echo "Running Software Installations" ############################################################################### # enable chef user to use sudo and no password is required usermod -aG sudo chef echo "chef ALL=(ALL) NOPASSWD: ALL" | sudo tee -a /etc/sudoers.d/chef > /dev/null ############################################################################### # Activate SSH package sudo apt-get -y install openssh-server ############################################################################### #Install bc for calcluating ip address sudo apt-get -y install bc #Enable and start network service sudo systemctl enable systemd-networkd sudo systemctl start systemd-networkd ############################################################################### # Fix for E3-1240V3 IPMI Hang sed -i 's/GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"/GRUB_CMDLINE_LINUX_DEFAULT="quiet splash nomodeset"/g' /etc/default/grub #Fix diskfilter error: diskfilter writes are not supported cp -p /etc/grub.d/10_linux /etc/grub.d/10_linux.`date +%Y%m%d.%H%M` sed -i 's/quick_boot="1"/quick_boot="0"/' /etc/grub.d/10_linux sudo update-grub ############################################################################### wget -q -O /dev/null 'http://192.168.200.2/automation/completeKickstartInstallationStep.php?kickstartInstallationId=74744&securityKey=ksinqrzlhytebhhrnqfebgpjiurtcqsl&identifier=ubuntu20_04_authentic8&percentComplete=50&message=Installing%20Software' # Install Software ############################################################################# wget -q -O /dev/null 'http://192.168.200.2/automation/updateKickstartInstallationStatus.php?kickstartInstallationId=74744&securityKey=ksinqrzlhytebhhrnqfebgpjiurtcqsl&percentComplete=95&message=Setting%20up%20SNMP' ############################################################################# sudo apt-get install snmpd -y mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.orig service snmpd stop # Default Secured Servers echo 'rocommunity iuhet08532h\nsyslocation "PNAP, SecuredServers"\nsyscontact support@securedservers.com' > /etc/snmp/snmpd.conf sed -i 's/ 127.0.0.1//g' /etc/default/snmpd sed -i 's/snmpd.pid/snmpd.pid -c \/etc\/snmp\/snmpd.conf/g' /etc/default/snmpd ############################################################################## wget -q -O /dev/null 'http://192.168.200.2/automation/updateKickstartInstallationStatus.php?kickstartInstallationId=74744&securityKey=ksinqrzlhytebhhrnqfebgpjiurtcqsl&percentComplete=99&message=Completing%20Installation' ######################################################################################################################## # SETUP NETWORK INTERFACES ######################################################################################################################## BACKEND_INTERFACE=$(ip ntable | grep dev | sort | uniq | sed -e 's/^.*dev //;/^lo/d' | head -n 1 | tail -n 1 | xargs) echo detected backend interface name: $BACKEND_INTERFACE FRONTEND_INTERFACE=$(ip ntable | grep dev | sort | uniq | sed -e 's/^.*dev //;/^lo/d' | head -n 2 | tail -n 1 | xargs) #Prepare Variables lastmask="" lastnet="" #Parse Given API Vars frontend_gateway_temp=66.85.161.137 frontend_netmask_temp=255.255.255.248 strnet=${frontend_gateway_temp%.*} lastnet=${frontend_gateway_temp##*.} lastmask=${frontend_netmask_temp##*.