# Storm Xen host Kickstart install url --url=http://syspackages.xvps.liquidweb.com/production/packages/mirrors/centos/5/os/x86_64 lang en_US.UTF-8 keyboard us network --noipv6 --bootproto=dhcp --device=eth0 --onboot=on --hostname template.xvps.liquidweb.com rootpw --iscrypted $6$w2MP/zvO$JDe3v33rHVo.MVxpUtUA3TEtoXpZKjpS1oHFixgRPcDufb6dq6t8k2yz5nM/pkRKRjVA1G9A1JSBoO13rYOe0. firewall --disabled authconfig --enableshadow --enablemd5 selinux --disabled timezone --utc GMT text reboot bootloader --location=mbr %include /tmp/part-include %pre #!/bin/sh # Determines if multiple drives are present and partitions drives # /boot 10Gb # swap 2G # / 10G # volume group LVM for the rest of the disk # on sda (if only one drive exists, if more than one exist determines the smaller of the 2) # NOTE: "huge" host parents will have a > 2Tb drive, normaly raided, for LVM. set $(list-harddrives) let numhd=$#/2 drive1=$1 drive1_size=$(echo $2 |awk -F. '{print $1}') drive2=$3 drive2_size=$(echo $4 |awk -F. '{print $1}') if [ ${numhd} -eq 1 ]; then drive1_size=$(fdisk -l | awk '/\/dev\/'${drive1}':/ {print $3}' | cut -d"." -f1 ) if [ ${drive1_size} -gt 2000 ]; then exec < /dev/tty1 > /dev/tty1 chvt 1 echo "" echo "Server contains a single drive greater than 2Tb in zone A.LAN " echo "Please install an additional drive for the OS (less than 2Tb) and try again" echo -n ":" read NULL reboot else echo "clearpart --all --initlabel" >> /tmp/part-include echo "part /boot --fstype ext3 --ondisk=${drive1} --size=100 --asprimary" >> /tmp/part-include echo "part swap --size=2048 --ondisk=${drive1} --asprimary" >> /tmp/part-include echo "part / --fstype ext3 --ondisk=${drive1} --size=10240 --asprimary" >> /tmp/part-include echo "part pv.1 --size=0 --ondisk=${drive1} --grow --asprimary" >> /tmp/part-include echo "volgroup LVM --pesize=32768 pv.1" >> /tmp/part-include fi elif [ ${numhd} -eq 2 ]; then if [ ${drive1_size} -le ${drive2_size} ]; then PRIMARY=${drive1} LVM=${drive2} else PRIMARY=${drive2} LVM=${drive1} fi echo "clearpart --all --initlabel" >> /tmp/part-include echo "part /boot --fstype ext3 --ondisk=${PRIMARY} --size=100 --asprimary" >> /tmp/part-include echo "part swap --size=2048 --ondisk=${PRIMARY} --asprimary" >> /tmp/part-include echo "part / --fstype ext3 --ondisk=${PRIMARY} --size=10240 --asprimary" >> /tmp/part-include echo "part pv.1 --size=0 --ondisk=${LVM} --grow --asprimary" >> /tmp/part-include echo "volgroup LVM --pesize=32768 pv.1" >> /tmp/part-include fi %packages vim-enhanced ntp dev86 glibc-devel gcc gcc-c++ make automake libtool zlib-devel libX11-devel openssl-devel ncurses-devel pciutils-devel python-devel texinfo bridge-utils PyXML perl-TimeDate perl-DateManip perl-libxml-perl perl-XML-Parser perl-XML-Simple mysql mysql-devel perl-DBI perl-DBD-MySQL perl-Crypt-SSLeay subversion screen arptables_jf psacct scsi-target-utils iscsi-initiator-utils sg3_utils strace -mlocate -virt-manager -kvm -gnome-applet-vm -qemu -yum-updatesd -ypbind -wireless-tools -bluez-utils -selinux-policy-targeted -cups %post # XVPS_BRANCH - Set Branch type (production, staging, dev) if [ "$(cat /proc/cmdline | grep lwparam=xvps-production)" != "" ]; then XVPS_BRANCH=production