/
centos76.plugin.sh
214 lines (178 loc) · 6.58 KB
/
centos76.plugin.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
#@IgnoreInspection BashAddShebang
# Copyright (c) 2015 EMC Corporation
# All Rights Reserved
#
# This software contains the intellectual property of EMC Corporation
# or is licensed to EMC Corporation from third parties. Use of this
# software and the intellectual property contained therein is expressly
# limited to the terms and conditions of the License Agreement under which
# it is provided by or on behalf of EMC.
# OS Support library for CentOS 7.5
os_supported=true
# Docker binary
docker_binary='/bin/docker'
# packages to clean up during preflight
# Don't `yum autoremove curl`. Yum is a dependency and it will throw errors.
list_preflight_packages="git nfs-client nfs-tools rsync wget ntp docker-1.13.1-75.git8633870.el7.centos vim pigz gdisk aria2 htop iotop iftop multitail dstat jq python-docker-py dkms qemu-guest-agent open-vm-tools open-vm-tools-desktop docker"
# Do any OS-specific tasks that must be done prior to bootstrap
do_preflight() {
rm_repo_pkg "$list_preflight_packages"
}
# packages to install before others
list_prefix_packages='wget curl epel-release yum-utils'
# script to run for installing prefix_packages
in_prefix_packages() {
in_repo_pkg "$list_prefix_packages"
}
# packages to install
# list_general_packages='yum-utils git python-pip python-docker-py'
list_general_packages='git ntp docker-1.13.1-75.git8633870.el7.centos vim rsync pigz gdisk aria2 yum-versionlock'
# script to run for installing general_packages
in_general_packages() {
in_repo_pkg "$list_general_packages"
# if ! docker version; then
# curl -fsSL https://get.docker.com/ | sudo sh
# fi
sudo systemctl enable docker
sudo systemctl start docker
sudo usermod -aG docker $(whoami)
}
# packages to install after others
list_suffix_packages='htop iotop iftop multitail dstat jq python-docker-py'
# list_suffix_packages='htop jq pigz gdisk aria2 python-docker-py'
# packages to lock after installation
list_lock_packages='docker docker-common docker-client'
# script to run for installing suffix_packages
in_suffix_packages() {
in_repo_pkg "$list_suffix_packages"
# Install Rocker
curl -fsSL ${rocker_artifact_url} \
| sudo tar -xzC /usr/local/bin && sudo chmod +x /usr/local/bin/rocker
}
# packages to install if a VM
list_vm_packages='dkms qemu-guest-agent open-vm-tools open-vm-tools-desktop'
# command to run for installing vm_packages
in_vm_packages() {
in_repo_pkg "$list_vm_packages"
# return 0
}
versionlock_packages() {
lock_pkg "$list_lock_packages"
}
# command to install one or more os package manager package
in_repo_pkg() {
retry_with_timeout 10 300 sudo yum -y install $*
}
rm_repo_pkg() {
retry_with_timeout 10 300 sudo yum -y autoremove $*
}
# lock packages that we don't want updated
lock_pkg() {
sudo yum versionlock $*
}
# command to update all packages in the os package manager
up_repo_pkg_all() {
retry_with_timeout 10 300 sudo yum -y update
}
# command to rebuild the os package manager's database
up_repo_db() {
retry_with_timeout 10 300 sudo yum -y makecache
}
# command to set os package manager proxy
set_repo_proxy_conf() {
sudo sed -i -e '/^proxy=/d' /etc/yum.conf
echo "proxy=${http_proxy}" \
| append /etc/yum.conf
}
# command to set os package manager to keep its cache
set_repo_keepcache_conf() {
sudo sed -i -e '/^keepcache=/d' /etc/yum.conf
echo "keepcache=1" \
| append /etc/yum.conf
}
# idempotent config script to fixup repos to properly use proxycaches
set_repo_cacheable_idempotent() {
sudo sed -i -e 's/^#baseurl=/baseurl=/' /etc/yum.repos.d/*
sudo sed -i -e 's/^mirrorlist=/#mirrorlist=/' /etc/yum.repos.d/*
}
set_repo_mirror_idempotent() {
# sudo sed -i -e "s#http:///centos#http://${mirror_val}/centos#g" /etc/yum.repos.d/*
sudo sed -i -e "s#http://.*/centos#http://${mirror_val}/centos#g" /etc/yum.repos.d/*
}
# command to set the proxy for the whole OS
set_os_proxy() {
sudo sed -i -e '/_proxy/d' /etc/environment
echo -n "http_proxy=${http_proxy}\nhttps_proxy=${http_proxy}\nftp_proxy=${http_proxy}\n" \
| append /etc/environment
if $mirror_flag; then
echo -n "no_proxy=${mirror_val}\n" | append /etc/environment
fi
}
# command to determine if the OS needs restarting after package updates
get_os_needs_restarting() {
if ! [ -z "$(sudo /usr/bin/needs-restarting)" ]; then
return 0
else
return 1
fi
}
# command to reboot the system
do_reboot() {
sudo reboot
}
# Command to configure docker's proxy under centos flavored systemd
set_docker_proxy() {
local tmpconf="/etc/systemd/system/docker.service.d/http-proxy.conf"
if ! [ -d "$(dirname $tmpconf)" ]; then
sudo mkdir "$(dirname $tmpconf)"
fi
log "sed error is OK here if the proxy config file does not yet exist."
sudo sed -i -e '/HTTP_PROXY/d' "$tmpconf"
echo "Environment=\"HTTP_PROXY=${http_proxy}\" \"NO_PROXY=localhost,127.0.0.1,$(hostname),$(hostname -f)\"" \
| append "$tmpconf"
sudo systemctl daemon-reload
sudo systemctl restart docker
sudo systemctl status docker
}
# command to add mitm cert to docker trust store
set_docker_reg_cert() {
local registry="${1}"
local cert="${2}"
if ! [ -d "/etc/docker/certs.d/${registry}" ]; then
sudo mkdir -p "/etc/docker/certs.d/${registry}"
sudo cp "${cert}" "/etc/docker/certs.d/${registry}/ca.crt"
else
if [ -f "/etc/docker/certs.d/${registry}/ca.crt" ]; then
echo "Reusing existing /etc/docker/certs.d/${registry}/ca.crt"
else
sudo cp "${cert}" "/etc/docker/certs.d/${registry}/ca.crt"
fi
fi
set_mitm_cert "${cert}"
sudo systemctl daemon-reload
sudo systemctl restart docker
sudo systemctl status docker
}
# command to add mitm cert to local trust store
set_mitm_cert() {
sudo cp "${1}" "/etc/pki/ca-trust/source/anchors/$(basename ${1}).crt"
sudo update-ca-trust extract
}
do_post_install() {
# Disable postfix since we don't need an MTA
sudo systemctl disable --now postfix
}
override_dhcp_dns() {
nameserver_list="${1}"
sudo sed -i -e 's/PEERDNS="yes"/PEERDNS="no"/' /etc/sysconfig/network-scripts/ifcfg-*
sudo sed -i -e '/DNS[0-9]=/d' /etc/sysconfig/network-scripts/ifcfg-*
sudo sed -i -e '/nameserver/d' /etc/resolv.conf
nsnumber=1
for nameserver in $(echo ${nameserver_list} | tr ',' ' '); do
echo "nameserver ${nameserver}" | append /etc/resolv.conf
for script in /etc/sysconfig/network-scripts/ifcfg-*; do
echo "DNS${nsnumber}=${nameserver}" | append "${script}"
done
nsnumber=$((nsnumber++))
done
}