akScript

by dontbesilly
0 deployments · 0 still active · last rev. 3 months ago

artkernel basic installation script

Compatible with: CentOS 7
						#!/bin/bash

function system_update {
    yum update -y
}

function system_set_hostname {
    # $1 - The hostname to define
    HOSTNAME="$1"
        
    if [ ! -n "$HOSTNAME" ]; then
        echo "Hostname undefined"
        return 1;
    fi
    
    echo "$HOSTNAME" > /etc/hostname
    hostname -F /etc/hostname
}

function user_add_sudo {
    # $1 - Required - username
    # $2 - Required - password
    USERNAME="$1"
	USERPASS="$2"

    if [ ! -n "$USERNAME" ] || [ ! -n "$USERPASS" ]; then
        echo "No new username and/or password entered"
        return 1;
    fi
    
	adduser $USERNAME
    echo "$USERNAME:$USERPASS" | chpasswd
	usermod -aG wheel $USERNAME
}

function user_add_pubkey {
    # $1 - Required - username
    # $2 - Required - public key
    USERNAME="$1"
    USERPUBKEY="$2"
    
    if [ ! -n "$USERNAME" ] || [ ! -n "$USERPUBKEY" ]; then
        echo "Must provide a username and the location of a pubkey"
        return 1;
    fi
    
    if [ "$USERNAME" == "root" ]; then
        mkdir /root/.ssh
        echo "$USERPUBKEY" >> /root/.ssh/authorized_keys
        return 1;
    fi
    
    mkdir -p /home/$USERNAME/.ssh
    echo "$USERPUBKEY" >> /home/$USERNAME/.ssh/authorized_keys
    chown -R "$USERNAME":"$USERNAME" /home/$USERNAME/.ssh
}

function ssh_disable_root {
    # Disables root SSH access.
    sed -i 's/#PermitRootLogin/PermitRootLogin/' /etc/ssh/sshd_config
    sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
    touch /tmp/restart-sshd
}

function ssh_disable_pass_login {
    sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
    touch /tmp/restart-sshd
}

function install_ntp_taipei {
	ln -sf /usr/share/zoneinfo/Asia/Taipei /etc/localtime
	yum install ntp -y
	echo "2.tw.pool.ntp.org" > /etc/ntp/step-tickers
	echo "3.asia.pool.ntp.org" >> /etc/ntp/step-tickers
	echo "2.asia.pool.ntp.org" >> /etc/ntp/step-tickers

	sed -i 's/server/#server/' /etc/ntp.conf
    echo "server 2.tw.pool.ntp.org" >> /etc/ntp.conf
	echo "server 3.asia.pool.ntp.org" >> /etc/ntp.conf
	echo "server 2.asia.pool.ntp.org" >> /etc/ntp.conf

	systemctl start ntpd.service
	systemctl enable ntpd.service
}

function install_docker {
    yum install docker -y
    systemctl start docker
    systemctl enable docker
}


function disable_docker_iptable {
    sed -i 's/--signature-verification=false/--signature-verification=false --iptables=false/' /etc/sysconfig/docker
}

function install_docker_memcached {
	SYS_NAME="$1"
        
    if [ ! -n "$SYS_NAME" ]; then
        echo "system is undefined"
        return 1;
    fi

	docker pull docker.io/memcached
	docker tag memcached:latest $SYS_NAME/memcached:latest
	docker run -d -P --name m1 $SYS_NAME/memcached:latest
}

function add_to_hosts {
	SOURCE_IP="$1"
	IP_ALIAS="$2"
        
    if [ ! -n "$SOURCE_IP" ] || [ ! -n "$IP_ALIAS" ]; then
        echo "must have ip and alias"
        return 1;
    fi

	echo "$SOURCE_IP $IP_ALIAS" >> /etc/host
}

function add_sys_private_ip {
	PRIVATE_IP="$1"
        
    if [ ! -n "$PRIVATE_IP" ]; then
        echo "Missing private ip"
        return 1;
    fi

	echo "IPADDR1=$PRIVATE_IP" >> /etc/sysconfig/network-scripts/ifcfg-eth0
	echo 'PREFIX1="17"' >> /etc/sysconfig/network-scripts/ifcfg-eth0
}

function add_allow_db_ip {
	ALLOW_IP="$1"
        
    if [ ! -n "$ALLOW_IP" ]; then
        echo "Missing allow ip"
        return 1;
    fi

	firewall-cmd --add-rich-rule="rule family="ipv4" source address="$ALLOW_IP" port port="3306" protocol="tcp" accept"
}

function enable_firewalld {
	systemctl start firewalld
	systemctl enable firewalld
}

function open_public_port {
	$PUBLIC_PORT=$1

    if [ ! -n "$PUBLIC_PORT" ]; then
        echo "Missing public port"
        return 1;
    fi

	firewall-cmd --add-port=$PUBLIC_PORT/tcp --permanent
}

function restartServices {
    # restarts services that have a file in /tmp/needs-restart/

    for service in $(ls /tmp/restart-* | cut -d- -f2-10); do
        systemctl restart $service.service
        rm -f /tmp/restart-$service
    done
}