http://wiki.dersllc.com/api.php?action=feedcontributions&feedformat=atom&user=Admin DER's LLC - User contributions [en] 2026-05-05T20:42:50Z User contributions MediaWiki 1.39.3 http://wiki.dersllc.com/index.php?title=SpectroCloud/VertexInstall&diff=344 SpectroCloud/VertexInstall 2024-11-26T15:41:30Z <p>Admin: /* Vertex UI */</p> <hr /> <div>=Vertex Installation Instructions=<br /> ==Vertex Installation==<br /> ===Pre Requisites===<br /> ====1. Needed Downloads====<br /> * Binaries: airgap-base-ova (ex. spectro-airgap-podman-v3.1.4.ova)<br /> * Binaries: airgap-fips (ex. airgap-vertex-v4.5.11.bin)<br /> * Binaries: airgap-fips-scar-zip (ex. scar-airgap-vertex-v4.5.11.zip)<br /> * Capi OS Image: k8s_fips (ex. u-2004-0-k-1305-fips.ova)<br /> * Airgap Binaries: kubernetes-&lt;version&gt; (ex. airgap-vertex-pack-kubernetes-1.30.5.bin)<br /> * Airgap Binaries: kubernetes-&lt;version&gt; (ex. airgap-vertex-pack-kubernetes-1.29.9.bin)<br /> <br /> ====2. vCenter Prep ====<br /> * Tag the DataCenter with k8s-region<br /> * Tag the Cluster with k8s-zone<br /> * Create a VM Folder called spectro-templates<br /> * Create a VM Folder called spectro-vms<br /> * Import the k8s_fips OVA (ex. u-2004-0-k-1305-fips.ova)<br /> ** Rename Image to &quot;r_u-2004-0-k-&lt;version&gt;-fips&quot; (ex. r_u-2004-0-k-1305-fips)<br /> ** Convert VM to Template.<br /> <br /> ====3. Harbor Prep====<br /> * Create a new Public Project (spectro-images)<br /> <br /> ====4. OVA Setup====<br /> DOCS REFERENCE: https://docs.spectrocloud.com/vertex/install-palette-vertex/install-on-vmware/airgap-install/environment-setup/vmware-vsphere-airgap-instructions/<br /> * Deploy the OVA to vCenter (airgap-base-ova).<br /> 1. Machine name: &lt;strong&gt;sc-deploy&lt;/strong&gt;<br /> 2. Folder: &lt;strong&gt;spectro-vms&lt;/strong&gt;<br /> 3. Acknowledge the certificate.<br /> 4. Storage: &lt;strong&gt;DERS-HDD&lt;/strong&gt;<br /> 5. Network: &lt;strong&gt;DERS-87&lt;/strong&gt;<br /> 6. Set SSH Public Key: &lt;strong&gt;&lt;opsman-key&gt;&lt;/strong&gt;<br /> 7. Default User Password: &lt;strong&gt;&lt;ders&gt;&lt;/strong&gt;<br /> * Copy the vertex bin to the sc-deploy vm.<br /> export SC_DEPLOY_IP=&quot;172.16.87.51&quot;<br /> scp -i ~/.ssh/opsman /nfs/Download/airgap-vertex-v4.5.11.bin ubuntu@$SC_DEPLOY_IP:/tmp/<br /> scp -i ~/.ssh/opsman /nfs/Download/airgap-vertex-pack-kubernetes-1.30.5.bin ubuntu@$SC_DEPLOY_IP:/tmp/<br /> scp -i ~/.ssh/opsman /nfs/Download/airgap-vertex-pack-kubernetes-1.29.9.bin ubuntu@$SC_DEPLOY_IP:/tmp/<br /> * SSH to the sc-deploy VM.<br /> ssh -i ~/.ssh/opsman ubuntu@$SC_DEPLOY_IP<br /> sudo --login<br /> * Run the BIN Files<br /> #################<br /> # SET VARIABLES #<br /> #################<br /> export OCI_IMAGE_REGISTRY=harbor.dersllc.com<br /> export OCI_PACK_BASE=spectro-images<br /> export OCI_PACK_REGISTRY=harbor.dersllc.com<br /> export OCI_IMAGE_BASE=spectro-images<br /> export SC_VERSION='v4.5.11'<br /> <br /> ####################<br /> # Trust DERS Certs #<br /> ####################<br /> sudo curl --insecure https://ders-gitlab.dersllc.com/ders/ders-proxy/-/raw/master/AddTrustExternalCARoot.crt &gt; /usr/local/share/ca-certificates/ders-star-ca.crt<br /> sudo curl --insecure https://ders-gitlab.dersllc.com/ders/vmware-se/-/raw/main/HomeLab/DERS-CA-CERT/ders-ca.cer &gt; /usr/local/share/ca-certificates/ders-ssca.crt<br /> sudo update-ca-certificates<br /> <br /> ###################<br /> # Log-in via ORAS #<br /> ###################<br /> oras login harbor.dersllc.com --username 'admin' --password '&lt;Password&gt;'<br /> <br /> ##################################<br /> # Setup NFS Mount (NOT REQUIRED) #<br /> ##################################<br /> apt-get -y install snapd unzip nfs-common ca-certificates<br /> echo &quot;172.16.85.15:/Download /nfs/Download nfs vers=4.0 0 0&quot; &gt;&gt; /etc/fstab<br /> mkdir -p /nfs/Download<br /> mount -a<br /> <br /> #################################<br /> # Import Containers into Harbor #<br /> #################################<br /> chmod +x /tmp/airgap-vertex-*<br /> /tmp/airgap-vertex-$SC_VERSION.bin --nodiskspace --target /nfs/Download/airgap-vertex-$SC_VERSION/<br /> # If Setting up CLI is not present in the output run the following:<br /> source /nfs/Download/airgap-vertex-$SC_VERSION/bin/functions.sh; cli_copy<br /> /tmp/airgap-vertex-pack-kubernetes-*<br /> <br /> ####################################################################<br /> # UNZIP Manifest in /var/www/html/manifests/&lt;Version&gt; on ders-plex #<br /> ####################################################################<br /> # ssh to ders-plex<br /> export SC_VERSION='v4.5.11'<br /> mkdir -p /var/www/html/manifests/${SC_VERSION}<br /> mv /nfs/Download/scar-airgap-vertex-${SC_VERSION}.zip /var/www/html/manifests/${SC_VERSION}<br /> cd /var/www/html/manifests/${SC_VERSION}<br /> unzip scar-airgap-vertex-${SC_VERSION}.zip<br /> systemctl restart httpd<br /> <br /> curl http://172.16.84.22:8710/manifests/${SC_VERSION}/roar/nickfury/versions.yaml<br /> ===Vertex Install Steps===<br /> # SSH to sc-deploy and run:<br /> palette ec install<br /> <br /> # No palette CLI config file detected. One will be created.