SuperScript

Build it and learn to secure your system/server.


SuperScript

Postby Micro » Thu Jun 18, 2015 5:12 pm

Sometimes the necessary tools you need to provision and patch a server are out of reach$$$. :( You know the things that make an Admin's life easier, like Puppet, Chef, SpaceWalk, Satellite, VCAC and so on... Well rough times call for just a couple things to keep the work going. A web server were you can place your kickstart and packages, and a sick script to build it all. <BREW> Origionally created by myself but recently update by the dude i call SLY, otherwise known as Fox. If there are any questions about the type of build (SAP, Oracle DB, etc) or the software (Powerpath, Solutions Enabler, Networker, etc) feel free to ask. Check it out :downthere :
Code: Select all
#!/bin/bash
# Variables  10/10/2014
DATE=$(date +%m%d%Y)
TIMESTAMP=$(date +%m%d%Y_%H%M%S)
HOST=$(hostname -s)
MAJVERSION=$(lsb_release -rs | cut -f1 -d.)

# http://stackoverflow.com/questions/18460186/writing-outputs-to-log-file-and-console - Solution 5
LOGFILE=/root/${HOST}_postinstall_${TIMESTAMP}.log
exec > >(tee -a ${LOGFILE} )
exec 2> >(tee -a ${LOGFILE} >&2)

# Function definitions

invalid_entry() # Exit the script if response isnt y/n or Y/N.
{
    echo "That was not a valid entry! Exiting..."
    exit
}

network_setup () # Create network interfaces and/or bond and disable network manager - 6/1/15
{
  echo "Reconfiguring network interfaces..."
  echo ""
  echo "Enter hostname: "
  read HOSTNAME
  echo "Enter IP address: "
  read IPADDR
  echo "Enter subnet mask: "
  read NETMASK
  echo "Enter default gateway: "
  read GATEWAY
  echo ""

  cat <<EOF>/etc/sysconfig/network
    NETWORKING=yes
    NETWORKING_IPV6=yes
    HOSTNAME=${HOSTNAME}
EOF
  /etc/init.d/network stop
  if [ ${PHYSORVIRT} = "p" ] || [ ${PHYSORVIRT} = "P" ]; then
    cat<<EOF>/etc/sysconfig/network-scripts/ifcfg-bond0
      DEVICE=bond0
      BOOTPROTO=none
      ONBOOT=yes
      IPADDR=${IPADDR}
      NETMASK=${NETMASK}
      GATEWAY=${GATEWAY}
      DNS1= :?:
      DNS2= :?:
      DOMAIN= :?: , :?:
      USERCTL=no
      TYPE=Ethernet
      IPV6INIT=no
EOF
    cat<<EOF>/etc/sysconfig/network-scripts/ifcfg-eth0
      DEVICE=eth0
      BOOTPROTO=none
      ONBOOT=yes
      MASTER=bond0
      SLAVE=yes
      USERCTL=yes
EOF
    cat<<EOF>/etc/sysconfig/network-scripts/ifcfg-eth1
      DEVICE=eth1
      BOOTPROTO=none
      ONBOOT=yes
      MASTER=bond0
      SLAVE=yes
      USERCTL=yes
EOF
    cat<<EOF>/etc/modprobe.d/bonding.conf
      alias bond0 bonding
      options bond0 miimon=100 mode=1
EOF
          modprobe -a bonding
  elif [ ${PHYSORVIRT} = "v" ] || [ ${PHYSORVIRT} = "V" ]; then
    cat<<EOF>/etc/sysconfig/network-scripts/ifcfg-eth0
      DEVICE=eth0
      BOOTPROTO=none
      ONBOOT=yes
      USERCTL=yes
      IPADDR=$IPADDR
      NETMASK=$NETMASK
      GATEWAY=$GATEWAY
      DNS1= :?:
      DNS2= :?:
      DOMAIN= :?: , :?:
      TYPE=Ethernet
      IPV6INIT=no
EOF
  else
    invalid_entry
  fi
  service network start
  echo ""
  echo "Allowing network devices to come online and settle..."
  sleep 10
  echo ""
}

oracle_setup() # Configures Oracle users, groups, sudo permissions, kernel parameters.
{
  echo "Enter the system SID. "
  read SID
  # Oracle users and groups will start at 6000.
  echo "Creating Oracle users and groups..."
  groupadd -g 6000 oinstall
  groupadd -g 6001 dba
  adduser -g oinstall -G dba -u 6000 -c "Oracle User Account" -s /bin/bash oracle
  adduser -g dba -u 6001 -c "Oracle Administrator - ora${SID}p" -s /bin/bash ora${SID}p
  adduser -g dba -u 6002 -c "Oracle Administrator - ora${SID}q" -s /bin/bash ora${SID}q
  adduser -g dba -u 6003 -c "Oracle Administrator - ora${SID}d" -s /bin/bash ora${SID}d
  for ORACLEADM in oracle ora${SID}p ora${SID}q ora${SID}d
  do
    echo " :oops: " | passwd --stdin -f ${ORACLEADM}
  done

