-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathstart-master.sh
More file actions
378 lines (319 loc) · 12.9 KB
/
start-master.sh
File metadata and controls
378 lines (319 loc) · 12.9 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
function package_installed (){
name=$1
if `rpm -q $name 1>/dev/null`; then
return 0
else
return 1
fi
}
function install_package (){
`yum install --quiet -y $1 1>/dev/null`
RET=$?
if [ $RET == 0 ]; then
return 0
else
echo "ERROR: Could not install package $1"
log "ERROR: Could not install package $1"
exit 1
fi
}
function ensure_package_installed (){
if ! package_installed $1 ; then
echo "Installing ${1}"
log "Installing ${1}"
install_package $1
fi
}
function start-cloudopting {
log "start-cloudopting"
log "fixing Vagrant keys"
chmod 600 /home/vagrant/.ssh/authorized_keys
chown -R vagrant:vagrant /home/vagrant/.ssh
# Installing repositories
log "adding repos"
#add puppet repository
rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm
#add RPMFORGE repository
rpm -ivh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm
#add EPEL repository
ensure_package_installed "epel-release"
#zabbix repos
rpm -ivh http://repo.zabbix.com/zabbix/2.4/rhel/7/x86_64/zabbix-release-2.4-1.el7.noarch.rpm
log $(yum check-update)
cat << 'EOF2' > /etc/yum.repos.d/docker.repo
[dockerrepo]
name=Docker Repository
baseurl=https://yum.dockerproject.org/repo/main/centos/7
enabled=1
gpgcheck=1
gpgkey=https://yum.dockerproject.org/gpg
EOF2
cat << 'EOF3' > /etc/yum.repos.d/elasticsearch.repo
[elasticsearch-1.7]
name=Elasticsearch repository for 1.7.x packages
baseurl=http://packages.elastic.co/elasticsearch/1.7/centos
gpgcheck=1
gpgkey=http://packages.elastic.co/GPG-KEY-elasticsearch
enabled=1
EOF3
rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch
log "Cloudstack stuff"
#First cloudstack recover virtual router IP
server_ip=$(ip -4 route list 0/0 | cut -d ' ' -f 3)
log "Cloudstsack virtual router" $server_ip
userdata=$(curl http://$server_ip/latest/user-data)
log "userdata:" $userdata
#transform userdata in env vars
eval $userdata
# CHECK ENV VARS
# could be from Cloudstack or have to have a default value
if [[ -z "$timezone" ]]; then timezone='Rome'; fi
# if [[ -z "$environment" ]]; then environment='production'; fi
# ACPID
service acpid start
chkconfig --levels 235 acpid on
#install ntp
ensure_package_installed "ntp"
rm -f /etc/localtime
ln -s /usr/share/zoneinfo/Europe/$timezone /etc/localtime
ntpdate 1.centos.pool.ntp.org
service ntpd start
chkconfig --levels 235 ntpd on
log "started ntp" $(service ntpd status)
#install bind since it is needed by some puppet/facter plugin and cannot be installed by puppet itself
ensure_package_installed "bind-utils"
# Fail2ban for security
ensure_package_installed fail2ban
service fail2ban start
chkconfig fail2ban on
# Configuration tool Augeas
ensure_package_installed "augeas"
# Editor nano
ensure_package_installed "nano"
# Apache
ensure_package_installed "httpd"
chkconfig --levels 235 httpd on
service httpd start
log "started httpd" $(service httpd status)
# Postgresql
log "Install Postgresql"
ensure_package_installed "postgresql-server"
service postgresql initdb
service postgresql start
chkconfig --levels 235 postgresql on
