Configuration script

From OLPC
Jump to: navigation, search

This script is run automatically when the server is restarted after the initial install. It completes the configuration except for the network eth0 (WAN) side which depends on school-specific information. That configuration is done via the netsetup script. 

#!/bin/bash
set -x
set -o nounset
set -o errexit
echo "install.sh version 2.0" > /tmp/summary.log
#complete install and configuration of XS
#get command line arguments school, server
USAGE="usage: ./XSinstall school server"
set +o errexit
if [ -z $1 ]; then echo $USAGE; exit 1;fi
if [ -z $2 ]; then echo $USAGE; exit 1;fi
if [ -n $1 ]
  then SCHOOL=$1
  else echo $USAGE; exit 1 
fi
if [ -n $2 ]
  then SERVER=$2
  else echo $USAGE; exit 1
fi
set +o errexit
echo "school is $SCHOOL" >> /tmp/summary.log
echo "server is $SERVER" >> /tmp/summary.log
echo "execute olpc domain_config script" >> /tmp/summary.log
/etc/sysconfig/olpc-scripts/domain_config schoolnet.gov.np
echo "fix dhcp range" >> /tmp/summary.log
sed 's/172.18.0.2 /172.18.0.12 /g' /etc/dhcpd-xs.conf > /tmp/work
cp /tmp/work /etc/dhcpd-xs.conf
echo "Edit /etc/hosts"  >> /tmp/summary.log
#edit /etc/hosts
LINE1=" 192.168.5.$SERVER   schoolserver1.$SCHOOL.schoolnet.gov.np"
LINE2=" 172.18.0.1     schoolserver"
sed "s/conference.schoolserver/conference.schoolserver\n$LINE1\n$LINE2/g" /etc/hosts > /tmp/hosts
cp /tmp/hosts /etc/hosts
echo "/tmp/hosts" >> /tmp/summary.log
cat /tmp/hosts >> /tmp/summary.log
echo "remove unused interfaces" >>/tmp/summary.log
#remove unused interfaces
service network stop
rm /etc/sysconfig/network-scripts/ifcfg-msh*
rm /etc/sysconfig/network-scripts/ifcfg-br*
rm /etc/sysconfig/network-scripts/ifcfg-eth1:1
rm /etc/sysconfig/network-scripts/ifcfg-eth2
rm /etc/sysconfig/network-scripts/ifcfg-eth3
rm /etc/sysconfig/network-scripts/ifcfg-eth4
echo "edit ifcfg-eth0" >> /tmp/summary.log
#change eth0 to use static address: 192.168.5.$SERVER
cd /etc/sysconfig/network-scripts
sed 's/BOOTPROTO=dhcp/#BOOTPROTO=dhcp/g' /etc/sysconfig/network-scripts/ifcfg-eth0 > /tmp/work
cp /tmp/work /tmp/eth0
SEARCH='a static address is assigned'
sed "s/$SEARCH/$SEARCH\nIPADDR=192.168.5.$SERVER\nNETMASK=255.255.255.0\nGATEWAY=192.168.5.1\nBOOTPROTO=static/g" /tmp/eth0 >/tmp/work
cp /tmp/work /tmp/eth0
sed 's/HWADDR/#HWADDR/g' /tmp/eth0 /tmp/work
cp /tmp/work /etc/sysconfig/network-scripts/ifcfg-eth0
echo "ifcfg-eth0" >> /tmp/summary.log
cat ifcfg-eth0 >>/tmp/summary.log
echo "restart eth0" >>/tmp/summary.log
echo "edit ifcfg-eth1"  >> /tmp/summary.log
#change eth1 to use static address 172.18.0.1
sed 's/DEVICE=eth1/DEVICE=eth1\nBOOTPROTO=static/g' /etc/sysconfig/network-scripts/ifcfg-eth1 > /tmp/work
cp /tmp/work /tmp/eth1
sed 's/IPADDR.*$/IPADDR=172.18.0.1/g' /tmp/eth1 /tmp/work
cp /tmp/work /tmp/eth1
sed 's/NETMASK.*$/NETMASK=255.255.254.0/g' /tmp/eth1 /tmp/work
cp /tmp/work /tmp/eth1
sed 's/NETWORK.*$/NETWORK=172.18.0.0/g' /tmp/eth1 /tmp/work
cp /tmp/work /tmp/eth1
sed "s/BROADCAST.*$/BROADCAST=172.18.1.255\nGATEWAY=192.168.5.$SERVER/g" /tmp/eth1 /tmp/work
cp /tmp/work /tmp/eth1
sed 's/HWADDR/#HWADDR/g' /tmp/eth1 >/tmp/work
cp /tmp/work /etc/sysconfig/network-scripts/ifcfg-eth1
echo "ifcfg-eth1" >>/tmp/summary.log
cat ifcfg-eth1 >> /tmp/summary.log
echo "restart eth1" >> /tmp/summary.log
echo "disable IPV6" >> /tmp/summary.log
#check that IPV6 is disabled:
#confirm that /etc/sysconfig/network contains the lines:
sed 's/NETWORKING=.*$/NETWORKING=yes/g' /etc/sysconfig/network >/tmp/work
cp /tmp/work /tmp/network
sed 's/NETWORKING_IPV6.*$/NETWORKING_IPV6=no/g' /tmp/network >/tmp/work
cp /tmp/work /tmp/network
sed 's/IPV6FORWARDING.*$/IPV6FORWARDING=no/g' /tmp/network > /tmp/work
cp /tmp/work /tmp/network
sed "s/IPV6_AUTOCONF.*$/IPV6_AUTOCONF=no\nHOSTNAME=schoolserver1.$SCHOOL.schoolnet.gov.np/g" /tmp/network > /tmp/work
cp /tmp/work /etc/sysconfig/network
echo "/etc/sysconfig/network" >> /tmp/summary.log
cat /etc/sysconfig/network >> /tmp/summary.log
echo "fix resolv.conf" >> /tmp/summary.log
sed "s/nameserver.*$/nameserver 172.18.0.1\nnameserver 192.168.5.1/g" /etc/resolv.conf > /tmp/work
cp /tmp/work /etc/resolv.conf
service network restart
echo "ifconfig" >> /tmp/summary.log
ifconfig >> /tmp/summary.log
echo "Setup SSH access" >> /tmp/summary.log
#setup SSH access
#provide admin user since SSH cannot log in as root
useradd admin
echo "admin"|passwd --stdin admin
usermod -a -G wheel admin
sed 's/^PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config > /tmp/work
cp /tmp/work /etc/ssh/sshd_config
service sshd restart



