forked from hypercasey/devopsctl
-
Notifications
You must be signed in to change notification settings - Fork 0
/
devops-init.sh
333 lines (307 loc) · 13.5 KB
/
devops-init.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
#!/usr/bin/env bash
# Prepares the DevOps server environment.
createUser=true
# Requires createUser=true for mounting the
# NFS share as a regular non-privileged user.
createSshFingerUser=true
createPoweroffUser=true
createRebootUser=true
createNfsMount=true
RSAPubKey='ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCjTmc43qtCQNd9kd+EU9ltYPYLH3NZs/pZwo0Ae+mUooSiqVl8LdY3bpsRsQJh3xKhgi7y0CfHL/SUVB7YVwDrXH11RQ1VkWI28An/0U3GtQb/dIbdpgTb2CKU2LMWdGJWHHEw29Wvf2HWT0aPo5Bwby1N5lNHtnFftDGf+USub0FvSTUoLSbIh5l+VqHO78WMbGRIYrhSnuUJ+qje/L2PxewjXMSBWWIX4F+NpoP2QLlz5jSqOXxT2p1gKHV5a0C8zooCHm4/79QNpeRj19zHAvSOpPZwLk4keKhnW+jk2VHhO/qhdFk6x5aaDbyTxPm/9UFiuy4TL39UmPWcsE+/ ssh-key-2022-09-30';
if [[ true == "${createUser}" ]]; then
userName="hyperuser"
fi
if [[ true == "${createSshFingerUser}" ]]; then
fingerUserName="finger"
fi
if [[ true == "${createPoweroffUser}" ]]; then
poweroffUserName="poweroff"
fi
if [[ true == "${createRebootUser}" ]]; then
rebootUserName="reboot"
fi
if [[ true == "${createNfsMount}" ]]; then
# Requires createUser=true for mounting the
# NFS share as a regular non-privileged user.
nfsMountPoint="/home/${userName}/hyperstor"
nfsMountTarget="hyp.str.us.hyperspire.net:/hyperstor"
fi
function devopsInit {
if [[ true == "${createUser}" ]]; then
if sudo useradd -u 1111 -m ${userName}; then
echo "${userName} created successfully"
sudo cat /etc/skel/.bashrc | sudo tee "/home/${userName}/.bashrc" &> /dev/null
sudo echo "alias systemctl='sudo systemctl'" | sudo tee -a "/home/${userName}/.bashrc" &> /dev/null
sudo echo "alias service='sudo service'" | sudo tee -a "/home/${userName}/.bashrc" &> /dev/null
sudo echo "alias dnf='sudo dnf'" | sudo tee -a "/home/${userName}/.bashrc" &> /dev/null
sudo echo "alias cp='sudo cp -f --preserve=owner'" | sudo tee -a "/home/${userName}/.bashrc" &> /dev/null
sudo echo "alias mount='sudo mount'" | sudo tee -a "/home/${userName}/.bashrc" &> /dev/null
sudo echo "alias umount='sudo umount'" | sudo tee -a "/home/${userName}/.bashrc" &> /dev/null
sudo echo "alias podman='sudo podman'" | sudo tee -a "/home/${userName}/.bashrc" &> /dev/null
sudo echo "alias firewall-cmd='sudo firewall-cmd'" | sudo tee -a "/home/${userName}/.bashrc" &> /dev/null
sudo echo "alias vi='nvim'" | sudo tee -a "/home/${userName}/.bashrc" &> /dev/null
if sudo mkdir -p "/home/${userName}/.ssh"; then
echo "${userName}'s .ssh directory created successfully"
sudo chmod 700 "/home/${userName}/.ssh"
sudo touch "/home/${userName}/.ssh/authorized_keys"
sudo chmod 600 "/home/${userName}/.ssh/authorized_keys"
if sudo echo "${RSAPubKey}" | sudo tee -a "/home/${userName}/.ssh/authorized_keys" &> /dev/null; then
echo "${userName}'s authorized_keys file was successfully updated"
sudo chown -R ${userName}. "/home/${userName}/."
else
echo "${userName}'s authorized_keys file was not updated"
exit 1
fi
else
echo "${userName}'s .ssh directory was not created"
exit 1
fi
if [[ true == "${createNfsMount}" ]]; then
if sudo mkdir -p "${nfsMountPoint}"; then
echo "${nfsMountPoint} NFS mount directory was successfully created"
if sudo echo "${nfsMountTarget} ${nfsMountPoint} nfs user=${userName},defaults,auto,_netdev,nofail 0 0" | sudo tee -a /etc/fstab &> /dev/null; then
echo "${userName}'s ${nfsMountPoint} mount point was successfully added"
sudo mount ${nfsMountTarget}
sudo chown -R ${userName}. "${nfsMountPoint}/." &> /dev/null
sudo cp -f "${nfsMountPoint}/bin/containers-start" "/usr/local/bin/containers-start"
sudo cp -f "${nfsMountPoint}/bin/containers-stop" "/usr/local/bin/containers-stop"
sudo chmod +x "/usr/local/bin/containers-start"
sudo chmod +x "/usr/local/bin/containers-stop"
sudo cp -f "${nfsMountPoint}/containers.service" "/etc/systemd/system"
sudo mkdir "/home/${userName}/.local"
if sudo cp -R "${nfsMountPoint}/bin" "/home/${userName}/.local/"; then
echo "${userName}'s local bin directory was successfully copied"
sudo chown -R ${userName}. "/home/${userName}/.local/."