} #Get CIDR Notation and Amount of Addresses cidrbits=$(echo "obase=2;ibase=10;$lastmask"|bc|grep -o "1" | wc -l) cidrnet=$((cidrbits+24)) echo $cidrnet addrs="" addrcount=$((255-lastmask-2)) while [ $addrcount -ge 1 ] do addrs=$addrs"$strnet.$((lastnet+addrcount))/$cidrnet, " addrcount=$((addrcount-1)) done addrs=${addrs%,*} #remove last "," character from the string #Create Netplan Configuration printf "%s\n" "network:" > /etc/netplan/01-netcfg.yaml printf "%s\n" " version: 2" >> /etc/netplan/01-netcfg.yaml printf "%s\n" " renderer: networkd" >> /etc/netplan/01-netcfg.yaml printf "%s\n" " ethernets:" >> /etc/netplan/01-netcfg.yaml printf "%s\n" " $FRONTEND_INTERFACE:" >> /etc/netplan/01-netcfg.yaml printf "%s\n" " addresses: [ $addrs ]" >> /etc/netplan/01-netcfg.yaml printf "%s\n" " gateway4: 66.85.161.137" >> /etc/netplan/01-netcfg.yaml printf "%s\n" " nameservers:" >> /etc/netplan/01-netcfg.yaml printf "%s\n" " search: [ securedservers.com ]" >> /etc/netplan/01-netcfg.yaml printf "%s\n" " addresses: [ 8.8.8.8, 8.8.4.4 ]" >> /etc/netplan/01-netcfg.yaml netplan apply echo "NETWORK COMPLETED==================================" ################################################################################ #this should blacklist the mei and mei_me modules as per ticket 848112 - #echo "\n#blacklisting the mei modules\n\n" >> /target/etc/modprobe.d/blacklist.conf #echo "blacklist mei" >> /target/etc/modprobe.d/blacklist.conf #echo "blacklist mei_me" >> /target/etc/modprobe.d/blacklist.conf ################################################################################ # finally attempt to inject root sh key #messenger "**** CONFIGURING AUTHORIZED KEYS ****" ## Inject public ssh key to root user in *any case* bacause it is just one ssh key and it is for root user messenger "sshKey is not defined, nothing inserted to authorized_keys" ################################################################################ # SETUP SWAP FILE ################################################################################ # delete default swap # reactivate the swap file swapoff -v /swapfile # remove the /etc/fstab entry sed -i '/^\/swapfile/d' /etc/fstab # remove the swapfile rm -f /swapfile # create 64G swap file fallocate -l 64G /mnt/swapfile # Make the file only accessible to root chmod 600 /mnt/swapfile # mark the file as swap space mkswap /mnt/swapfile #enable the swap file allowing os to start using it swapon /mnt/swapfile # add the swap file info to the end of the /etc/fstab echo '/mnt/swapfile none swap defaults 0 0' | sudo tee -a /etc/fstab echo "SWAP COMPLETED==================================" ################################################################################### # SSH KEYS FOR chef ################################################################################### # inject SSH key for user chef #dir must be 700 file must be 644 or it won't work. mkdir -p -m 755 /home/chef/.ssh chmod 755 /home/chef/.ssh chown chef:chef /home/chef/.ssh echo ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDAbp63z4I4e0zr9HSVyUJB1kqF5Xf3YcVE4X4HIAW6cGh0Zr+bRb28eg1eAgNGHfWqH1UZIv6zVMKTke/BkAyMVrdqp6ojPBOkGsaAGZ3iJZhHI3GqjlpfVVADpXKVvSkvogBeb8lnfOFtwSP9McG4tMXLxB18/fWLB7RMPYV6HfyWSBYsUaevxsyhjAz+lxK3NFep6Dnp1bmwj+ufeRRFpQkBKjZBQ+Coc/mrHFXmZnc/faR8jZGWTFWvwXF3neI/W5mx2ehza0SIRV54S9Z27JWmpTLSTe9LFPabU3ZmL8WisNzQ0iARfJWelE2eIqOigqauh/C46fOnNM5XR9834f5+fwprMG3m8QRUpEVQQXjD+U+gQ4EhgpMnntVpjvQlWOuE9P98s8rfTBvV8qIAMI/TkPwuoHmzS0mi3D5X1A0aomehrBEVHhPoDPeMwVEbNd5R9n7Zhu31No+vfCZzv8yQD5cpF37ftCh/4tqCQo6R31pY/cInVekkgaOWbTxoLyTpqYjANUDYvvMPq5Eln6hy8mGXwuTbeN5a5VOfvPKsazWqr2XwstZXeJ7nwT1CIdWq+VDcZs2XZq8828wn3wBjE+cjklc5qALn7n7C77jcTulqSCDcqUibDPYfCq8jOgaqEYAR4kKw0t8MmRbb0MR+7aGESXKjoY7peveXOQ== chef > /home/chef/.ssh/authorized_keys echo ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5/PC7+F3fyZ3/fBxYpOCCAKYNWoVLh6wFNP7rFPweUYPxtoj/gVyIbxV+T5DVJ4kVppbeWkYRWeZDrtbEcH7t+6Lgp+LdJcK6Imf8KyXeK06z2UXY8njFz/HPW6X6Od1mB0ojPWJ+mYVeL0wuc5HBS+X4b3AH3/KO8EnQMAlf4MmqqRof2LNpTwKPFuHV1p+LHd050k6/lfx8zdEzXKo7uWQ5Q+kBbofnCeba6wufQWftGZ0ATgiRmIjTWmSX0B+OXereGYRxU/aP9OsPQ+MMB0mI+cUfM+V3x/iBXBvDsbD2lfB94nvyCvpDxQtsRCxaGEtEsuo4sJU19qJE5slCaSRf/A1pQ/QhgzhatPOTsfQBaxZV4rUibBVQWw0i38+6iyUASJ/eVy0Av9IB8uaAYsdLajKaMghCaNXUNZiacu9Y9irG+fLoU8GMOIcVBpwEcnF6AfU5LMmdX1BMoEpX0tB1hzjo6CkXUtJnZqQI0VWBuRRJ9jpmZvWvQymnK3mH0Po9IeT6C8jDvEcFx6YYA47P1dJkxrxqUEcBigYqmiKfKpE/2GYrfx9e93G4ZO6y4ABr/0mFce+eRROsk6nZQud+D+232OvKctzPz81eDLounQfEM4beQFMuXRjQG421WrZmppKF7WuEAM797+nxCMF472/9UFql65893q7XJQ== chef >> /home/chef/.ssh/authorized_keys chmod 644 /home/chef/.ssh/authorized_keys chown chef:chef /home/chef/.ssh/authorized_keys cat /home/chef/.ssh/authorized_keys | wc -l ls -la /home/chef/.ssh/ echo "SSH KEYS COMPLETED==================================" #################################################################################### # UFW SETUP #################################################################################### # ufw firewall setup #Create a ufw starter script touch /ufw-starter.sh chmod +x /ufw-starter.sh echo "#!/bin/sh -e" > /ufw-starter.sh echo "ufw enable" >> /ufw-starter.sh echo "ufw allow from \$(dig +short jh-west-1.eng.authentic8.com|tail -1) to any port 22" >> /ufw-starter.sh echo "ufw allow from \$(dig +short jh-west-1.qa.authentic8.com|tail -1) to any port 22" >> /ufw-starter.sh echo "ufw allow from \$(dig +short jh-west-2.authentic8.com|tail -1) to any port 22" >> /ufw-starter.sh echo "ufw allow from \$(dig +short jh-west-2.authentic8.com|tail -1) to any port 22" >> /ufw-starter.sh echo "ufw allow from \$(dig +short pnap1.authentic8.com|tail -1) to any port 22" >> /ufw-starter.sh echo "ufw allow from \$(dig +short pnap2.authentic8.com|tail -1) to any port 22" >> /ufw-starter.sh echo "ufw allow from 64.38.194.198 to any port 22" >> /ufw-starter.sh echo "rm -f /ufw-starter.sh" >> /ufw-starter.sh echo "exit 0" >> /ufw-starter.sh echo "UFW Script comlpeted============================" ###################################################################################### #Add the startup script to firstboot touch /etc/rc.local chmod +x /etc/rc.local echo "#!/bin/sh -e" > /etc/rc.local echo "sleep 5" >> /etc/rc.local echo "sh /ufw-starter.sh" >> /etc/rc.local echo "rm -f /etc/rc.local" >> /etc/rc.local echo "exit 0" >> /etc/rc.local echo "FIRSTBOOT script completed=====================" ####################################################################################################### # All done here wget -T 30 -O /dev/null 'http://192.168.200.2/automation/completeKickstartInstallation.php?kickstartInstallationId=74744&securityKey=ksinqrzlhytebhhrnqfebgpjiurtcqsl' echo "Done===========================================" #delete this script rm -- "$0"