log "setting the access to postgres with md5"
postgres_pwd=pgopendai
sudo -u postgres psql -c "ALTER USER Postgres WITH PASSWORD '$postgres_pwd';"
log "ALTER USER Postgres WITH PASSWORD '$postgres_pwd';"
augtool set /files/var/lib/pgsql/data/pg_hba.conf/1/method md5 -s
augtool set /files/var/lib/pgsql/data/pg_hba.conf/2/method md5 -s
augtool set /files/var/lib/pgsql/data/pg_hba.conf/3/method md5 -s
service postgresql restart
# PHP
ensure_package_installed "php"
augtool set /files/etc/php.ini/PHP/max_execution_time 600 -s
augtool set /files/etc/php.ini/PHP/memory_limit 256M -s
augtool set /files/etc/php.ini/PHP/post_max_size 32M -s
augtool set /files/etc/php.ini/PHP/upload_max_filesize 16M -s
augtool set /files/etc/php.ini/PHP/max_input_time 600 -s
augtool set /files/etc/php.ini/PHP/expose_php off -s
augtool defnode date.timezone /files/etc/php.ini/Date/date.timezone "Europe/$timezone" -s
service httpd restart
# -------------------- PUPPET STUFF
# Puppet Master
ensure_package_installed "puppet-server"
#Puppet, PuppetDb, Dashboard and MCollective settings
myHostname=$(if [[ -z "$(facter fqdn)" ]]; then echo "localhost"; else echo $(facter fqdn);fi)
myIP=$(facter ipaddress)
myDomain=$(facter domain)
puppetDB=mgmtdb.$myDomain
mc_pwd=mcopwd
mc_stomp_pwd=mcopwd
dash_db_pwd=dashboard
log "hostname" $myHostname
log "IP" $myIP
log "domain" $myDomain
log "mc_pwd" $mc_pwd
log "mc_stomp_pwd" $mc_stomp_pwd
log "dash_db_pwd" $dash_db_pwd
# Configuration of puppet.conf
augtool ins confdir before /files/etc/puppet/puppet.conf/main/logdir -s
augtool set /files/etc/puppet/puppet.conf/main/confdir /etc/puppet -s
augtool ins vardir before /files/etc/puppet/puppet.conf/main/logdir -s
augtool set /files/etc/puppet/puppet.conf/main/vardir /var/lib/puppet -s
augtool defnode hiera_config /files/etc/puppet/puppet.conf/main/hiera_config \$confdir/hiera/production/hiera.yaml -s
res=$(augtool defnode certname /files/etc/puppet/puppet.conf/main/certname $myHostname -s)
log $res
augtool defnode storeconfigs /files/etc/puppet/puppet.conf/master/storeconfigs true -s
augtool defnode storeconfigs_backend /files/etc/puppet/puppet.conf/master/storeconfigs_backend puppetdb -s
augtool defnode reports /files/etc/puppet/puppet.conf/master/reports "store,puppetdb" -s
augtool defnode environmentpath /files/etc/puppet/puppet.conf/master/environmentpath \$confdir/environments -s
mkdir /etc/puppet/environments
mkdir /etc/puppet/environments/production
#create autosign.conf in /etc/puppet/
echo -e "*.$(if [[ -z "$(facter domain)" ]]; then echo "*"; else echo $(facter domain);fi)" > /etc/puppet/autosign.conf
log "edited autosign.conf"
# append in file /etc/puppet/auth.conf
############## GOES BEFORE last 2 rows
echo -e "path /facts\nauth any\nmethod find, search\nallow *" >> /etc/puppet/auth.conf
log "appended stuff in puppet/auth.conf"
#### START PUPPET MASTER NOW
# service puppetmaster start
puppet master --verbose --debug
chkconfig puppetmaster on
# Install PUPPETDB
log "puppetDB"
puppet resource package puppetdb ensure=latest
puppet resource service puppetdb ensure=running enable=true
puppet resource package puppetdb-terminus ensure=latest
chkconfig puppetdb on