elif [ "$(cat /proc/cmdline | grep lwparam=xvps-staging)" != "" ]; then XVPS_BRANCH=staging elif [ "$(cat /proc/cmdline | grep lwparam=xvps-dev)" != "" ]; then XVPS_BRANCH=dev fi # PYTPE - Set Parent type (normal, baremetal, or vps) if [ "$(cat /proc/cmdline | grep lwptype=normal)" != "" ]; then PTYPE=normal elif [ "$(cat /proc/cmdline | grep lwptype=baremetal)" != "" ]; then PTYPE=baremetal elif [ "$(cat /proc/cmdline | grep lwptype=vps)" != "" ]; then PTYPE=vps fi mkdir -p /usr/local/lp/etc/ echo "$XVPS_BRANCH" > /usr/local/lp/etc/XVPS_BRANCH echo "$PTYPE" > /usr/local/lp/etc/PTYPE #----------------------------------------- # Set up yum repos with yum-priorities set #----------------------------------------- # rm default repos from install rm -f /etc/yum.repos.d/{CentOS-Base,CentOS-Debuginfo,CentOS-Media}.repo # 4 yum repos in order of priority (1 being highest priority) # # 1. prov.repos.int = internal prov packages repository (modified for CentOS 5) # 2. repos.int = internal only packages repository (modified for CentOS 5) # 3. .sourcedns.com repo = our custom packages repository (modified for CentOS 5) # 4. yum.system-xvps.repo = our modified/custom upstream Storm CentOS 5 repo #--------------- # prov.repos.int #--------------- wget -O /etc/yum.repos.d/${XVPS_BRANCH}.prov.repos.int.sourcedns.repo http://192.168.0.1/kickstart/repos/prov.repos.int.sourcedns.repo case $XVPS_BRANCH in dev|staging) sed -i 's/BRANCH./'$XVPS_BRANCH'./g' /etc/yum.repos.d/${XVPS_BRANCH}.prov.repos.int.sourcedns.repo sed -i 's/RELEASE/5/g' /etc/yum.repos.d/${XVPS_BRANCH}.prov.repos.int.sourcedns.repo chmod 0644 /etc/yum.repos.d/${XVPS_BRANCH}.prov.repos.int.sourcedns.repo rpm --import http://${XVPS_BRANCH}.prov.repos.int.sourcedns.com/provrpm.pub.key ;; production) mv /etc/yum.repos.d/${XVPS_BRANCH}.prov.repos.int.sourcedns.repo /etc/yum.repos.d/prov.repos.int.sourcedns.repo sed -i 's/BRANCH.//g' /etc/yum.repos.d/prov.repos.int.sourcedns.repo sed -i 's/RELEASE/5/g' /etc/yum.repos.d/prov.repos.int.sourcedns.repo chmod 0644 /etc/yum.repos.d/prov.repos.int.sourcedns.repo rpm --import http://prov.repos.int.sourcedns.com/provrpm.pub.key ;; esac #----------- # repos.int #----------- wget -O /etc/yum.repos.d/${XVPS_BRANCH}.repos.int.sourcedns.repo http://192.168.0.1/kickstart/repos/repos.int.sourcedns.repo case $XVPS_BRANCH in dev|staging) sed -i 's/BRANCH./'$XVPS_BRANCH'./g' /etc/yum.repos.d/${XVPS_BRANCH}.repos.int.sourcedns.repo sed -i 's/\/6\//\/5\//g' /etc/yum.repos.d/${XVPS_BRANCH}.repos.int.sourcedns.repo chmod 0644 /etc/yum.repos.d/${XVPS_BRANCH}.repos.int.sourcedns.repo ;; production) mv /etc/yum.repos.d/${XVPS_BRANCH}.repos.int.sourcedns.repo /etc/yum.repos.d/repos.int.sourcedns.repo sed -i 's/BRANCH.