# Kickstart file for Storm Backup servers #------------------------------------------------------------------------------- # Basic Environment Setup # # Configures basic environment variables # #------------------------------------------------------------------------------- install lang en_US.UTF-8 keyboard us network --bootproto=dhcp --device=eth0 --onboot=on --hostname template.xvps.liquidweb.com rootpw --iscrypted $6$w2MP/zvO$JDe3v33rHVo.MVxpUtUA3TEtoXpZKjpS1oHFixgRPcDufb6dq6t8k2yz5nM/pkRKRjVA1G9A1JSBoO13rYOe0. firewall --disabled authconfig --enableshadow --passalgo=sha512 --enablefingerprint selinux --disabled timezone --utc Etc/GMT bootloader --location=mbr --driveorder=sda --append="consoleblank=0 elevator=deadline net.ifnames=0 biosdevname=0" text reboot # include the partitioning logic from the pre section. %include /tmp/part-include %pre --log=/tmp/ks-pre.log #!/bin/bash # Set BRANCH XVPS_BRANCH=$(awk -F"lwparam=xvps-" '{print $2}' /proc/cmdline | awk '{print $1}') export XVPS_BRANCH=${XVPS_BRANCH} # Set Storm Parent type PTYPE=$(awk -F"lwptype=" '{print $2}' /proc/cmdline | awk '{print $1}') export PTYPE=${PTYPE} echo ${PTYPE} >> /tmp/PTYPE wget -O - http://192.168.0.1/kickstart/scripts/gen-tmp-lwks_params.sh | bash [[ -f /tmp/lwks_params ]] && source /tmp/lwks_params if [[ -n ${lwsetup} && ${lwsetup} = "rekick" ]]; then exec < /dev/tty3 > /dev/tty3 chvt 3 echo "[lwsetup=rekick] Initiating rekick procedures..." elif [ ${XVPS_BRANCH} = "dev" ] || [ ${XVPS_BRANCH} = "staging" ] && [ "`dmesg | grep lwsetup=auto`" != "" ]; then exec < /dev/tty3 > /dev/tty3 chvt 3 mkdir -p /tmp/configs/ #------------------------------------------------------------------------------- # Get Zone info if in staging or dev #------------------------------------------------------------------------------- echo "" echo "" echo "*********************************************************" echo " Storm Autosetup kickstart for "${XVPS_BRANCH}" branch " echo " " echo " Please enter the Zone ID number for this server " echo "*********************************************************" echo -n ":" read ZONE echo "${ZONE}" > /tmp/configs/zone_info fi #----- partitioning logic below -------# DIR="/sys/block" set $(list-harddrives) let numhd=$#/2 if [ $numhd == "2" ] ; then # "huge" backup server. Check smaller drive make that root drive DISK_SIZE=1000 ROOTDRIVE="" BACKUP0="" for DEV in sda sdb ; do if [ -d $DIR/$DEV ]; then REMOVABLE=`cat $DIR/$DEV/removable` if (( $REMOVABLE == 0 )); then SIZE=`cat $DIR/$DEV/size` GB=$(($SIZE/2**21)) if [ $GB -lt $DISK_SIZE ]; then if [ -z $ROOTDRIVE ]; then ROOTDRIVE=$DEV fi elif [ $GB -gt $DISK_SIZE ]; then if [ -z $BACKUP0 ]; then BACKUP0=$DEV fi fi fi fi done # partions echo "part biosboot --fstype=biosboot --size=1" > /tmp/part-include echo "part / --fstype xfs --size=1 --grow --ondisk=${ROOTDRIVE} --asprimary --label=/" >> /tmp/part-include echo "part swap --size=8192 --ondisk=${ROOTDRIVE} --asprimary" >> /tmp/part-include echo "part /backup0 --fstype xfs --size=1 --grow --ondisk=${BACKUP0} --label=/backup0" >> /tmp/part-include elif [ $numhd > "2" ] ; then # normal backup server - check drive1(sda) is less then 1TB if not exit drive1=$1 DISK_SIZE=1000 SIZE=`cat $DIR/${drive1}/size` GB=$(($SIZE/2**21)) if [ $GB -gt $DISK_SIZE ]; then exec < /dev/tty3 > /dev/tty3 chvt 3 #------------------------------------------------------------------------------- # Tell user to correct /dev/sda to SSD drive to be used for the OS #------------------------------------------------------------------------------- echo "" echo "" echo "**********************!ATTENTION!***********************" echo " Device /dev/sda is not a SSD drive ! " echo " ( Correct before proceeding ) " echo "********************************************************" read NULL reboot else parted -s /dev/${drive1} mklabel gpt echo "part biosboot --fstype=biosboot --size=1 " > /tmp/part-include echo "part / --fstype xfs --size=1 --grow --ondisk=${drive1} --asprimary --label=/" >> /tmp/part-include echo "part swap --size=8192 --ondisk=${drive1} --asprimary" >> /tmp/part-include # for loop for backup drive partitions SD=( sdb sdc sdd sde sdf ) MNT=( backup0 backup1 backup2 backup3 backup4 ) for i in "${!SD[@]}" ; do DRIVE="${SD[$i]}" MNT="${MNT[$i]}" if [[ -e /dev/${DRIVE} ]]; then parted -s /dev/${DRIVE} mklabel gpt echo "part /${MNT} --fstype xfs --size=1 --grow --ondisk=${DRIVE} --label=/${MNT}" >> /tmp/part-include fi done fi fi #switch back to virtual terminal 1 chvt 1 %end %packages @core iptables-services wget screen net-tools ntp rsync smartmontools lsof mdadm # yum repo priorities yum-plugin-priorities yum-utils # Remove mlocate - fs#3830 -mlocate # Remove kdump (kernel crash dumping mechanism) to free up reserverd memory - fs#3978 -kexec-tools # Remove iprutils (ipr SCSI storage device drivernot needed) -iprutils # Remove NetworkManager -NetworkManager # These arent required but are so useful we will include them vim-enhanced virt-top strace bash-completion redhat-lsb-core perl-DBD-MySQL perl-LWP-Protocol-https # Required for provisioning (p-agent, manipulation of instances, etc.) arptables fuse sg3_utils iscsi-initiator-utils # A few packages specific to backup servers sysstat %end %post --nochroot exec < /dev/tty3 > /dev/tty3 chvt3 # Set zone for dev and staging from %pre info if [ "`dmesg | grep lwparam=xvps-dev`" != "" ]; then export XVPS_BRANCH=dev elif [ "`dmesg | grep lwparam=xvps-staging`" != "" ]; then export XVPS_BRANCH=staging fi if [ ${XVPS_BRANCH} = "dev" ] || [ ${XVPS_BRANCH} = "staging" ] && [ "`dmesg | grep lwsetup=auto`" != "" ]; then [[ -f /tmp/configs/zone_info ]] && cp /tmp/configs/zone_info /mnt/sysimage/root/zone fi %end %post --log=/var/log/ks-post.log mkdir -p /usr/local/lp/etc # set release BRANCH and PTYPE XVPS_BRANCH=$(awk -F"lwparam=xvps-" '{print $2}' /proc/cmdline | awk '{print $1}') export XVPS_BRANCH=${XVPS_BRANCH} echo "${XVPS_BRANCH}" > /usr/local/lp/etc/XVPS_BRANCH PTYPE=$(awk -F"lwptype=" '{print $2}' /proc/cmdline | awk '{print $1}') export PTYPE=${PTYPE} echo "${PTYPE}" > /usr/local/lp/etc/PTYPE # Set up yum sourcedns repos ########################### # repos.int.sourcedns.repo (priority=2) # sourcedns.com.repo (priority=4) # kvm.sourcedns.com.repo (priority=5) # Set up our yum repos rm -f /etc/yum.repos.d/{CentOS-x86_64-kernel,CentOS-Base,CentOS-CR,CentOS-Debuginfo,CentOS-fasttrack,CentOS-Media,CentOS-Sources,CentOS-Vault}.repo # Install gpg key for sourcedns.com repos (same key for each $XVPS_BRANCH) rpm --import http://syspackages.sourcedns.com/packages.pub.key wget -O /etc/yum.repos.d/${XVPS_BRANCH}.sourcedns.com.repo http://192.168.0.1/kickstart/repos/sourcedns.com.repo wget -O /etc/yum.repos.d/${XVPS_BRANCH}.kvm.sourcedns.com.repo http://192.168.0.1/kickstart/repos/kvm.sourcedns.com.repo sed -i 's/BRANCH/'${XVPS_BRANCH}'/g' /etc/yum.repos.d/${XVPS_BRANCH}.sourcedns.com.repo sed -i 's/BRANCH/'${XVPS_BRANCH}'/g' /etc/yum.repos.d/${XVPS_BRANCH}.kvm.sourcedns.com.repo sed -i 's/\/6\//\/7\//g' /etc/yum.repos.d/${XVPS_BRANCH}.sourcedns.com.repo eval $(grep -Po 'lw_dist_rel=\S+' /proc/cmdline) if [[ -n ${lw_dist_rel} ]]; then sed -i "s/\/6\//\/${lw_dist_rel}\//g" /etc/yum.repos.d/${XVPS_BRANCH}.kvm.sourcedns.com.repo else sed -i 's/\/6\//\/7\//g' /etc/yum.repos.d/${XVPS_BRANCH}.kvm.sourcedns.com.repo fi sed -i 's/RPM-GPG-KEY-CentOS-6/RPM-GPG-KEY-CentOS-7/g' /etc/yum.repos.d/${XVPS_BRANCH}.kvm.sourcedns.com.repo chmod 0644 /etc/yum.repos.d/${XVPS_BRANCH}.sourcedns.com.repo chmod 0644 /etc/yum.repos.d/${XVPS_BRANCH}.kvm.sourcedns.com.repo # Set up internal only packages repository wget -O /etc/yum.repos.d/${XVPS_BRANCH}.repos.int.sourcedns.repo http://192.168.0.1/kickstart/repos/repos.int.sourcedns.repo case ${XVPS_BRANCH} in dev|staging) sed -i 's/BRANCH./'${XVPS_BRANCH}'./g' /etc/yum.repos.d/${XVPS_BRANCH}.repos.int.sourcedns.repo sed -i 's/\/6\//\/7\//g' /etc/yum.repos.d/${XVPS_BRANCH}.repos.int.sourcedns.repo chmod 0644 /etc/yum.repos.d/${XVPS_BRANCH}.repos.int.sourcedns.repo ;; production) mv /etc/yum.repos.d/${XVPS_BRANCH}.repos.int.sourcedns.repo /etc/yum.repos.d/repos.int.sourcedns.repo sed -i 's/BRANCH.//g' /etc/yum.repos.d/repos.int.sourcedns.repo sed -i 's/\/6\//\/7\//g' /etc/yum.repos.d/repos.int.sourcedns.repo chmod 0644 /etc/yum.repos.d/repos.int.sourcedns.repo ;; esac # Set up the provisioning repos (priority=1) wget -O /usr/src/prov-setup.sh http://192.168.0.1/kickstart/scripts/prov-setup.sh chmod 644 /usr/src/prov-setup.sh /bin/sh /usr/src/prov-setup.sh # Repos configured clean and update yum clean all yum update -y #### # # Packages and Services update # #### # fuse-ntfs-3g and ntfsprogs - NTFS file system manipulation # gdisk - GPT attribute handling # scsi-target-utils for RPM in scsi-target-utils fuse-ntfs-3g ntfsprogs gdisk; do yum -y install ${RPM} done ##### # # Configurations updates # ##### # Disable graphical boot screen sed -i 's/rhgb\|quiet//g' /etc/default/grub # Set crashkernel=no because kdump (kexec-tools) is removed # Also set cgroup_disable=memory sed -i 's/crashkernel=auto/crashkernel=no cgroup_disable=memory/g' /etc/default/grub # preserve the changes made to grub grub2-mkconfig -o /boot/grub2/grub.cfg #Set up ssh keys mkdir -p /root/.ssh chmod 700 /root/.ssh wget -O /root/.ssh/authorized_keys http://192.168.0.1/kickstart/files/root/.ssh/authorized_keys # Need to replace the NTP pools with our own sed -i 's/centos\.pool\.ntp\.org/time\.liquidweb\.com iburst/g' /etc/ntp.conf #sed -i 's/^server 2.time.liquidweb.com iburst/server 2.time.liquidweb.com iburst\nserver 3.time.liquidweb.com iburst/' /etc/ntp.conf # setup bash eternal history wget -O /etc/bashrc http://192.168.0.1/kickstart/files/etc/bashrc chmod 644 /etc/bashrc chown root.root /etc/bashrc mkdir -p /usr/local/lp/logs touch /usr/local/lp/logs/bash_eternal_history chmod 777 /usr/local/lp/logs/bash_eternal_history chattr +a /usr/local/lp/logs/bash_eternal_history # Make /etc/rc.d/rc.local executable. Needed for p-agent start at boot chmod +x /etc/rc.d/rc.local # Set up logrotate config for brcmiscsi.log wget -O /etc/logrotate.d/brcmiscsi http://192.168.0.1/kickstart/configs/brcmiscsi chmod 0644 /etc/logrotate.d/brcmiscsi for RPM in lp-skel fuse-ntfs-3g ntfsprogs gdisk; do yum -y install ${RPM} done # Turn uneeded services off for service in cpuspeed networkmanager nfslock rpcgssd ksm ksmtuned; do systemctl disable $service done # Turn needed services on for service in ntpd tgtd; do systemctl enable $service done # Set up logrotate config for brcmiscsi.log wget -O /etc/logrotate.d/brcmiscsi http://192.168.0.1/kickstart/configs/brcmiscsi chmod 0644 /etc/logrotate.d/brcmiscsi # Install Raider (raid monitoring utility) yum -y install raider # Disables mdraid notifcations on Storm servers (0), which is enabled by default (1) sed -i 's/enable_mdraid_notifications = 1/enable_mdraid_notifications = 0/' /etc/raider/raider.conf # FS#4600 - for dev and staging, update raider contact to devadmin-queue@liquidweb.com if [ $XVPS_BRANCH = "dev" ] || [ $XVPS_BRANCH = "staging" ]; then sed -i 's/api_notifications = 1/api_notifications = 0/' /etc/raider/raider.conf sed -i 's/support@liquidweb.com/devadmin-queue@liquidweb.com/' /etc/raider/raider.conf fi # Get lw sso setup script (staging and production) case $XVPS_BRANCH in staging|production) wget -O /tmp/sso_setup.sh http://192.168.0.1/kickstart/scripts/sso_setup.sh chmod +x /tmp/sso_setup.sh ;; esac # Modify /etc/updatdb.conf to exclude backup drives (otherwise crash backup server) grep -q '/backup' /etc/updatedb.conf || sed -i -e 's/^PRUNEPATHS\(.*\)"/PRUNEPATHS\1 \/backup0 \/backup1 \/backup2 \/backup3 \/backup4 "/i' /etc/updatedb.conf # Set IPMI devices to static with 0.0.0.0 IP # runs script once on reboot and script removes itself if [ "$(dmidecode --type 38 |grep IPMI)" != "" ]; then yum -y install OpenIPMI ipmitool # @reboot cron to load kernel modules cat >> /etc/cron.d/ipmi_disable << EOF PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin @reboot root [ -f '/tmp/ipmi_static.sh' ] && /bin/bash /tmp/ipmi_static.sh > /dev/null 2>&1 EOF wget -O /tmp/ipmi_static.sh http://192.168.0.1/kickstart/scripts/ipmi_static.sh chmod +x /tmp/ipmi_static.sh fi # Cron job to keep ntpd running and system clock up to date cat > /etc/cron.daily/ntp_update << 'EOF' #!/bin/env bash PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin # Avoid all systems running at same time sleep $[ ( $RANDOM % 60 ) + 1 ]s NTP_SERVER=$(awk '$1 ~ /^server$/ && $2 !