# set puppetdb.conf
echo -e "[main]\nserver = $myHostname\nport = 8081" > /etc/puppet/puppetdb.conf
# set Routes.yaml
echo -e "master:\n facts:\n terminus: puppetdb\n cache: yaml" > /etc/puppet/routes.yaml
#Will have to restart puppet master
service puppetmaster restart
#Setting the environments
log "setting puppet's environments"
#recovering the r10k file
curl -L https://raw.githubusercontent.com/CloudOpting/iso_scripts/master/r10k_install.pp >> /var/tmp/r10k_installation.pp
#installing git
ensure_package_installed "git"
# setup fog - better having it before getting cloudstack modules from r10k
ensure_package_installed "ruby-devel"
ensure_package_installed "ruby-rgen"
ensure_package_installed "gcc"
ensure_package_installed "patch"
ensure_package_installed "libxslt-devel"
ensure_package_installed "libxml2-devel"
gem install fog
puppet module install zack/r10k
puppet apply /var/tmp/r10k_installation.pp
gem install r10k
r10k deploy environment -pv
#INSTALL Mcollective client
log "Installing MCollective"
ensure_package_installed "mcollective-client"
ensure_package_installed "activemq"
augtool set /files/etc/mcollective/client.cfg/plugin.psk $mc_pwd -s
augtool set /files/etc/mcollective/client.cfg/plugin.activemq.pool.1.host $myHostname -s
augtool set /files/etc/mcollective/client.cfg/plugin.activemq.pool.1.password $mc_pwd -s
augtool set /files/etc/mcollective/client.cfg/plugin.activemq.pool.1.port 61613 -s
augtool defnode plugin.activemq.base64 /files/etc/mcollective/client.cfg/plugin.activemq.base64 "yes" -s
#Modify /etc/activemq/activemq.xml
echo -e "set /augeas/load/activemq/lens Xml.lns\nset /augeas/load/activemq/incl /etc/activemq/activemq.xml\nload\nset /files/etc/activemq/activemq.xml/beans/broker/plugins/simpleAuthenticationPlugin/users/authenticationUser[2]/#attribute/password $mc_pwd"|augtool -s
echo -e "set /augeas/load/activemq/lens Xml.lns\nset /augeas/load/activemq/incl /etc/activemq/activemq.xml\nload\nset /files/etc/activemq/activemq.xml/beans/broker/#attribute/brokerName $myHostname"|augtool -s
service activemq start
chkconfig activemq on
### Mcollective plugins
# packages
ensure_package_installed "mcollective-service-client"
ensure_package_installed "mcollective-puppet-client"
# custom
curl -L https://raw.githubusercontent.com/gioppoluca/mcollective-jboss/master/agent/jboss.ddl >> /usr/libexec/mcollective/mcollective/agent/jboss.ddl
#INSTALL Zabbix
log "Installing Zabbix server"
ensure_package_installed "zabbix-server-pgsql"
ensure_package_installed "zabbix-web-pgsql"
zabbixDBuser=zabbix
zabbixBDpwd=zabbix
sudo -u postgres PGPASSWORD=$postgres_pwd psql -c "CREATE USER $zabbixDBuser WITH PASSWORD '$zabbixBDpwd';"
sudo -u postgres PGPASSWORD=$postgres_pwd psql -c "CREATE DATABASE zabbix OWNER $zabbixDBuser;"
cat /usr/share/doc/$(rpm -qa --qf "%{NAME}-%{VERSION}" zabbix-server-pgsql)/create/schema.sql | sudo -u postgres PGPASSWORD=$zabbixBDpwd psql -U zabbix zabbix
cat /usr/share/doc/$(rpm -qa --qf "%{NAME}-%{VERSION}" zabbix-server-pgsql)/create/images.sql | sudo -u postgres PGPASSWORD=$zabbixBDpwd psql -U zabbix zabbix
cat /usr/share/doc/$(rpm -qa --qf "%{NAME}-%{VERSION}" zabbix-server-pgsql)/create/data.sql | sudo -u postgres PGPASSWORD=$zabbixBDpwd psql -U zabbix zabbix