  # Add the dba group to /etc/sudoers
  echo "%dba      ALL=(ALL)       ALL" >> /etc/sudoers

  # Tweak the kernel config for Oracle.
  # These parameters should work SAP and should also work for
  # standalone Oracle.
  echo "Configuring for Oracle..."
  sed -i '50 d' /etc/security/limits.conf
  echo "@dba hard nofile 65536" >> /etc/security/limits.conf
  echo "@dba soft nofile 65536" >> /etc/security/limits.conf
  echo "@dba soft nproc 16384" >> /etc/security/limits.conf
  echo "@dba hard nproc 16384" >> /etc/security/limits.conf
  echo "@dba soft stack 10240" >> /etc/security/limits.conf
  echo "@dba hard stack 32768" >> /etc/security/limits.conf
  echo ""
  echo "End of Oracle Configuration."
  echo ""
}

sap_setup() # Configures SAP users, groups, sudo permissions, kernel parameters.
{
  oracle_setup
  echo ""
  echo "Creating SAP users and groups..."
  groupadd -g 7000 sapsys
  groupadd -g 7001 sapinst
  groupadd -g 7002 oper

  # Edit users in order of prod, qas and dev below at end of lines where SID = new sid of system being built (ex . if this hostname is  :?: , then edit SID to rpp and users to rppadm, rpqadm and rpdadm)
  # SAP users and groups will start at 7000.
  adduser -g sapsys -G oper,dba,sapinst -u 7000 -c "SAP Administrator - ${SID}padm" -s /bin/csh ${SID}padm
  adduser -g sapsys -G oper,dba,sapinst -u 7001 -c "SAP Administrator - ${SID}qadm" -s /bin/csh ${SID}qadm
  adduser -g sapsys -G oper,dba,sapinst -u 7002 -c "SAP Administrator - ${SID}dadm" -s /bin/csh ${SID}dadm

  # Setting the default password for SAP and Oracle admins (change SID's referencing above)
  for SAPADM in ${SID}padm ${SID}qadm ${SID}dadm
    do
      echo " :?: " | passwd --stdin -f ${SAPADM}
    done
    # Modify the Oracle users to add the SAP groups
  for ORACLEADM in oracle ora${SID}p ora${SID}q ora${SID}d
    do
      usermod -G oper,sapinst ${ORACLEADM}
    done
    echo "%sapsys   ALL=(ALL)       ALL" >> /etc/sudoers

# TODO
# Add to SAP section
  echo ""
  echo "Configuring for SAP..."
  sleep 5
  # Add SAP package change
  rpm -e --nodeps tmpwatch
  # Add SAP settings to /etc/sysctl.conf
  cp /etc/sysctl.conf /etc/syctl.conf.$DATE
  echo "##### SAPNOTE 1496410/1635808 for RHEL6/OEL6 #####" >> /etc/sysctl.conf
  echo "kernel.msgmni=1024" >> /etc/sysctl.conf
  echo "kernel.sem=1250 256000 100 1024" >> /etc/sysctl.conf
  echo "vm.max_map_count=2000000" >> /etc/sysctl.conf

  # Adding SAP settings to /etc/security/limits.conf
  echo "@sapsys hard nofile 32800" >> /etc/security/limits.conf
  echo "@sapsys soft nofile 32800" >> /etc/security/limits.conf
  echo ""
  echo "End of SAP Configuration."
}

# Script starts here...
echo "*****************************************"
echo "* Starting postinstall configuration... *"
echo "*        ${TIMESTAMP}                *"
echo "*****************************************"

echo "Is this server physical or virtual? [p/V]"
read PHYSORVIRT
sleep 5
echo ""

network_setup

# Register server with Red Hat.

echo "Registering system with Red Hat, please standby..."
subscription-manager register --username No Way --password Sorry --auto-attach --force
sleep 5
echo ""

echo "Installing packages and updates..."
sleep 5

# Update all
yum update -y
echo ""
sleep 5

# Add /opt/hello/scripts directory
echo "Creating scripts directory..."
mkdir -p /opt/hello/scripts
sleep 5
echo ""
#

# Get required software
echo "Downloading additional 3rd party software..."
wget -r -nH -np --cut-dirs=3 --reject="index.html*" http:// :?: /yum/software/ -P /tmp