<br /> # Management Plane Type: <br /> &lt;strong&gt; Palette VerteX &lt;/strong&gt;<br /> # Operating System: <br /> &lt;strong&gt; ubuntu &lt;/strong&gt;<br /> # Enable Ubuntu Pro (required for production)? [y/N]: &lt;strong&gt; Yes &lt;/strong&gt;<br /> # Ubuntu Pro token: &lt;strong&gt; C12HPMun5ibCKAqtW%cqBpaL66RNjd &lt;/strong&gt;<br /> # enabling experimental podman provider<br /> # No kind clusters found.<br /> # Cloud Type: <br /> &lt;strong&gt; VMware vSphere &lt;/strong&gt;<br /> ##########################################################<br /> # Spectro Cloud Artifact Repository (SCAR) Configuration # <br /> ########################################################## <br /> # SCAR location: <br /> &lt;strong&gt; http://172.16.84.22:8710/manifests/v4.5.11/ &lt;/strong&gt;<br /> # SCAR username: <br /> &lt;strong&gt; admin &lt;/strong&gt;<br /> # SCAR password: <br /> &lt;strong&gt; ******** &lt;/strong&gt;<br /> # Allow Insecure Connection (Bypass x509 Verification)? [Y/n]: <br /> &lt;strong&gt; Yes &lt;/strong&gt;<br /> ###################################<br /> # Enter Environment Configuration #<br /> ###################################<br /> # HTTPS Proxy (optional, hit enter to skip): <br /> # HTTP Proxy (optional, hit enter to skip): <br /> # Pod CIDR: 192.168.0.0/16<br /> # Service IP Range: 10.96.0.0/12<br /> # Retrieved version metadata. Using Spectro Cloud Version: 4.5.11<br /> #######################<br /> # Collecting Metadata #<br /> #######################<br /> # Kind Cluster Name: <br /> &lt;strong&gt; spectro-mgmt-cluster &lt;/strong&gt;<br /> #############################################<br /> # Enter Pack &amp; Image Registry Configuration #<br /> ############################################# <br /> # Registry Type: <br /> &lt;strong&gt; OCI &lt;/strong&gt;<br /> # Registry Name: <br /> &lt;strong&gt;harbor.dersllc.com &lt;/strong&gt;<br /> # Registry Endpoint: <br /> &lt;strong&gt;https://harbor.dersllc.com &lt;/strong&gt;<br /> # Registry Base Content Path (optional, hit enter to skip): <br /> &lt;strong&gt;spectro-images&lt;/strong&gt;<br /> # Allow Insecure Connection (Bypass x509 Verification)? [Y/n]: <br /> &lt;strong&gt;Yes&lt;/strong&gt;<br /> # Registry Username (optional, hit enter to skip): <br /> &lt;strong&gt;admin&lt;/strong&gt;<br /> # Registry Password (optional, hit enter to skip): <br /> &lt;strong&gt;*********&lt;/strong&gt;<br /> # Enter 'Y' to pull images from public registries or 'N' to specify an OCI image registry<br /> # Pull images from public registries? [Y/n]: <br /> &lt;strong&gt;No&lt;/strong&gt;<br /> # Use the same OCI Registry for packs &amp; images? [Y/n]: <br /> &lt;strong&gt;Yes&lt;/strong&gt;<br /> # Registry Base Content Path (optional, hit enter to skip): <br /> &lt;strong&gt;spectro-images&lt;/strong&gt;<br /> #####################################<br /> # Enter vSphere Account Information #<br /> #####################################<br /> # vSphere Endpoint: <br /> &lt;strong&gt;vcenter.dersllc.com&lt;/strong&gt;<br /> # vSphere Username (with domain): <br /> &lt;strong&gt;administrator@ders.lab&lt;/strong&gt;<br /> # vSphere Password: <br /> &lt;strong&gt;*********&lt;/strong&gt;<br /> # Allow Insecure Connection (Bypass x509 Verification)? [Y/n]: <br /> &lt;strong&gt;Yes&lt;/strong&gt;<br /> ##################################################<br /> # Enter vSphere Enterprise Cluster configuration #<br /> ################################################## <br /> # Datacenter: <br /> &lt;strong&gt;DERSLLC&lt;/strong&gt;<br /> # VM Folder: <br /> &lt;strong&gt;spectro-vms&lt;/strong&gt;<br /> # Image Template Folder: <br /> &lt;strong&gt;spectro-templates&lt;/strong&gt;<br /> # Cluster for Fault Domain: <br /> &lt;strong&gt;Lab&lt;/strong&gt;<br /> # Network: <br /> &lt;strong&gt;DERS-87&lt;/strong&gt;<br /> # Resource Pool: <br /> &lt;strong&gt;Default (root resource pool for cluster: Lab)&lt;/strong&gt;<br /> # Select specific Datastore or use a VM Storage Policy: <br /> &lt;strong&gt;Datastore&lt;/strong&gt;<br /> # Datastore: <br /> &lt;strong&gt;DERS-HDD&lt;/strong&gt;<br /> # Unable to add another Fault Domain as no Clusters remain in Datacenter DERSLLC<br /> # NTP servers (comma-separated domain names or IP addresses, optional) (optional, hit enter to skip): <br /> &lt;strong&gt;172.16.84.21&lt;/strong&gt;<br /> # Configure SSH public key(s)<br /> &lt;strong&gt;ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDngCrc1Na1xES5nnSBHxw1MMcwEwFL4TpwbSTq4BlcKb4WUGE4AOXr4W4RenB6OTyLkHOeLNc2ptILF3PZQG44SZ+uZMBLhx82DYbMq75F6WDSd7wnHA0cL90ncXGoLnwk+UnNEg59zmhYbrMEVM5OS3k0Ll/EXUb9PUsE+SdEoKDG+84OiwCQnQ+DWr9R79NHwLKflOvIMtoZuFwjObQ7xbsTO27FhL8wbcUDqygVqq+6r6adyZ1yEuqhXRkzUgQWv/rIzATaLTZp5r3kCGRe+EkB6AlapwE1O139ZGuY4m/FlIeXO1Ty0mmF88dI0CsbFUJcKKnO07nzSBhQevRr&lt;/strong&gt;<br /> # Specify a static IP range for assigning static IPs to cluster node(s).