//g' /etc/yum.repos.d/repos.int.sourcedns.repo sed -i 's/\/6\//\/5\//g' /etc/yum.repos.d/repos.int.sourcedns.repo chmod 0644 /etc/yum.repos.d/repos.int.sourcedns.repo ;; esac #---------------------------- # .sourcedns.com repo #---------------------------- wget -O /etc/yum.repos.d/${XVPS_BRANCH}.sourcedns.com.repo http://192.168.0.1/kickstart/repos/sourcedns.com.repo sed -i 's/BRANCH/'$XVPS_BRANCH'/g' /etc/yum.repos.d/${XVPS_BRANCH}.sourcedns.com.repo sed -i 's/\/6\//\/5\//g' /etc/yum.repos.d/${XVPS_BRANCH}.sourcedns.com.repo chmod 0644 /etc/yum.repos.d/${XVPS_BRANCH}.sourcedns.com.repo # Install gpg key for sourcedns.com repos (same key for each ${XVPS_BRANCH}) rpm --import http://syspackages.sourcedns.com/packages.pub.key #--------------------- # yum.system-xvps.repo #--------------------- wget -O /etc/yum.repos.d/yum.system-xvps-${XVPS_BRANCH}.repo http://192.168.0.1/kickstart/xen/repos/yum.system-xvps.repo sed -i 's/BRANCH/'$XVPS_BRANCH'/g' /etc/yum.repos.d/yum.system-xvps-${XVPS_BRANCH}.repo chmod 0644 /etc/yum.repos.d/yum.system-xvps-${XVPS_BRANCH}.repo # Install CentOS 5 gpg-pubkey rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5 # yum-priorities is NOT in the default CentOS 5 base packages, but is in our custom Storm CentOS 5 base repo # lp-skel needed for sonarpush yum -y install yum-priorities lp-skel yum clean all && yum -y update # set install rpm limit to 3; since /boot is only 100Mb sed -i 's/installonly_limit = 5/installonly_limit = 3/g' /etc/yum.conf # Turn off uneeded services for service in ConsoleKit dnsmasq libvirtd fuse haldaemon acpid anacron apmd atd auditd avahi-daemon bluetooth cmastor cpuspeed cups gpm hidd hpsmhd ip6tables isdn mcstrans mdmonitor messagebus nfslock pcscd portmap readahead_early readahead_later rpcgssd smartd yum-updatesd; do chkconfig $service off; done # Need to replace the NTP pools with our own sed -i 's/centos\.pool\.ntp\.org/time\.liquidweb\.com iburst/g' /etc/ntp.conf sed -i 's/^server 2.time.liquidweb.com iburst/server 2.time.liquidweb.com iburst\nserver 3.time.liquidweb.com iburst/' /etc/ntp.conf chkconfig ntpd on # Disables blank (screensaver) option for console echo "setterm -powersave off -blank 0" >> /etc/rc.local # Legacy syslog.conf for Xen hosts, # keeping to ensure consistency between hosts if [ ${XVPS_BRANCH} == production ]; then # cat > /etc/syslog.conf.new << EOF *.info;mail.none;authpriv.none;cron.none /var/log/messages authpriv.* /var/log/secure mail.* -/var/log/maillog cron.* /var/log/cron *.emerg * uucp,news.crit /var/log/spooler local7.* /var/log/boot.log *.* @10.30.43.254 EOF # replaces syslog.conf [ -s /etc/syslog.conf.new ] && mv -f /etc/syslog.conf.new /etc/syslog.conf fi # setup bash eternal history wget -O /etc/bashrc http://192.168.0.1/kickstart/files/etc/bashrc chmod 644 /etc/bashrc chown root.root /etc/bashrc mkdir -p /usr/local/lp/logs touch /usr/local/lp/logs/bash_eternal_history chmod 777 /usr/local/lp/logs/bash_eternal_history chattr +a /usr/local/lp/logs/bash_eternal_history # Set up ssh keys mkdir -p /root/.ssh chmod 700 /root/.ssh wget -O /root/.ssh/authorized_keys http://192.168.0.1/kickstart/files/root/.ssh/authorized_keys # FS3860 dmeventd memory leak wget -q -O - http://192.168.0.1/kickstart/xen/scripts/prune_locales.sh | bash # update sysctl.conf settings perl -pi -e "s/^kernel.sysrq = 0/kernel.sysrq = 1/g" /etc/sysctl.conf # Sets TCP syncookies echo "net.ipv4.tcp_syncookies = 1" >> /etc/sysctl.conf echo 1 > /proc/sys/net/ipv4/tcp_syncookies # Fix for FS#3379 and FS#3492 # Set ip_conntrack_max settings cat >> /etc/sysctl.conf < /etc/modprobe.d/ip_conntrack chmod 644 /etc/modprobe.d/ip_conntrack # module script needed to prevent ip_conntrack module setting being overriden cat > /etc/sysconfig/modules/ip_conntrack.modules << EOF #!