####configure MySQL
PASSWORD=mysqlroot
service mysqld restart
(mysqld_safe --skip-grant-tables &)
echo "mysqld_safe started" >> /tmp/summary.log
sleep 8
mysql -u root -e "use mysql; update user set password = PASSWORD(\"$PASSWORD\") where user = \"root\"" |tee >> /tmp/summary.log
echo "mysql update successful"
service mysqld stop
sleep 8

## migrate mysql-data to a new place
/bin/mv /var/lib/mysql /library/mysql-data
chown mysql:mysql -R /library/mysql-data
cp -varfp my.cnf /etc/my.cnf
chkconfig --level 345 mysqld on
echo '## migrating mysql-data to a new place [done]'

################# SQUID ###############################
cat /root/squid-xs.conf > /etc/squid/squid-xs.conf
cat /root/squid-xs.conf > /etc/squid/squid.conf
echo "change cache owner" >> /tmp/summary.log
chown -R squid:squid /library/cache
echo "start iptables and squid" >> /tmp/summary.log
chkconfig --level 345 iptables off
chkconfig --level 345 squid on

############## making data dir for moodle
echo '############## making data dir for moodle'
mkdir /library/moodledata
chown -R apache:apache /library/moodledata
mkdir  /library/Activities/
ln -s /library/Activities /var/www/moodle/Activities
chown -R apache:apache /library/Activities

############ TURN ON some services
chkconfig --level 345 named on 
chkconfig --level 345 network on 
chkconfig --level 345 squid on 
chkconfig --level 345 httpd on
chkconfig --level 345 dhcpd on

#configure ejabberd
#reset to be sure
service ejabberd stop
echo "configure ejabberd"  >> /tmp/summary.log
cp -varf /root/ejabberd.cfg /etc/ejabberd/
service ejabberd restart
sleep 6
ejabberdctl ejabberd@schoolserver register admin schoolserver admin



sed -i 's/8080/12121/' /etc/dansguardian/dansguardian.conf
sed -i '/root/d' /etc/rc.local
echo 'iptables -t filter -F' >> /etc/rc.local
echo 'iptables -t nat -F' >> /etc/rc.local
echo 'iptables -t mangle -F' >> /etc/rc.local
echo 'iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE' >> /etc/rc.local
echo 'iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-ports 12121' >> /etc/rc.local
echo 'dansguardian -Q' >> /etc/rc.local
##eject
reboot
Retrieved from "http://wiki.laptop.org/mediawiki/index.php?title=Configuration_script&oldid=181777"