else
echo "${userName}'s local bin directory was not copied"
exit 1
fi
if sudo cp -f "${nfsMountPoint}/valheim-release/Defaults" "/home/${userName}/Defaults"; then
echo "${userName}'s Defaults file was successfully copied"
sudo chown ${userName}. "/home/${userName}/Defaults"
sudo chmod 600 "/home/${userName}/Defaults"
else
echo "${userName}'s Defaults file was not copied"
exit 1
fi
else
echo "${nfsMountPoint} mount point was not added"
exit 1
fi
else
echo "${nfsMountPoint} NFS mount directory was not created"
exit 1
fi
if echo "${userName} ALL=(ALL) NOPASSWD: ALL" >> "${HOME}/1111-${userName}"; then
echo "${userName}'s sudoers file was successfully generated"
if [[ 1 == $(sudo visudo -cf "${HOME}/1111-${userName}" | grep -c 'parsed OK') ]]; then
sudo cp "${HOME}/1111-${userName}" /etc/sudoers.d/
sudo chmod 0440 "/etc/sudoers.d/1111-${userName}"
echo "${userName}'s sudo permissions were successfully updated"
else
echo "${userName}'s sudo permissions were not updated"
exit 1
fi
else
echo "${userName}'s sudoers file was not generated"
exit 1
fi
fi
else
echo "${userName} not created"
exit 1
fi
fi
if [[ true == "${createSshFingerUser}" ]]; then
if sudo useradd -u 2222 -s /usr/sbin/nologin -m ${fingerUserName}; then
echo "${fingerUserName} created successfully"
if sudo mkdir -p "/home/${fingerUserName}/.ssh"; then
echo "${fingerUserName}'s .ssh directory was successfully created"
sudo chmod 700 "/home/${fingerUserName}/.ssh"
sudo touch "/home/${fingerUserName}/.ssh/authorized_keys"
sudo chmod 600 "/home/${fingerUserName}/.ssh/authorized_keys"
if sudo echo "${RSAPubKey}" | sudo tee -a "/home/${fingerUserName}/.ssh/authorized_keys" &> /dev/null; then
echo "${fingerUserName}'s authorized_keys file was successfully updated"
sudo chown -R ${fingerUserName}. "/home/${fingerUserName}/."
else
echo "${fingerUserName}'s authorized_keys file was not updated"
exit 1
fi
else
echo "${fingerUserName}'s .ssh directory was not created"
exit 1
fi
else
echo "${fingerUserName} not created"
exit 1
fi
fi
if sudo touch /usr/sbin/systemctl-login; then
sudo chmod +x /usr/sbin/systemctl-login
sudo echo "#!/usr/bin/env bash" | sudo tee /usr/sbin/systemctl-login &> /dev/null
sudo echo "[[ 3333 == $UID ]] && sudo systemctl poweroff" | sudo tee -a /usr/sbin/systemctl-login &> /dev/null
sudo echo "[[ 4444 == $UID ]] && sudo systemctl reboot" | sudo tee -a /usr/sbin/systemctl-login &> /dev/null
echo "systemctl-login script was created successfully"
else
echo "systemctl-login script was not created"
fi
if [[ true == "${createPoweroffUser}" ]]; then
if sudo useradd -u 3333 -s /usr/sbin/systemctl-login -m ${poweroffUserName}; then
echo "${poweroffUserName} created successfully"
if sudo mkdir -p "/home/${poweroffUserName}/.ssh"; then
echo "${poweroffUserName}'s .ssh directory was successfully created"
sudo chmod 700 "/home/${poweroffUserName}/.ssh"
sudo touch "/home/${poweroffUserName}/.ssh/authorized_keys"
sudo chmod 600 "/home/${poweroffUserName}/.ssh/authorized_keys"
if sudo echo "${RSAPubKey}" | sudo tee -a "/home/${poweroffUserName}/.ssh/authorized_keys" &> /dev/null; then
echo "${poweroffUserName}'s authorized_keys file was successfully updated"
sudo chown -R ${poweroffUserName}. "/home/${poweroffUserName}/."
