9IStackLib

by toanadmin
0 deployments · 0 still active · last rev. 7 months ago

StackScript Bash Library for Centos 7

Does nothing on its own. Do not deploy directly.

A collection of useful bash functions to be included in other bash StackScripts with a "source <ssinclude StackScriptID=16496>" line.

Compatible with: CentOS 7
						#!/bin/bash
#
# StackScript Bash Library
#
# Copyright (c) 2016 9I Global / toan@9ient.com , hieubd@9ient.com


###########################################################
# System
###########################################################

function system_update {
    yum install -y -q epel-release
    yum -y -q update 
}

function system_primary_ip {
    # returns the primary IP assigned to eth0
    echo $(ifconfig eth0 | awk -F: '/inet addr:/ {print $2}' | awk '{ print $1 }')
}


function set_system_hostname {
    # $1 - The hostname to define
    HOSTNAME="$1"
        
    if [ ! -n "$HOSTNAME" ]; then
        echo "Hostname undefined"
        return 1;
    fi
    
    echo "$HOSTNAME" > /etc/hostname
    hostname -F /etc/hostname
}

function log {
  echo "$1 `date '+%D %T'`"
}

# $1 - PUBIP, $2 - GATEWAY, $3 - PRIVATEIP
function set_static_linode_ip {
  echo -e "# Configuration for eth0
DEVICE=eth0
BOOTPROTO=static
NM_CONTROLLED=no
PEERDNS=no
# This line ensures that the interface will be brought up during boot.
ONBOOT=yes
# eth0 - This is the main IP address that will be used for most outbound connections.
# The netmask is taken from the PREFIX (where 24 is Public IP, 17 is Private IP).

GATEWAY=${2}

IPADDR0=${1}
PREFIX0=\"24\"

IPADDR1=${3}
PREFIX1=\"17\" " > /etc/sysconfig/network-scripts/ifcfg-eth0
}


# $1 - IPADDR, $2 - NETMASK, $3 - GATEWAY
function set_public_ip {
  echo -e "# Configuration for eth0
DEVICE=eth0
BOOTPROTO=none
# This line ensures that the interface will be brought up during boot.
ONBOOT=yes
# eth0 - This is the main IP address that will be used for most outbound connections.
# The address, netmask and gateway are all necessary.
IPADDR=${1}
NETMASK=${2}
GATEWAY=${3}" > /etc/sysconfig/network-scripts/ifcfg-eth0
}

# $1 - IPADDR, $2 - NETMASK
function set_private_ip {
  echo -e "# Configuration for eth0:1
DEVICE=eth0:1
BOOTPROTO=none
# This line ensures that the interface will be brought up during boot.
ONBOOT=yes
# eth0:1 - Private IPs have no gateway (they are not publicly routable) so all you need to
# specify is the address and netmask.
IPADDR=${1}
NETMASK=${2}" > /etc/sysconfig/network-scripts/ifcfg-eth0:1
}

# $1, $2, $3 - name servers 
function set_dns_resolver {
  echo -e "domain yoplay.io
search tunts.net
nameserver ${1}
nameserver ${2}
nameserver ${3}
options rotate" > /etc/resolv.conf
}



###########################################################
# Users and Authentication
###########################################################

function user_add_sudo {
    # Installs sudo if needed and creates a user in the sudo group.
    #
    # $1 - Required - username
    # $2 - Required - password
    # $3 - sudo_user_group

    USER_NAME="$1"
    USER_PASSWORD="$2"
    SUDO_USERGROUP="$3"

    if [ ! -n "$USER_NAME" ] || [ ! -n "$USER_PASSWORD" ]; then
        echo "No new username and/or password entered"
        return 1;
    fi

    if [ ! -n "$SUDO_USERGROUP" ]; then
        SUDO_USERGROUP="wheel"
    fi

    useradd -m -s /bin/bash -G ${SUDO_USERGROUP} ${USER_NAME}

	echo "${USER_NAME}:${USER_PASSWORD}" | chpasswd

}

function ssh_disable_root_ssh_access {
    # Disables root SSH access.
    sed -i 's/#PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
    touch /tmp/restart-sshd
}

function user_add_pubkey {
    # Adds the users public key to authorized_keys for the specified user. Make sure you wrap your input variables in double quotes, or the key may not load properly.
    #
    #
    # $1 - Required - username
    # $2 - Required - public key
    USER_NAME="$1"
    USER_PUBKEY="$2"
    
    if [ ! -n "$USER_NAME" ] || [ ! -n "$USER_PUBKEY" ]; then
        echo "Must provide a username and the location of a pubkey"
        return 1;
    fi
    
    if [ "$USER_NAME" == "root" ]; then
        mkdir /root/.ssh
        echo "$USER_PUBKEY" >> /root/.ssh/authorized_keys
        return 1;
    fi
    
    mkdir -p /home/$USER_NAME/.ssh
    echo "$USER_PUBKEY" >> /home/$USER_NAME/.ssh/authorized_keys
    chown -R "$USER_NAME":"$USER_NAME" /home/$USER_NAME/.ssh
}

function user_add_git {
    # Adds the users public key to authorized_keys for the specified git user. Make sure you wrap your input variables in double quotes, or the key may not load properly.
    #
    #
    # $1 - Required - username
    # $2 - Required - public key
    USER_NAME="$1"
    USER_PUBKEY="$2"
    
    if [ ! -n "$USER_NAME" ] ; then
        echo "Must provide a username "
        return 1;
    fi
    
    if [ "$USER_NAME" == "root" ]; then
        return 1;
    fi
	
	 if [ ! -n "$USER_PUBKEY" ] ; then
            USER_PUBKEY=`echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAplVUmVSuzpxZyEeA6PJrFBu/XpEHba03GMPxclXT+jaacHAVNsWkuflaChAgTppUM7sHVWb0gdAgEMRQTDxYl+6ePQESiTkHm3CP+WarrGF0ADD47n5rxY62QopiCuY24J0c31hDB3w2Fhun6iqgBQxVvugfA0qVZMyJ6VmFDO1FMkR5ZHNrOEMkCN2PtbZDpXtfYNtR/5SAj3Lg/cynutTLjuMPRrfhTcPpYNYDlxyp6JFzYdLyUfbyZINjJmToyxX9oFEht0d5beOdGdfeOxhx9CA9mNHCVHybNL2OLpz6ANVUowxzIwsBB+ONlLxBXCp4IgMAeU4s2ThM/ydTkw== empty@toan"`;
     fi
    
	sudo useradd -m -s /usr/bin/git-shell  -G  sshusers "$USER_NAME" 
    user_add_pubkey "$USER_NAME"  "$USER_PUBKEY"
}




###########################################################
# utility functions
###########################################################

function restart_services {
    # restarts services that have a file in /tmp/needs-restart/

    for service in $(ls /tmp/restart-* | cut -d- -f2-10); do
        systemctl restart $service
        rm -f /tmp/restart-$service
    done
}

function random_string {
    if [ ! -n "$1" ];
        then LEN=20
        else LEN="$1"
    fi

    echo $(</dev/urandom tr -dc A-Za-z0-9 | head -c $LEN) # generate a random string
}

function restart_networking {
  systemctl restart network.service
}

###########################################################
# install more
###########################################################

function install_basics {
  yum install -y -q vim-enhanced
  yum install -y -q htop
  yum install -y -q zip 
  yum install -y -q fail2ban
}

function install_ntp {
    yum install -y -q ntp
    systemctl start ntpd
    systemctl enable ntpd
}