~ /^127\./ {print $2;exit;}' /etc/ntp.conf) timeout 60s ntpdate -u -b $NTP_SERVER >/dev/null && timeout 60s hwclock --systohc timeout 60s service ntpd status 2>/dev/null | grep -qE "failed|dead|stopped" && timeout 60s service ntpd start 2>/dev/null EOF chmod 700 /etc/cron.daily/ntp_update # Set zone to be passed to xvps_autosetup.pl if [ $XVPS_BRANCH = "dev" ] || [ $XVPS_BRANCH = "staging" ] && [[ $(cat /proc/cmdline | grep -w "lwsetup=auto") ]]; then ZONE=$(cat /root/zone) rm -rf /root/zone elif [ $XVPS_BRANCH = "production" ] && [[ $(cat /proc/cmdline | grep -w "lwsetup=auto") ]]; then # get zone ID for autosetup script ZONE=$( awk -F"zone=" '{print $2}' /proc/cmdline | awk '{print $1}' ) fi # Autoprovion actions if [ "`dmesg | grep lwsetup=auto`" != "" ]; then # @reboot cron to setup LW SSO, needs network to be configured cat >> /etc/cron.d/sso_setup << EOF PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin @reboot root [ -f '/tmp/sso_setup.sh' ] && /bin/bash /tmp/sso_setup.sh > /dev/null 2>&1 EOF # Run xvps_autosetup to provision hostname and IP cd /root/ wget http://192.168.0.1/kickstart/64/xvps_autosetup/xvps_autosetup.conf wget http://192.168.0.1/kickstart/scripts/xvps_autosetup.pl chmod +x xvps_autosetup.pl ./xvps_autosetup.pl ${ZONE} # Removes xvps_autosetup scripts if script fails if [ -e /root/xvps_autosetup.pl -o /root/xvps_autosetup.conf ]; then rm -rf /root/xvps_autosetup.* fi # if error found in autosetup place error at prompt, otherwise # place server info at login prompt # if [ -e /root/xvps_autosetup_HALTED ]; then autosetup_error=$(cat /var/log/xvps_autosetup.log | awk -F CRIT: '{print $2}') echo "=============================================" >> /etc/issue echo "AUTOSETUP HALTED !" >> /etc/issue echo "Reason:" $autosetup_error >> /etc/issue echo "please see /var/log/xvps_autosetup.log" >> /etc/issue echo "=============================================" >> /etc/issue echo "" >> /etc/issue else # Host info at console prompt lp_uid=$(cat /usr/local/lp/etc/lp-UID) echo "=============================================" >> /etc/issue echo "Hostname: \n" >> /etc/issue echo "UID:" $lp_uid >> /etc/issue echo "=============================================" >> /etc/issue echo "" >> /etc/issue case ${XVPS_BRANCH} in dev) NAME_SRV="10.30.152.4" ;; staging) NAME_SRV="10.30.51.28" ;; production) NAME_SRV="10.10.10.10" ;; esac # Populate resolv.conf based on environment cat > /etc/resolv.conf << EOF domain liquidweb.com search liquidweb.com nameserver ${NAME_SRV} EOF fi # If not autosetup, install manualipsetup.sh to set hostname and netowork config manually after reboot else wget -O /root/manualipsetup.sh http://192.168.0.1/kickstart/scripts/manualipsetup.sh chmod 0755 /root/manualipsetup.sh fi # Disable Peer DNS to prevent resolv.conf from being autopopulated echo "PEERDNS=\"no\"" >> /etc/sysconfig/network-scripts/ifcfg-eth0 # Set eth1 to not start on boot sed -i 's/ONBOOT=yes/ONBOOT=no/g' /etc/sysconfig/network-scripts/ifcfg-eth1 sed -i 's/IPV6INIT=yes/IPV6INIT=no/g' /etc/sysconfig/network-scripts/ifcfg-eth1 %end