/bin/sh modprobe ip_conntrack > /dev/null 2>&1 sysctl -p > /dev/null 2>&1 EOF chmod +x /etc/sysconfig/modules/ip_conntrack.modules # place build_firewall script mkdir -p /usr/local/lp/bin /usr/bin/wget -O /usr/local/lp/bin/build_firewall.pl http://192.168.0.1/kickstart/virt-firewall/build_firewall.pl chown root:root /usr/local/lp/bin/build_firewall.pl chmod 755 /usr/local/lp/bin/build_firewall.pl # install ebtables, modify config, and start at boot yum -y install ebtables sed -i 's/EBTABLES_BINARY_FORMAT="yes"/EBTABLES_BINARY_FORMAT="no"/' /etc/sysconfig/ebtables-config # Turn on needed services at boot for i in ebtables iptables psacct tgtd; do chkconfig $i on done # Install provisioning rpms needed for Xen host # rpms in prov.int. yum repo #---------------------------------------------- # perl-JSON needed for raider and autosetup (for all $XVPS_BRANCH) yum -y install perl-JSON if [ ${XVPS_BRANCH} = "staging" ] || [ ${XVPS_BRANCH} = "production" ]; then # Installs Provisiong agent rpms yum -y install perl-XML-LibXML perl-TimeDate perl-HTML-Parser perl-DateManip perl-libwwww-perl yum -y install lp-prov-parent-xen # Installs XVPS backup software yum -y install lp-backup-xvps yum -y install clone2fs fi # Install sonarpush and lw-sso-5 for staging or production case ${XVPS_BRANCH} in staging|production) yum -y install sonarpush wget -O /tmp/sso_setup.sh http://192.168.0.1/kickstart/scripts/sso_setup.sh chmod +x /tmp/sso_setup.sh ;; esac # Install Raider (raid monitoring utility) yum -y install raider # FS#4600 - for dev and staging, update raider contact to devadmin-queue@liquidweb.com if [ ${XVPS_BRANCH} = "dev" ] || [ ${XVPS_BRANCH} = "staging" ]; then sed -i 's/api_notifications = 1/api_notifications = 0/' /etc/raider/raider.conf sed -i 's/support@liquidweb.com/devadmin-queue@liquidweb.com/' /etc/raider/raider.conf fi mkdir -p /xen/configs /xen/mnt /xen/images wget -O /xen/images/grub_installer.iso http://$XVPS_BRANCH.sourcedns.com/kickstart/storm/xen/grub_installer.iso wget -O /xen/images/virt-chroot.iso http://$XVPS_BRANCH.sourcedns.com/kickstart/storm/virt-chroot.iso wget -O /xen/images/idera-5.4.1.iso http://$XVPS_BRANCH.sourcedns.com/kickstart/storm/idera-5.4.1.iso #------------ # Install Xen from repos (lw-xen lw-xen-libs lw-xen-devel lw-xen-configs) # ----------- # kernel-xen install yum -y install kernel-xen kernel-xen-devel # Ensure newest xen kernel is default at boot echo "$(rpm -q kernel-xen | awk 'END { gsub("kernel-xen-",""); print $1 }')xen" > /usr/local/lp/etc/default_xen_kernel # FS#4283 - xen modules (netbk, blkbk, blktap) add to be compiled dom0 kernel (lw-xen rpm install) # ***NOTE: without these modules loaded in the xen kernel our Storm Test creates FAIL! # future addition to lw-xen rpm, may allow us to remove this from the ks script echo "MODULES=\"netbk blkbk blktap\"" > /etc/sysconfig/mkinitrd/xen chmod +x /etc/sysconfig/mkinitrd/xen # Install lw-xen packages yum -y install lw-xen lw-xen-libs lw-xen-devel # Install lw-xen-configs (separate line for small delay to make sure previous line completes) yum -y install lw-xen-configs # Set IPMI devices to static with 0.0.0.0 IP # runs script once on reboot and script removes itself if [ "$(dmidecode --type 38 |grep IPMI)" != "" ]; then yum -y install OpenIPMI OpenIPMI-tools # must add IPMI module for CentOS 5 cat >> /etc/sysconfig/modules/ipmi.modules << EOF #!