# This is quite a big section. Not only are we adding the admins and some
# system accounts, but we are starting to step through the logic to determine
# if this is a SAP or Oracle system.
echo "Creating  users and groups..."
cp /etc/passwd /etc/passwd.${TIMESTAMP}
cp /etc/shadow /etc/shadow.${TIMESTAMP}
cp /etc/group /etc/group.${TIMESTAMP}
cp /etc/gshadow /etc/gshadow.${TIMESTAMP}
cp /etc/sudoers /etc/sudoers.${TIMESTAMP}

# Add the admin group and the RPC sysadmins.
groupadd -g 5000 rpcadmin
adduser -g admin -u 5000 -c " :?:  sysadmin"  :?:
adduser -g admin -u 5001 -c " :?:  sysadmin"  :?:
adduser -g admin -u 5002 -c " :?:  sysadmin"  :?:
adduser -g admin -u 5003 -c " :?:  sysadmin"  :?:
adduser -g admin -u 5100 -c "EMC Administrator" emcadmin
adduser -g admin -u 5101 -d /opt/uc4 -c "UC4 Administrator" uc4
adduser -u 8001 -d /opt/svc -c "service account" svc
chown -R uc4:admin /opt/uc4
chown -R svc:admin /opt/svc

# Setting the default password for sysadmins.
for ADMIN in  :?:   :?:   :?:   :?:   :?:   :?:  emcadmin uc4 #  :?:   :?:
  do
    echo "No Way" | passwd --stdin -f $ADMIN
    echo "NoWay" | passwd --stdin -f svc
  done

# Add amdin group and uc4 to /etc/sudoers file.
echo "%admin ALL=(ALL)     ALL" >> /etc/sudoers
echo "uc4       ALL=(ALL)       NOPASSWD:ALL" >> /etc/sudoers
echo ""

# This is where the magic happens....
echo "Is this server going to be an SAP server? [y/N] "
read SAP_TRUEFALSE
if [[ ${SAP_TRUEFALSE} = "y" ]] || [[ ${SAP_TRUEFALSE} = "Y" ]]; then
    sap_setup
elif [[ ${SAP_TRUEFALSE} = "n" ]] || [[ ${SAP_TRUEFALSE} = "N" ]]; then
    echo "Is this server going to be an Oracle server? [y/N] "
    read ORACLE_TRUEFALSE
    if [[ ${ORACLE_TRUEFALSE} = "y" ]] || [[ ${ORACLE_TRUEFALSE} = "Y" ]]; then
        oracle_setup
    elif [[ ${ORACLE_TRUEFALSE} = "n" ]] || [[ ${ORACLE_TRUEFALSE} = "N" ]]; then
        echo "Ok, let's get started!"
    else
        invalid_entry
    fi
else
    invalid_entry
fi
echo ""

# Setup snmpd
echo "Enabling SNMP..."
sleep 5
yum install -y net-snmp*
cp /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.${TIMESTAMP}
  echo rocommunity  :?:  >> /etc/snmp/snmpd.conf
  echo syslocation " :?: " >> /etc/snmp/snmpd.conf
echo ""

if [[ ${PHYSORVIRT} = "p" ]] || [[ ${PHYSORVIRT} = "P" ]]; then
  echo "Installing QLogic Drivers and Utilities..."
  sleep 5
  mkdir -p /tmp/QLogic
  tar zxf /tmp/QLogic-SuperInstaller-REL2014-20140529-9.tgz -C /tmp/QLogic --strip-components 1
  cd /tmp/QLogic
  sh qlinstall -ia
  #yum install -y --nogpgcheck /tmp/qlogic/agents/qlremote-1.01.1281-64.x86_64.rpm
  echo ""


  echo "Installing EMC applications and utilities..."
  echo ""
  # PowerPath Install
  echo "Installing PowerPath..."
  sleep 5
  if [ ${MAJVERSION} = 5 ]; then
    yum install -y --nogpgcheck /tmp/PowerPath/EMCPower.LINUX-6.0.0.00.00-158.RHEL5.x86_64.rpm
  elif [ ${MAJVERSION} = 6 ]; then
    yum install -y --nogpgcheck /tmp/PowerPath/EMCPower.LINUX-6.0.0.00.00-158.RHEL6.x86_64.rpm
  else
    yum install -y --nogpgcheck /tmp/PowerPath/EMCPower.LINUX-6.0.0.00.00-158.RHEL7.x86_64.rpm
  fi
  if [ -e /etc/multipath.conf ]; then
    mv /etc/multipath.conf /etc/multipath.conf.${TIMESTAMP}
  fi
  echo ""