<br /> # The IP range must contain at least 5 IPs. <br /> # Start IP: <br /> &lt;strong&gt;172.16.85.200&lt;/strong&gt;<br /> # End IP: <br /> &lt;strong&gt;172.16.85.220&lt;/strong&gt;<br /> # Network Prefix: <br /> &lt;strong&gt;22&lt;/strong&gt;<br /> # Gateway IP Address: <br /> &lt;strong&gt;172.16.84.1&lt;/strong&gt;<br /> # Name servers (comma-separated IP addresses): <br /> &lt;strong&gt;172.16.84.10&lt;/strong&gt;<br /> # Name server search suffixes (Optional) (optional, hit enter to skip): <br /> &lt;strong&gt;dersllc.com&lt;/strong&gt;<br /> ###################################################################<br /> # Enter vSphere Machine configuration for the Enterprise Cluster #<br /> ###################################################################<br /> # Select combination: <br /> &lt;strong&gt;S: 16 CPU, 32 GB memory, 60 GB storage, 20 GB database with 4 CPU limit and 8 GB memory limit&lt;/strong&gt;<br /> # Node Affinity: Enter 'y' to schedule all Palette pods on control plane nodes? [y/N]: <br /> &lt;strong&gt;No&lt;/strong&gt;<br /> ===Vertex UI===<br /> https://vertex.dersllc.com/system<br /> <br /> ==Troubleshooting==<br /> ===spectro mgmt self link creation is still pending===<br /> Error:<br /> spectro mgmt self link creation is still pending<br /> Fix:<br /> Restart the spectrocluster Deployment<br /> ===Failed to apply cert renewal plan for first time push of certs===<br /> Error:<br /> Failed to apply cert renewal plan for first time push of certs<br /> Fix:<br /> Restart the Palette-Controller-Manager Deployment<br /> ===No Helm Charts Showing up in Profile creation===<br /> Error:<br /> Helm results empty<br /> Fix:<br /> Navigate to &quot;Tenant Settings&quot; -&gt; Platform -&gt; Platform Settings<br /> Enable &quot;Allow non-FIPS packs&quot;<br /> Enable &quot;Allow non-FIPS features&quot;<br /> <br /> <br /> * ??Download Certs<br /> curl --insecure https://ders-gitlab.dersllc.com/ders/ders-proxy/-/raw/master/STAR_dersllc_com.crt &gt; /opt/spectro/ssl/server.crt<br /> curl --insecure https://ders-gitlab.dersllc.com/ders/ders-proxy/-/raw/master/dersllc-new.key &gt; /opt/spectro/ssl/server.key</div> Admin http://wiki.dersllc.com/index.php?title=SpectroCloud/VertexInstall&diff=343 SpectroCloud/VertexInstall 2024-11-26T15:41:13Z <p>Admin: /* Vertex Install Steps */</p> <hr /> <div>=Vertex Installation Instructions=<br /> ==Vertex Installation==<br /> ===Pre Requisites===<br /> ====1. Needed Downloads====<br /> * Binaries: airgap-base-ova (ex. spectro-airgap-podman-v3.1.4.ova)<br /> * Binaries: airgap-fips (ex. airgap-vertex-v4.5.11.bin)<br /> * Binaries: airgap-fips-scar-zip (ex. scar-airgap-vertex-v4.5.11.zip)<br /> * Capi OS Image: k8s_fips (ex. u-2004-0-k-1305-fips.ova)<br /> * Airgap Binaries: kubernetes-&lt;version&gt; (ex. airgap-vertex-pack-kubernetes-1.30.5.bin)<br /> * Airgap Binaries: kubernetes-&lt;version&gt; (ex. airgap-vertex-pack-kubernetes-1.29.9.bin)<br /> <br /> ====2. vCenter Prep ====<br /> * Tag the DataCenter with k8s-region<br /> * Tag the Cluster with k8s-zone<br /> * Create a VM Folder called spectro-templates<br /> * Create a VM Folder called spectro-vms<br /> * Import the k8s_fips OVA (ex. u-2004-0-k-1305-fips.ova)<br /> ** Rename Image to &quot;r_u-2004-0-k-&lt;version&gt;-fips&quot; (ex. r_u-2004-0-k-1305-fips)<br /> ** Convert VM to Template.<br /> <br /> ====3. Harbor Prep====<br /> * Create a new Public Project (spectro-images)<br /> <br /> ====4. OVA Setup====<br /> DOCS REFERENCE: https://docs.spectrocloud.com/vertex/install-palette-vertex/install-on-vmware/airgap-install/environment-setup/vmware-vsphere-airgap-instructions/<br /> * Deploy the OVA to vCenter (airgap-base-ova).<br /> 1. Machine name: &lt;strong&gt;sc-deploy&lt;/strong&gt;<br /> 2. Folder: &lt;strong&gt;spectro-vms&lt;/strong&gt;<br /> 3. Acknowledge the certificate.<br /> 4. Storage: &lt;strong&gt;DERS-HDD&lt;/strong&gt;<br /> 5. Network: &lt;strong&gt;DERS-87&lt;/strong&gt;<br /> 6. Set SSH Public Key: &lt;strong&gt;&lt;opsman-key&gt;&lt;/strong&gt;<br /> 7. Default User Password: &lt;strong&gt;&lt;ders&gt;&lt;/strong&gt;<br /> * Copy the vertex bin to the sc-deploy vm.<br /> export SC_DEPLOY_IP=&quot;172.16.87.51&quot;<br /> scp -i ~/.ssh/opsman /nfs/Download/airgap-vertex-v4.5.11.bin ubuntu@$SC_DEPLOY_IP:/tmp/<br /> scp -i ~/.ssh/opsman /nfs/Download/airgap-vertex-pack-kubernetes-1.30.5.bin ubuntu@$SC_DEPLOY_IP:/tmp/<br /> scp -i ~/.ssh/opsman /nfs/Download/airgap-vertex-pack-kubernetes-1.29.9.bin ubuntu@$SC_DEPLOY_IP:/tmp/<br /> * SSH to the sc-deploy VM.