/bin/bash if [ ! -c /dev/ipmi0 ]; then modprobe ipmi_devintf fi modprobe ipmi_si exit 0 EOF chmod +x /etc/sysconfig/modules/ipmi.modules # @reboot cron to load kernel modules cat >> /etc/cron.d/ipmi_disable << EOF PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin @reboot root [ -f '/tmp/ipmi_static.sh' ] && /bin/bash /tmp/ipmi_static.sh > /dev/null 2>&1 EOF wget -O /tmp/ipmi_static.sh http://192.168.0.1/kickstart/scripts/ipmi_static.sh # CentOS 5 need additional module loaded sed -i '/ipmi_watchdog/a \ /sbin/modprobe ipmi_si >/dev/null 2>&1' /tmp/ipmi_static.sh chmod +x /tmp/ipmi_static.sh fi #-------------- # Xen Autosetup #-------------- if [ "$(cat /proc/cmdline | grep lwsetup=auto)" != "" ]; then # @reboot cron to setup LW SSO, needs network to be configured cat >> /etc/cron.d/sso_setup << EOF PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin @reboot root [ -f '/tmp/sso_setup.sh' ] && /bin/bash /tmp/sso_setup.sh > /dev/null 2>&1 EOF #Get zone number from kickstart server (used for xvps_xen_autosetup.pl) ZONE=$(curl http://192.168.0.1/kickstart/64/zone) wget -O /root/xvps_autosetup.conf http://192.168.0.1/kickstart/64/xvps_autosetup/xvps_autosetup.conf wget -O /root/xvps_xen_autosetup.pl http://192.168.0.1/kickstart/scripts/xvps_xen_autosetup.pl chmod +x /root/xvps_xen_autosetup.pl ./root/xvps_xen_autosetup.pl $ZONE # clean up files used for autosetup # Removes xvps_autosetup scripts if script fails if [ -e /root/xvps_xen_autosetup.pl -o /root/xvps_autosetup.conf ]; then rm -rf /root/xvps_xen_autosetup.pl rm -rf /root/xvps_autosetup.conf fi # if error found in autosetup place error at prompt, otherwise # place server info at login prompt # # fs#5649 - eth0 interface is 1Gb speed detection # fs#6112 - eth0 interface is Intel if [ -e /root/xvps_autosetup_HALTED ]; then autosetup_error=$(cat /var/log/xvps_autosetup.log | awk -F CRIT: '{print $2}') echo "=============================================" >> /etc/issue echo "AUTOSETUP HALTED !" >> /etc/issue echo "Reason:" $autosetup_error >> /etc/issue echo "please see /var/log/xvps_autosetup.log" >> /etc/issue echo "=============================================" >> /etc/issue echo "" >> /etc/issue else # Host info at console prompt lp_uid=$(cat /usr/local/lp/etc/lp-UID) echo "=============================================" >> /etc/issue echo "Hostname: \n" >> /etc/issue echo "UID:" $lp_uid >> /etc/issue echo "=============================================" >> /etc/issue echo "" >> /etc/issue # Set resolv.conf cat > /etc/resolv.conf << EOF domain liquidweb.com search liquidweb.com nameserver 10.10.10.10 EOF fi else # If this is not autosetup, place manualipsetup.sh script on host mkdir -p /home/temp wget -O /home/temp/manualipsetup.sh http://192.168.0.1/kickstart/xen/scripts/manualipsetup.sh chmod +x /home/temp/manualipsetup.sh fi