ) - - local -a main_options_set=( - 'alias_database = ${default_database_type}:/etc/aliases' - 'alias_maps =' - 'append_dot_mydomain = no' - 'biff = no' - 'default_database_type = hash' - 'inet_protocols = all' - 'local_recipient_maps =' - 'local_transport = error:5.1.1 Mailbox unavailable' - 'mailbox_size_limit = 0' - 'message_size_limit = 358400000' - 'mydestination =' - "mydomain = ${POSTFIX_MYORIGIN}" - "myhostname = ${hostname}" - 'mynetworks = 127.0.0.0/8' - "relayhost = ${POSTFIX_RELAYHOST}" - 'smtp_generic_maps = ${default_database_type}:/etc/postfix/generic' - 'smtp_tls_note_starttls_offer = yes' - 'smtp_tls_security_level = none' - 'smtpd_banner = $myhostname ESMTP $mail_name $mail_version' - 'smtpd_tls_security_level = none' - 'virtual_alias_maps = ${default_database_type}:/etc/postfix/virtual' - ) - - - if yum install -y postfix mailx ; then - : - else - echo "[$(date)]: Could not install postfix and mailx." | tee -a "${ERROR_POINTER}" - fi - - cat <<-EOF >"/etc/postfix/generic" - - root root+${hostname} - root@localhost root+${hostname} - icinga icinga+${hostname} - icinga@localhost icinga+${hostname} - nagios nagios+${hostname} - nagios@localhost nagios+${hostname} - xymon xymon+${hostname} - xymon@localhost xymon+${hostname} - - EOF - - postmap hash:/etc/postfix/generic - - echo "Backup Postfix configuration ..." - cp -pv "/etc/postfix/main.cf" \ - "/etc/postfix/main.cf.$( date -r /etc/postfix/main.cf +'%Y-%m-%d_%H:%M:%S' ).bak" - cp -pv "/etc/postfix/master.cf" \ - "/etc/postfix/master.cf.$( date -r /etc/postfix/master.cf +'%Y-%m-%d_%H:%M:%S' ).bak" - if [[ -f "/etc/postfix/virtual" ]] ; then - cp -pv "/etc/postfix/virtual" \ - "/etc/postfix/virtual.$( date -r /etc/postfix/virtual +'%Y-%m-%d_%H:%M:%S' ).bak" - fi - - local option= - for option in "${main_options_remove[@]}" ; do - echo "Removing postfix option '${option}' ..." - postconf -X "${option}" - done - - for option in "${main_options_set[@]}" ; do - echo "Setting postfix option: '${option}' ..." - postconf -e "${option}" - done - - mkdir -pv /var/tmp - cd /var/tmp - -# local url=$( echo "${GIT_REPO}" | sed -e "s/@@acount@@/${GIT_ACCOUNT}/" \ -# -e "s/@@pwd@@/${GIT_PASSWD}/" ) - local url="https://${GIT_ACCOUNT}:${GIT_PASSWD}@${GIT_SERVER}/${GIT_NAMESPACE}/${GIT_REPO_DIR}.git" - echo "Using Git URL: '${url}' ..." - - git clone "${url}" - cd "${GIT_REPO_DIR}" - - echo "Copying virtual ..." - cp -pv maps/virtual-nullclient-webmaster /etc/postfix/virtual - postmap hash:/etc/postfix/virtual - - echo "Copying master.cf ..." - cp -pv master-nullclient.cf /etc/postfix/master.cf - - cd .. - echo "Removing '${GIT_REPO_DIR}'" - rm -rf "${GIT_REPO_DIR}" - cd - - echo - echo "${HASH_LINE}" - echo "Generated main postfix configuration:" - echo - postconf -n - echo - echo "${HASH_LINE}" - echo "Generated master postfix configuration:" - echo - postconf -M - echo - -} - -#----------------------------------------------------------- -config_rsyslog_to_remote() { - - echo - echo "${HASH_LINE}" - echo - log "Adding loghost to rsyslog configuration ..." - - mkdir -pv /etc/rsyslog.d - - cat <<-EOF > "/etc/rsyslog.d/loghost.conf" - \$ModLoad imklog - *.* @loghost.pixelpark.com:514 - EOF - -} - -#----------------------------------------------------------- -config_logrotate() { - - echo - echo "${HASH_LINE}" - echo - log "Configuring logrotation ..." - echo - - mkdir -pv /etc/logrotate.d - - local base_url="${COBBLER_URL}/custom/create-vmware-tpl/files" - - local tmp_file=$( mktemp ) - local url="${base_url}/logrotate.conf" - local tgt="/etc/logrotate.conf" - - echo "Getting ${url} => ${tgt} ..." - if curl -s -S -o "${tgt}" --connect-timeout 3 "${url}" ; then - : - else - echo "[$(date)]: Could not get 'logrotate.conf' from '${url}'." | tee -a "${ERROR_POINTER}" - fi - if [[ -s "${tmp_file}" ]] ; then - cp -v "${tmp_file}" "${tgt}" - fi - - local base= - for base in btmp syslog wtmp ; do - url="${base_url}/logrotate.d.${base}" - tgt="/etc/logrotate.d/${base}" - cp -v /dev/null "${tmp_file}" - echo "Getting ${url} => ${tgt} ..." - if curl -s -S -o "${tmp_file}" --connect-timeout 3 "${url}" ; then - : - else - echo "[$(date)]: Could not get '${base}' from '${url}'." | tee -a "${ERROR_POINTER}" - fi - if [[ -s "${tmp_file}" ]] ; then - cp -v "${tmp_file}" "${tgt}" - fi - done - - rm -v "${tmp_file}" - -} - -#----------------------------------------------------------- -main() { - - create_authkeys - import_ssh_hostkeys - create_etc_hosts - set_hostname - disable_ipv6 - install_network - manage_dns - tweak_systemd - install_epel - install_pp_tcsh_env - make_pp_dirs - misc_packages - remove_ipv6_localhost - create_motd - install_legato_networker - install_chrony - install_openvm_tools - remove_uek_packages - disable_floppy - set_root_pw - disable_root_login_pw - dist_upgrade - # install_clamav - install_puppet - install_postfix - config_logrotate - config_rsyslog_to_remote - remove_ipv6_localhost - - tweak_grub - -} - - -#----------------------------------------------------------- -main "$@" - -# vim: ts=4 et list -- 2.39.5