<br /> ssh -i ~/.ssh/opsman ubuntu@$SC_DEPLOY_IP<br /> sudo --login<br /> * Run the BIN Files<br /> #################<br /> # SET VARIABLES #<br /> #################<br /> export OCI_IMAGE_REGISTRY=harbor.dersllc.com<br /> export OCI_PACK_BASE=spectro-images<br /> export OCI_PACK_REGISTRY=harbor.dersllc.com<br /> export OCI_IMAGE_BASE=spectro-images<br /> export SC_VERSION='v4.5.11'<br /> <br /> ####################<br /> # Trust DERS Certs #<br /> ####################<br /> sudo curl --insecure https://ders-gitlab.dersllc.com/ders/ders-proxy/-/raw/master/AddTrustExternalCARoot.crt &gt; /usr/local/share/ca-certificates/ders-star-ca.crt<br /> sudo curl --insecure https://ders-gitlab.dersllc.com/ders/vmware-se/-/raw/main/HomeLab/DERS-CA-CERT/ders-ca.cer &gt; /usr/local/share/ca-certificates/ders-ssca.crt<br /> sudo update-ca-certificates<br /> <br /> ###################<br /> # Log-in via ORAS #<br /> ###################<br /> oras login harbor.dersllc.com --username 'admin' --password '&lt;Password&gt;'<br /> <br /> ##################################<br /> # Setup NFS Mount (NOT REQUIRED) #<br /> ##################################<br /> apt-get -y install snapd unzip nfs-common ca-certificates<br /> echo &quot;172.16.85.15:/Download /nfs/Download nfs vers=4.0 0 0&quot; &gt;&gt; /etc/fstab<br /> mkdir -p /nfs/Download<br /> mount -a<br /> <br /> #################################<br /> # Import Containers into Harbor #<br /> #################################<br /> chmod +x /tmp/airgap-vertex-*<br /> /tmp/airgap-vertex-$SC_VERSION.bin --nodiskspace --target /nfs/Download/airgap-vertex-$SC_VERSION/<br /> # If Setting up CLI is not present in the output run the following:<br /> source /nfs/Download/airgap-vertex-$SC_VERSION/bin/functions.sh; cli_copy<br /> /tmp/airgap-vertex-pack-kubernetes-*<br /> <br /> ####################################################################<br /> # UNZIP Manifest in /var/www/html/manifests/&lt;Version&gt; on ders-plex #<br /> ####################################################################<br /> # ssh to ders-plex<br /> export SC_VERSION='v4.5.11'<br /> mkdir -p /var/www/html/manifests/${SC_VERSION}<br /> mv /nfs/Download/scar-airgap-vertex-${SC_VERSION}.zip /var/www/html/manifests/${SC_VERSION}<br /> cd /var/www/html/manifests/${SC_VERSION}<br /> unzip scar-airgap-vertex-${SC_VERSION}.zip<br /> systemctl restart httpd<br /> <br /> curl http://172.16.84.22:8710/manifests/${SC_VERSION}/roar/nickfury/versions.yaml<br /> ===Vertex Install Steps===<br /> # SSH to sc-deploy and run:<br /> palette ec install<br /> <br /> # No palette CLI config file detected. One will be created.<br /> # Management Plane Type: <br /> &lt;strong&gt; Palette VerteX &lt;/strong&gt;<br /> # Operating System: <br /> &lt;strong&gt; ubuntu &lt;/strong&gt;<br /> # Enable Ubuntu Pro (required for production)? [y/N]: &lt;strong&gt; Yes &lt;/strong&gt;<br /> # Ubuntu Pro token: &lt;strong&gt; C12HPMun5ibCKAqtW%cqBpaL66RNjd &lt;/strong&gt;<br /> # enabling experimental podman provider<br /> # No kind clusters found.<br /> # Cloud Type: <br /> &lt;strong&gt; VMware vSphere &lt;/strong&gt;<br /> ##########################################################<br /> # Spectro Cloud Artifact Repository (SCAR) Configuration # <br /> ########################################################## <br /> # SCAR location: <br /> &lt;strong&gt; http://172.16.84.22:8710/manifests/v4.5.11/ &lt;/strong&gt;<br /> # SCAR username: <br /> &lt;strong&gt; admin &lt;/strong&gt;<br /> # SCAR password: <br /> &lt;strong&gt; ******** &lt;/strong&gt;<br /> # Allow Insecure Connection (Bypass x509 Verification)? [Y/n]: <br /> &lt;strong&gt; Yes &lt;/strong&gt;<br /> ###################################<br /> # Enter Environment Configuration #<br /> ###################################<br /> # HTTPS Proxy (optional, hit enter to skip): <br /> # HTTP Proxy (optional, hit enter to skip): <br /> # Pod CIDR: 192.168.0.0/16<br /> # Service IP Range: 10.96.0.0/12<br /> # Retrieved version metadata. Using Spectro Cloud Version: 4.5.11<br /> #######################<br /> # Collecting Metadata #<br /> #######################<br /> # Kind Cluster Name: <br /> &lt;strong&gt; spectro-mgmt-cluster &lt;/strong&gt;<br /> #############################################<br /> # Enter Pack &amp; Image Registry Configuration #<br /> ############################################# <br /> # Registry Type: <br /> &lt;strong&gt; OCI &lt;/strong&gt;<br /> # Registry Name: <br /> &lt;strong&gt;harbor.dersllc.com &lt;/strong&gt;<br /> # Registry Endpoint: <br /> &lt;strong&gt;https://harbor.dersllc.com &lt;/strong&gt;<br /> # Registry Base Content Path (optional, hit enter to skip): <br /> &lt;strong&gt;spectro-images&lt;/strong&gt;<br /> # Allow Insecure Connection (Bypass x509 Verification)? [Y/n]: <br /> &lt;strong&gt;Yes&lt;/strong&gt;<br /> # Registry Username (optional, hit enter to skip): <br /> &lt;strong&gt;admin&lt;/strong&gt;<br /> # Registry Password (optional, hit enter to skip): <br /> &lt;strong&gt;*********&lt;/strong&gt;<br /> # Enter 'Y' to pull images from public registries or 'N' to specify an OCI image registry<br /> # Pull images from public registries? [Y/n]: <br /> &lt;strong&gt;No&lt;/strong&gt;<br /> # Use the same OCI Registry for packs &amp; images? [Y/n]: <br /> &lt;strong&gt;Yes&lt;/strong&gt;<br /> # Registry Base Content Path (optional, hit enter to skip): <br /> &lt;strong&gt;spectro-images&lt;/strong&gt;<br /> #####################################<br /> # Enter vSphere Account Information #<br /> #####################################<br /> # vSphere Endpoint: <br /> &lt;strong&gt;vcenter.dersllc.com&lt;/strong&gt;<br /> # vSphere Username (with domain): <br /> &lt;strong&gt;administrator@ders.lab&lt;/strong&gt;<br /> # vSphere Password: <br /> &lt;strong&gt;*********&lt;/strong&gt;<br /> # Allow Insecure Connection (Bypass x509 Verification)? [Y/n]: <br /> &lt;strong&gt;Yes&lt;/strong&gt;<br /> ##################################################<br /> # Enter vSphere Enterprise Cluster configuration #<br /> ################################################## <br /> # Datacenter: <br /> &lt;strong&gt;DERSLLC&lt;/strong&gt;<br /> # VM Folder: <br /> &lt;strong&gt;spectro-vms&lt;/strong&gt;<br /> # Image Template Folder: <br /> &lt;strong&gt;spectro-templates&lt;/strong&gt;<br /> # Cluster for Fault Domain: <br /> &lt;strong&gt;Lab&lt;/strong&gt;<br /> # Network: <br /> &lt;strong&gt;DERS-87&lt;/strong&gt;<br /> # Resource Pool: <br /> &lt;strong&gt;Default (root resource pool for cluster: Lab)&lt;/strong&gt;<br /> # Select specific Datastore or use a VM Storage Policy: <br /> &lt;strong&gt;Datastore&lt;/strong&gt;<br /> # Datastore: <br /> &lt;strong&gt;DERS-HDD&lt;/strong&gt;<br /> # Unable to add another Fault Domain as no Clusters remain in Datacenter DERSLLC<br /> # NTP servers (comma-separated domain names or IP addresses, optional) (optional, hit enter to skip): <br /> &lt;strong&gt;172.16.84.21&lt;/strong&gt;<br /> # Configure SSH public key(s)<br /> &lt;strong&gt;ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDngCrc1Na1xES5nnSBHxw1MMcwEwFL4TpwbSTq4BlcKb4WUGE4AOXr4W4RenB6OTyLkHOeLNc2ptILF3PZQG44SZ+uZMBLhx82DYbMq75F6WDSd7wnHA0cL90ncXGoLnwk+UnNEg59zmhYbrMEVM5OS3k0Ll/EXUb9PUsE+SdEoKDG+84OiwCQnQ+DWr9R79NHwLKflOvIMtoZuFwjObQ7xbsTO27FhL8wbcUDqygVqq+6r6adyZ1yEuqhXRkzUgQWv/rIzATaLTZp5r3kCGRe+EkB6AlapwE1O139ZGuY4m/FlIeXO1Ty0mmF88dI0CsbFUJcKKnO07nzSBhQevRr&lt;/strong&gt;<br /> # Specify a static IP range for assigning static IPs to cluster node(s).<br /> # The IP range must contain at least 5 IPs. <br /> # Start IP: <br /> &lt;strong&gt;172.16.85.200&lt;/strong&gt;<br /> # End IP: <br /> &lt;strong&gt;172.16.85.220&lt;/strong&gt;<br /> # Network Prefix: <br /> &lt;strong&gt;22&lt;/strong&gt;<br /> # Gateway IP Address: <br /> &lt;strong&gt;172.16.84.1&lt;/strong&gt;<br /> # Name servers (comma-separated IP addresses): <br /> &lt;strong&gt;172.16.84.10&lt;/strong&gt;<br /> # Name server search suffixes (Optional) (optional, hit enter to skip): <br /> &lt;strong&gt;dersllc.com&lt;/strong&gt;<br /> ###################################################################<br /> # Enter vSphere Machine configuration for the Enterprise Cluster #<br /> ###################################################################<br /> # Select combination: <br /> &lt;strong&gt;S: 16 CPU, 32 GB memory, 60 GB storage, 20 GB database with 4 CPU limit and 8 GB memory limit&lt;/strong&gt;<br /> # Node Affinity: Enter 'y' to schedule all Palette pods on control plane nodes? [y/N]: <br /> &lt;strong&gt;No&lt;/strong&gt;<br /> ===Vertex UI===<br /> https://vertex.dersllc.com<br /> <br /> ==Troubleshooting==<br /> ===spectro mgmt self link creation is still pending===<br /> Error:<br /> spectro mgmt self link creation is still pending<br /> Fix:<br /> Restart the spectrocluster Deployment<br /> ===Failed to apply cert renewal plan for first time push of certs===<br /> Error:<br /> Failed to apply cert renewal plan for first time push of certs<br /> Fix:<br /> Restart the Palette-Controller-Manager Deployment<br /> ===No Helm Charts Showing up in Profile creation===<br /> Error:<br /> Helm results empty<br /> Fix:<br /> Navigate to &quot;Tenant Settings&quot; -&gt; Platform -&gt; Platform Settings<br /> Enable &quot;Allow non-FIPS packs&quot;<br /> Enable &quot;Allow non-FIPS features&quot;<br /> <br /> <br /> * ??Download Certs<br /> curl --insecure https://ders-gitlab.dersllc.com/ders/ders-proxy/-/raw/master/STAR_dersllc_com.crt &gt; /opt/spectro/ssl/server.crt<br /> curl --insecure https://ders-gitlab.dersllc.com/ders/ders-proxy/-/raw/master/dersllc-new.key &gt; /opt/spectro/ssl/server.key</div> Admin http://wiki.dersllc.com/index.php?title=VMware/TKGm&diff=69 VMware/TKGm 2023-08-14T19:45:49Z <p>Admin: /* Add another workload cluster */</p> <hr /> <div>= Tanzu Kubernetes Grid (Multi-Cloud)= <br /> == Prep TKGm Install ==<br /> cd /data<br /> curl --insecure https://ders-gitlab.dersllc.com/ders/ders-proxy/-/raw/master/STAR_dersllc_com.crt &gt; /data/ders-star-chain.crt<br /> curl --insecure https://ders-gitlab.dersllc.com/ders/ders-proxy/-/raw/master/AddTrustExternalCARoot.crt &gt;&gt; /data/ders-star-chain.crt<br /> curl --insecure https://ders-gitlab.dersllc.com/ders/vmware-se/-/raw/main/HomeLab/DERS-CA-CERT/ders-ca.cer &gt; /data/ders-priv-ca.crt<br /> curl --insecure https://ders-gitlab.dersllc.com/ders/ders-proxy/-/raw/master/AddTrustExternalCARoot.crt &gt; /data/ders-ca.crt<br /> curl --insecure https://ders-gitlab.dersllc.com/ders/ders-proxy/-/raw/master/dersllc-new.key &gt; /data/ders-star.key<br /> cat ders-priv-ca.crt &gt;&gt; ders-star-chain.crt<br /> cat /data/ders-priv-ca.crt &gt;&gt; /etc/pki/tls/certs/ca-bundle.crt<br /> cp /data/ders-star-chain.crt /data/ders-star-chain.pem<br /> cat /data/ders-ca.crt &gt;&gt; /etc/pki/tls/certs/ca-bundle.crt<br /> <br /> docker login harbor.dersllc.com <br /> <br /> #arcas --load_tanzu_image_to_harbor --repo_name tanzu_210 --tkg_binaries_path /opt/vmware/arcas/tools/tanzu21.tar<br /> <br /> == Installing TKGm ==<br /> curl https://ders-gitlab.dersllc.com/ders/vmware-se/-/raw/main/HomeLab/tkgm-on-vlan-87.json &gt; /data/tkgm-on-vlan-87.json<br /> arcas --env vsphere --file /data/tkgm-on-vlan-87.json --verbose --avi_configuration<br /> arcas --env vsphere --file /data/tkgm-on-vlan-87.json --verbose --skip_precheck --tkg_mgmt_configuration --shared_service_configuration --workload_preconfig --workload_deploy --deploy_extensions<br /> <br /> == Installing Tanzu Package Applications ==<br /> <br /> tanzu package install cert-manager -n tanzu-package-repo-global -p cert-manager.tanzu.vmware.com -v 1.7.2+vmware.1-tkg.1<br /> tanzu package install contour -n tanzu-package-repo-global -p contour.tanzu.vmware.com -v 1.20.2+vmware.1-tkg.1 -f /data/contour-default-values.yaml<br /> tanzu package install prometheus -n tanzu-package-repo-global -p prometheus.tanzu.vmware.com -v 2.36.2+vmware.1-tkg.1<br /> tanzu package install grafana -n tanzu-package-repo-global -p grafana.tanzu.vmware.com -v 7.5.16+vmware.1-tkg.1<br /> <br /> == Setup Pinniped for Key Cloak Authentication ==<br /> === Setup KeyCloak ===<br /> 1. Apache Proxy Configured as SSO.DERSLLC.COM<br /> &lt;VirtualHost *:443&gt;<br /> ServerName sso.dersllc.com<br /> RequestHeader set X-Forwarded-Proto &quot;https&quot;<br /> RemoteIPHeader X-Forwarded-For<br /> ProxyPass / http://172.16.87.22:8080/<br /> ProxyPassReverse / http://172.16.87.22:8080/<br /> &lt;/VirtualHost&gt;<br /> 2. Run Container<br /> docker stop keycloak<br /> docker rm keycloak<br /> docker run -d --name keycloak -p 8080:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin quay.io/keycloak/keycloak:20.0.2 start --proxy edge --hostname-strict=false<br /> 3. Update the Admin Password<br /> 4. Create a Client Connection <br /> Open the Keycloak Admin Console<br /> Click 'Clients'<br /> Click 'Create client'<br /> Fill in the form with the following values:<br /> Client type: OpenID Connect<br /> Client ID: tkgm<br /> Name: TKGm <br /> Click 'Next'<br /> Check 'Client authentication'<br /> Check 'Authorization'<br /> Make sure 'Standard flow' is enabled<br /> Click 'Save'<br /> <br /> References:<br /> https://www.keycloak.org/getting-started/getting-started-docker<br /> <br /> == Default Pods that have CURL ==<br /> === kube-system ===<br /> 1. vsphere-csi-node - vsphere-csi-node<br /> kubectl exec -it -n kube-system vsphere-csi-node-{{highlight|4bf25}} -c vsphere-csi-node -- bash<br /> 2. vsphere-csi-controller -c vsphere-csi-controller<br /> kubectl exec -it -n kube-system vsphere-csi-controller-{{highlight|74f44b74c5-2t2zh}} -c vsphere-csi-controller -- bash<br /> <br /> == Upgrade vSphere Cluster Hardware ==<br /> <br /> Frank Escaros-Buechsel<br /> easiest would be to enable EVC on the cluster now<br /> then add the new hosts to said cluster and migrate over with vmotion<br /> depending on rack space and network layout of course<br /> this way you dont need to update any references and you still have a more or less seamless migration (edited)<br /> <br /> == Change TKGm node Resources (CPU / Memory / Datastore) ==<br /> <br /> References: <br /> https://veducate.co.uk/tkg-kubectl-scale-vertically/<br /> https://vmwire.com/2021/11/22/scaling-tkgm-control-plane-nodes-vertically/<br /> ==REFERENCES==<br /> https://docs.vmware.com/en/VMware-Tanzu-Kubernetes-Grid/1.6/vmware-tanzu-kubernetes-grid-16/GUID-mgmt-clusters-airgapped-environments.html<br /> https://docs.vmware.com/en/VMware-Tanzu-Kubernetes-Grid/1.6/vmware-tanzu-kubernetes-grid-16/GUID-mgmt-clusters-airgapped-environments.html<br /> <br /> <br /> ==Add Trusted CA to TKG Management Cluster==<br /> <br /> kubectl config use-context tanzu-mgmt-admin@tanzu-mgmt<br /> kubectl edit Kubeadmconfigtemplates -n tkg-system tanzu-mgmt-md-0-bootstrap-72bfm<br /> <br /> spec:<br /> template:<br /> spec:<br /> files:<br /> - content: |<br /> -----BEGIN CERTIFICATE-----<br /> MIIFmjCCA4KgAwIBAgIJAKVK2W1HOS0NMA0GCSqGSIb3DQEBCwUAMGsxCzAJBgNV<br /> ......