else
echo "${poweroffUserName}'s authorized_keys file was not updated"
exit 1
fi
else
echo "${poweroffUserName}'s .ssh directory was not created"
exit 1
fi
if echo "${poweroffUserName} ALL=(ALL) NOPASSWD: /bin/systemctl poweroff" >> "${HOME}/3333-${poweroffUserName}"; then
echo "${poweroffUserName}'s sudoers file was successfully generated"
if [[ 1 == $(sudo visudo -cf "${HOME}/3333-${poweroffUserName}" | grep -c 'parsed OK') ]]; then
sudo cp "${HOME}/3333-${poweroffUserName}" /etc/sudoers.d/
sudo chmod 0440 "/etc/sudoers.d/3333-${poweroffUserName}"
echo "${poweroffUserName}'s sudo permissions were successfully updated"
else
echo "${poweroffUserName}'s sudo permissions were not updated"
exit 1
fi
else
echo "${poweroffUserName}'s sudoers file was not generated"
exit 1
fi
else
echo "${poweroffUserName} not created"
exit 1
fi
fi
if [[ true == "${createRebootUser}" ]]; then
if sudo useradd -u 4444 -s /usr/sbin/systemctl-login -m ${rebootUserName}; then
echo "${rebootUserName} created successfully"
if sudo mkdir -p "/home/${rebootUserName}/.ssh"; then
echo "${rebootUserName}'s .ssh directory was successfully created"
sudo chmod 700 "/home/${rebootUserName}/.ssh"
sudo touch "/home/${rebootUserName}/.ssh/authorized_keys"
sudo chmod 600 "/home/${rebootUserName}/.ssh/authorized_keys"
if sudo echo "${RSAPubKey}" | sudo tee -a "/home/${rebootUserName}/.ssh/authorized_keys" &> /dev/null; then
echo "${rebootUserName}'s authorized_keys file was successfully updated"
sudo chown -R ${rebootUserName}. "/home/${rebootUserName}/."
else
echo "${rebootUserName}'s authorized_keys file was not updated"
exit 1
fi
else
echo "${rebootUserName}'s .ssh directory was not created"
exit 1
fi
if echo "${rebootUserName} ALL=(ALL) NOPASSWD: /bin/systemctl reboot" >> "${HOME}/4444-${rebootUserName}"; then
echo "${rebootUserName}'s sudoers file was successfully generated"
if [[ 1 == $(sudo visudo -cf "${HOME}/4444-${rebootUserName}" | grep -c 'parsed OK') ]]; then
sudo cp "${HOME}/4444-${rebootUserName}" /etc/sudoers.d/
sudo chmod 0440 "/etc/sudoers.d/4444-${rebootUserName}"
echo "${rebootUserName}'s sudo permissions were successfully updated"
else
echo "${rebootUserName}'s sudo permissions were not updated"
exit 1
fi
else
echo "${rebootUserName}'s sudoers file was not generated"
exit 1
fi
else
echo "${rebootUserName} not created"
exit 1
fi
fi
sudo dnf -q check-update
sudo dnf -qy update
sudo systemctl enable ocid.service
sudo systemctl enable oracle-cloud-agent.service
sudo systemctl enable oracle-cloud-agent-updater.service
if sudo dnf -y install podman podman-manpages \
podman-plugins podman-remote podman-tests \
podman-catatonit podman-gvproxy runc \
fuse-overlayfs containers-common skopeo conmon \
containernetworking-plugins systemd-container git \
container-selinux container-exception-logger nmap \
automake libtool lua lua-guestfs lua-json lua-libs \
lua-lpeg lua-socket gcc libstdc++ libstdc++-devel \
gcc-c++ make cmake; then
echo "Software dependencies installed successfully"
else
echo "Software dependencies were not installed"
exit 1
fi
if curl https://nodejs.org/dist/v16.15.1/node-v16.15.1-linux-x64.tar.xz -o ~/node-v16.15.1-linux-x64.tar.xz; then
tar -xJf ~/node-* -C ~/
rm -f ~/node-*.xz
sudo mv ~/node-* /home/${userName}/nodejs
sudo chown -R ${userName}. /home/${userName}/nodejs/.
sudo echo 'export PATH="$PATH:$HOME/nodejs/bin"' | sudo tee -a "/home/${userName}/.bashrc" &> /dev/null
echo "Node.js installed successfully"
else
echo "Node.js was not installed"
exit 1
fi
if sudo dnf -qy remove vim-enhanced; then
echo "Vim-enhanced removed successfully"
else
echo "Vim-enhanced not removed"
exit 1
fi
if sudo systemctl enable podman.service; then
echo "Podman service enabled successfully"
else
echo "Podman service not enabled"
exit 1
fi
if sudo systemctl enable podman.socket; then
echo "Podman socket enabled successfully"
else
echo "Podman socket not enabled"
exit 1
fi
if sudo systemctl enable podman-auto-update.service; then
echo "Podman auto-update service enabled successfully"
else
echo "Podman auto-update service not enabled"
exit 1
fi
if sudo systemctl enable podman-auto-update.timer; then
echo "Podman auto-update timer enabled successfully"
else
echo "Podman auto-update timer not enabled"
exit 1
fi
if sudo systemctl enable podman-restart.service; then
echo "Podman restart service enabled successfully"
else
echo "Podman restart service not enabled"
exit 1
fi
sudo systemctl stop firewalld &> /dev/null
sudo systemctl disable firewalld &> /dev/null
if sudo dnf -qy remove firewalld &> /dev/null; then
echo "Firewalld was removed successfully"
else
echo "Firewalld was not removed"
exit 1
fi
return $?
}
if devopsInit; then
echo "DevOps environment initialized successfully, system will now reboot."
sudo systemctl reboot
else
echo "Devops init failed"
exit 1
fi
exit $?