augtool defnode DBHost /files/etc/zabbix/zabbix_server.conf/DBHost '' -s
augtool set /files/etc/zabbix/zabbix_server.conf/DBName zabbix -s
augtool set /files/etc/zabbix/zabbix_server.conf/DBUser $zabbixDBuser -s
augtool defnode DBPassword /files/etc/zabbix/zabbix_server.conf/DBPassword $zabbixBDpwd -s
#Setting the Zabbix Web config file
log "Zabbix web config file"
(
cat << EOF
<?php
// Zabbix GUI configuration file
global \$DB;
\$DB['TYPE'] = 'POSTGRESQL';
\$DB['SERVER'] = 'localhost';
\$DB['PORT'] = '0';
\$DB['DATABASE'] = 'zabbix';
\$DB['USER'] = '$zabbixDBuser';
\$DB['PASSWORD'] = '$zabbixBDpwd';
// SCHEMA is relevant only for IBM_DB2 database
\$DB['SCHEMA'] = '';
\$ZBX_SERVER = 'localhost';
\$ZBX_SERVER_PORT = '10051';
\$ZBX_SERVER_NAME = '';
\$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
?>
EOF
) > /etc/zabbix/web/zabbix.conf.php
service httpd restart
service zabbix-server start
chkconfig zabbix-server on
#set the encrypted hiera tool
gem install hiera-eyaml
mkdir /etc/puppet/secure
cd /etc/puppet/secure
eyaml createkeys
chown -R puppet:puppet /etc/puppet/secure/keys
chmod -R 0500 /etc/puppet/secure/keys
chmod 0400 /etc/puppet/secure/keys/*.pem
log "copy the config script"
curl -L https://github.com/open-dai/platform/raw/master/scripts/config-master.sh >> /root/config-master.sh
chmod +x /root/config-master.sh
# MCOLLECTIVE stuff
# wget http://www.kermit.fr/stuff/yum.repos.d/kermit.repo -O /etc/yum.repos.d/kermit.repo
# rpm --import http://www.kermit.fr/stuff/gpg/RPM-GPG-KEY-lcoilliot
# rpm -ivh http://www.kermit.fr/stuff/gpg/kermit-gpg_key_whs-1.0-1.noarch.rpm
# rpm --import /etc/pki/rpm-gpg-kermit/RPM-GPG-KEY-*
# ensure_package_installed "kermit-restmco"
chmod 644 /etc/mcollective/client.cfg
# service kermit-restmco start
# chkconfig kermit-restmco on
# could be needed to be done a second time for #2 bug
r10k deploy environment -pv
# Install Docker stuff
ensure_package_installed "wget"
ensure_package_installed "nano"
ensure_package_installed "golang"
# ensure_package_installed "docker"
ensure_package_installed "docker-engine"
systemctl disable NetworkManager
systemctl stop NetworkManager
systemctl stop docker
firewall-cmd --permanent --zone=trusted --add-interface=docker0
systemctl start docker
systemctl enable docker
curl -L https://github.com/docker/compose/releases/download/1.8.0-rc1/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
# setup fog
ensure_package_installed "ruby-devel"
ensure_package_installed "ruby-rgen"
ensure_package_installed "gcc"
ensure_package_installed "patch"
ensure_package_installed "libxslt-devel"
ensure_package_installed "libxml2-devel"
gem install fog
# Install elasticsearch
ensure_package_installed "elasticsearch"
cd /opt/; wget https://download.elastic.co/kibana/kibana/kibana-4.1.2-linux-x64.tar.gz
tar xvf kibana-*.tar.gz && mv kibana-*-linux-x64 kibana
cat >> /etc/systemd/system/kibana4.service << KIBANA
[Service]
ExecStart=/opt/kibana/bin/kibana
Restart=always
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=kibana4
User=root
Group=root
Environment=NODE_ENV=production
[Install]
WantedBy=multi-user.target
KIBANA
systemctl enable kibana4
systemctl start kibana4
}
#execute the tasks
start-cloudopting | tee /root/all.log