<br /> l2D4kF501KKaU73yqWjgom7C12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3<br /> smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg==<br /> -----END CERTIFICATE-----<br /> owner: root:root<br /> path: /etc/ssl/certs/tkg-custom-ca.pem<br /> permissions: &quot;0644&quot;<br /> <br /> ==Add another workload cluster==<br /> cp .config/tanzu/tkg/clusterconfigs/work.yaml test.yaml<br /> <br /> # Change the name of the cluster throughout the file. <br /> vi test.yaml<br /> <br /> tanzu cluster create work-1 -f test.yaml<br /> tanzu cluster kubeconfig get --admin work-1</div> Admin http://wiki.dersllc.com/index.php?title=VMware/TKGm&diff=68 VMware/TKGm 2023-08-14T19:44:34Z <p>Admin: /* Add Trusted CA to TKG Management Cluster */</p> <hr /> <div>= Tanzu Kubernetes Grid (Multi-Cloud)= <br /> == Prep TKGm Install ==<br /> cd /data<br /> curl --insecure https://ders-gitlab.dersllc.com/ders/ders-proxy/-/raw/master/STAR_dersllc_com.crt &gt; /data/ders-star-chain.crt<br /> curl --insecure https://ders-gitlab.dersllc.com/ders/ders-proxy/-/raw/master/AddTrustExternalCARoot.crt &gt;&gt; /data/ders-star-chain.crt<br /> curl --insecure https://ders-gitlab.dersllc.com/ders/vmware-se/-/raw/main/HomeLab/DERS-CA-CERT/ders-ca.cer &gt; /data/ders-priv-ca.crt<br /> curl --insecure https://ders-gitlab.dersllc.com/ders/ders-proxy/-/raw/master/AddTrustExternalCARoot.crt &gt; /data/ders-ca.crt<br /> curl --insecure https://ders-gitlab.dersllc.com/ders/ders-proxy/-/raw/master/dersllc-new.key &gt; /data/ders-star.key<br /> cat ders-priv-ca.crt &gt;&gt; ders-star-chain.crt<br /> cat /data/ders-priv-ca.crt &gt;&gt; /etc/pki/tls/certs/ca-bundle.crt<br /> cp /data/ders-star-chain.crt /data/ders-star-chain.pem<br /> cat /data/ders-ca.crt &gt;&gt; /etc/pki/tls/certs/ca-bundle.crt<br /> <br /> docker login harbor.dersllc.com <br /> <br /> #arcas --load_tanzu_image_to_harbor --repo_name tanzu_210 --tkg_binaries_path /opt/vmware/arcas/tools/tanzu21.tar<br /> <br /> == Installing TKGm ==<br /> curl https://ders-gitlab.dersllc.com/ders/vmware-se/-/raw/main/HomeLab/tkgm-on-vlan-87.json &gt; /data/tkgm-on-vlan-87.json<br /> arcas --env vsphere --file /data/tkgm-on-vlan-87.json --verbose --avi_configuration<br /> arcas --env vsphere --file /data/tkgm-on-vlan-87.json --verbose --skip_precheck --tkg_mgmt_configuration --shared_service_configuration --workload_preconfig --workload_deploy --deploy_extensions<br /> <br /> == Installing Tanzu Package Applications ==<br /> <br /> tanzu package install cert-manager -n tanzu-package-repo-global -p cert-manager.tanzu.vmware.com -v 1.7.2+vmware.1-tkg.1<br /> tanzu package install contour -n tanzu-package-repo-global -p contour.tanzu.vmware.com -v 1.20.2+vmware.1-tkg.1 -f /data/contour-default-values.yaml<br /> tanzu package install prometheus -n tanzu-package-repo-global -p prometheus.tanzu.vmware.com -v 2.36.2+vmware.1-tkg.1<br /> tanzu package install grafana -n tanzu-package-repo-global -p grafana.tanzu.vmware.com -v 7.5.16+vmware.1-tkg.1<br /> <br /> == Setup Pinniped for Key Cloak Authentication ==<br /> === Setup KeyCloak ===<br /> 1. Apache Proxy Configured as SSO.DERSLLC.COM<br /> &lt;VirtualHost *:443&gt;<br /> ServerName sso.dersllc.com<br /> RequestHeader set X-Forwarded-Proto &quot;https&quot;<br /> RemoteIPHeader X-Forwarded-For<br /> ProxyPass / http://172.16.87.22:8080/<br /> ProxyPassReverse / http://172.16.87.22:8080/<br /> &lt;/VirtualHost&gt;<br /> 2. Run Container<br /> docker stop keycloak<br /> docker rm keycloak<br /> docker run -d --name keycloak -p 8080:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin quay.io/keycloak/keycloak:20.0.2 start --proxy edge --hostname-strict=false<br /> 3. Update the Admin Password<br /> 4. Create a Client Connection <br /> Open the Keycloak Admin Console<br /> Click 'Clients'<br /> Click 'Create client'<br /> Fill in the form with the following values:<br /> Client type: OpenID Connect<br /> Client ID: tkgm<br /> Name: TKGm <br /> Click 'Next'<br /> Check 'Client authentication'<br /> Check 'Authorization'<br /> Make sure 'Standard flow' is enabled<br /> Click 'Save'<br /> <br /> References:<br /> https://www.keycloak.org/getting-started/getting-started-docker<br /> <br /> == Default Pods that have CURL ==<br /> === kube-system ===<br /> 1. vsphere-csi-node - vsphere-csi-node<br /> kubectl exec -it -n kube-system vsphere-csi-node-{{highlight|4bf25}} -c vsphere-csi-node -- bash<br /> 2. vsphere-csi-controller -c vsphere-csi-controller<br /> kubectl exec -it -n kube-system vsphere-csi-controller-{{highlight|74f44b74c5-2t2zh}} -c vsphere-csi-controller -- bash<br /> <br /> == Upgrade vSphere Cluster Hardware ==<br /> <br /> Frank Escaros-Buechsel<br /> easiest would be to enable EVC on the cluster now<br /> then add the new hosts to said cluster and migrate over with vmotion<br /> depending on rack space and network layout of course<br /> this way you dont need to update any references and you still have a more or less seamless migration (edited)<br /> <br /> == Change TKGm node Resources (CPU / Memory / Datastore) ==<br /> <br /> References: <br /> https://veducate.co.uk/tkg-kubectl-scale-vertically/<br /> https://vmwire.com/2021/11/22/scaling-tkgm-control-plane-nodes-vertically/<br /> ==REFERENCES==<br /> https://docs.vmware.com/en/VMware-Tanzu-Kubernetes-Grid/1.6/vmware-tanzu-kubernetes-grid-16/GUID-mgmt-clusters-airgapped-environments.html<br /> https://docs.vmware.com/en/VMware-Tanzu-Kubernetes-Grid/1.6/vmware-tanzu-kubernetes-grid-16/GUID-mgmt-clusters-airgapped-environments.html<br /> <br /> <br /> ==Add Trusted CA to TKG Management Cluster==<br /> <br /> kubectl config use-context tanzu-mgmt-admin@tanzu-mgmt<br /> kubectl edit Kubeadmconfigtemplates -n tkg-system tanzu-mgmt-md-0-bootstrap-72bfm<br /> <br /> spec:<br /> template:<br /> spec:<br /> files:<br /> - content: |<br /> -----BEGIN CERTIFICATE-----<br /> MIIFmjCCA4KgAwIBAgIJAKVK2W1HOS0NMA0GCSqGSIb3DQEBCwUAMGsxCzAJBgNV<br /> ......