  # SolutionsEnabler install JF 6/1/15
  echo "Installing Solutions Enabler..."
  sleep 5
  /tmp/SolutionsEnabler/se8020_install.sh -install -silent -copy_lic=/tmp/SolutionsEnabler -lockboxpassword=Never
  cp /etc/profile /etc/profile.${TIMESTAMP}
  sed -i '27 i\\tpathmunge /opt/emc/SYMCLI/bin' /etc/profile
  echo ""
fi

 ## Networker client and modules install
echo "Installing Networker client and modules..."
sleep 5
if [[ ${PHYSORVIRT} = "p" ]] || [[ ${PHYSORVIRT} = "P" ]]; then
  if [[ ${SAP_TRUEFALSE} = "y" ]] || [[ ${SAP_TRUEFALSE} = "Y" ]]; then
    yum -y localinstall --nogpgcheck /tmp/Networker/lgtoclnt-8.1.1.9-1.x86_64.rpm /tmp/Networker/lgtonmsap-4.6.0 .2-1.x86_64.rpm
  elif [[ ${ORACLE_TRUEFALSE} = "y" ]] || [[ ${ORACLE_TRUEFALSE} = "Y" ]]; then
    yum -y install --nogpgcheck /tmp/Networker/lgtoclnt-8.1.1.9-1.x86_64.rpm /tmp/Networker/lgtonmda-1.2.0.1-1.x 86_64.rpm
  else
  echo "Please have this server configured for Avamar Image Backup..."
  fi
elif [[ ${PHYSORVIRT} = "v" ]] || [[ ${PHYSORVIRT} = "V" ]]; then
  echo "Please have this server configured for Avamar Image Backup..."
else
  invalid_entry
fi
echo ""

 # UC4 install (make sure Automic.tar is in /tmp directory)
echo "Installing UC4..."
sleep 5
mkdir -p /opt/uc4/Automic
tar xvf /tmp/Automic/Automic.tar -C /opt/uc4/Automic
cp /etc/rc.local /etc/rc.local.${TIMESTAMP}
echo "nohup /opt/uc4/Automic/bin/ucxjli3 &" >> /etc/rc.local
echo ""

echo "Turning off unneccesary services..."
sleep 5

# Boot services
chkconfig multipathd off
chkconfig cups off
chkconfig snmpd on
chkconfig nfs on
chkconfig ntpd on
chkconfig vsftpd on
echo ""

# Cleanup added packages
echo "Running clean up routines..."
sleep 5
echo "Removing /tmp/Automic /tmp/PowerPath /tmp/SolutionsEnabler /tmp/QLogic /tmp/Networker"
rm -rf /tmp/Automic /tmp/PowerPath /tmp/SolutionsEnabler /tmp/QLogic /tmp/Networker

# reboot the server when done
read -p "Press [Enter] to reboot now."
reboot
#exit
Image
https://www.linkedin.com/in/josephperrello
Thermaltake Series Core X9 SPCC E-ATX Cube Case
CORSAIR Vengeance LPX 64GB Quad Channel DDR4
EVGA 120-G1-0750-XR 80 PLUS GOLD 750W PSU
APC BR1300G Back-UPS Pro 780W/1300VA UPS
ASRock X99 Extreme4 LGA X99 Motherboard
OC-Intel Core i7-5820K @ 4.1GHz × 12
Corsair H100i V2 CPU Cooler. 240mm
Kernel Linux 4.6.4-1-ARCH x86_64
MATE Desktop Environment 1.12.1
OS - SAMSUNG 950 PRO M.2 512GB
DATA - 2 SSD 840 EVO RAID 0
MEDIA - 4 HDD 3TB RAID 0
NVIDIA GeForce GTX750 Ti
ViewSonic PJD7820HD
OS - Filesystem F2FS
Arch Linux
User avatar
Micro
Site Admin
 
Posts: 485
Joined: Tue Apr 24, 2012 1:16 pm
Age: 41
Operating System: Other Linux

Return to Server and Security

Who is online

Users browsing this forum: No registered users and 0 guests

cron