<br /> l2D4kF501KKaU73yqWjgom7C12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3<br /> smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg==<br /> -----END CERTIFICATE-----<br /> owner: root:root<br /> path: /etc/ssl/certs/tkg-custom-ca.pem<br /> permissions: &quot;0644&quot;<br /> <br /> ==Add another workload cluster==<br /> <br /> cp .config/tanzu/tkg/clusterconfigs/work.yaml test.yaml<br /> vi test.yaml<br /> tanzu cluster create work-1 -f test.yaml<br /> tanzu cluster kubeconfig get --admin work-1</div> Admin http://wiki.dersllc.com/index.php?title=VMware/TMConEKS&diff=67 VMware/TMConEKS 2023-07-21T19:40:30Z <p>Admin: /* Install TMC */</p> <hr /> <div>= TMC on EKS Setup =<br /> <br /> == Create Harbor on AWS==<br /> === SSH to Harbor-AWS EC2 Instance ===<br /> #On Plex<br /> ssh -i ~/.ssh/aws-keypair.pem ec2-user@ec2-54-91-52-46.compute-1.amazonaws.com<br /> <br /> === Install Harbor-AWS ===<br /> #THIS IS JUST PULLING IN MY STAR CERT and KEY FOR DERSLLC<br /> mkdir /data<br /> cd /data<br /> curl https://ders-gitlab.dersllc.com/ders/ders-proxy/-/raw/master/STAR_dersllc_com.crt &gt; /data/ders-star-chain.crt<br /> curl https://ders-gitlab.dersllc.com/ders/ders-proxy/-/raw/master/AddTrustExternalCARoot.crt &gt;&gt; /data/ders-star-chain.crt<br /> cp /data/ders-star-chain.crt /data/ders-star-chain.pem<br /> curl https://ders-gitlab.dersllc.com/ders/ders-proxy/-/raw/master/AddTrustExternalCARoot.crt &gt; /data/ders-ca.crt<br /> cat /data/ders-ca.crt &gt;&gt; /etc/pki/tls/certs/ca-bundle.crt<br /> curl https://ders-gitlab.dersllc.com/ders/ders-proxy/-/raw/master/dersllc-new.key &gt; /data/ders-star.key<br /> <br /> yum -y install docker<br /> service docker start<br /> systemctl enable docker<br /> <br /> wget https://github.com/docker/compose/releases/download/v2.18.1/docker-compose-linux-x86_64 -O /usr/local/bin/docker-compose<br /> chmod +x /usr/local/bin/docker-compose<br /> wget https://github.com/goharbor/harbor/releases/download/v2.8.1/harbor-offline-installer-v2.8.1.tgz<br /> tar -zxvf harbor-offline-installer-v2.8.1.tgz<br /> cd harbor<br /> cp harbor.yml.tmpl harbor.yml<br /> vi harbor.yml<br /> # add Hostname and certs and location<br /> #### harbor-aws.dersllc.com<br /> #### /data/ders-star-chain.crt<br /> #### /data/ders-star.key<br /> #### /data/harbor-data<br /> <br /> ./install.sh --with-trivy --with-notary<br /> <br /> == Load Harbor with Images ==<br /> # On a Jumpbox...<br /> docker login harbor-aws.dersllc.com<br /> #################################<br /> # Set Install Variables #<br /> #################################<br /> export IMGPKG_REGISTRY_HOSTNAME_0=&quot;harbor-aws.dersllc.com&quot;<br /> export IMGPKG_REGISTRY_USERNAME_0=&quot;admin&quot;<br /> export IMGPKG_REGISTRY_PASSWORD_0=&lt;PASSWORD&gt;<br /> export PRIVATE_IMAGE_REGISTRY_CA_PATH=&quot;/data/ders-ca.crt&quot;<br /> export PRIVATE_IMAGE_REGISTRY=&quot;harbor-aws.dersllc.com&quot;<br /> export TKG_IMAGE_REGISTRY=&quot;projects.registry.vmware.com/tkg&quot;<br /> export TKG_REPO_VERSION=&quot;v2.2.0_update.1&quot;<br /> export TMC_HARBOR_PROJECT=&quot;tmc-sm-1.0.0&quot;<br /> export TMC_BUNDLE=&quot;tmc-self-managed-1.0.0&quot;<br /> #########################<br /> # Prep TMC Bits #<br /> #########################<br /> mkdir tmc<br /> tar -xf $TMC_BUNDLE.tar -C tmc<br /> chmod +x /usr/local/bin/tmc<br /> tmc/tmc-sm push-images harbor --project $IMGPKG_REGISTRY_HOSTNAME_0/$TMC_HARBOR_PROJECT --username $IMGPKG_REGISTRY_USERNAME_0 --password $IMGPKG_REGISTRY_PASSWORD_0<br /> ############################################################<br /> # Upload Tanzu Standard Packages for TMC into Reop #<br /> ############################################################<br /> imgpkg copy --registry-ca-cert-path $PRIVATE_IMAGE_REGISTRY_CA_PATH \<br /> -b $TKG_IMAGE_REGISTRY/packages/standard/repo:$TKG_REPO_VERSION \<br /> --to-repo $PRIVATE_IMAGE_REGISTRY/$TMC_HARBOR_PROJECT/498533941640.dkr.ecr.us-west-2.amazonaws.com/packages/standard/repo<br /> <br /> == Setup EKS Cluster ==<br /> #########################<br /> # AWS AUTH INFO #<br /> #########################<br /> export AWS_ACCESS_KEY_ID=&lt;AWS_ACCESS_KEY_ID&gt;<br /> export AWS_SECRET_ACCESS_KEY=&lt;AWS_SECRET_ACCESS_KEY&gt;<br /> export AWS_SESSION_TOKEN=&lt;AWS_SESSION_TOKEN&gt;<br /> <br /> ##########################<br /> # INSTALL AWSCLI #<br /> ##########################<br /> curl &quot;https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip&quot; -o &quot;awscliv2.zip&quot;<br /> unzip awscliv2.zip<br /> sudo ./aws/install<br /> aws --version<br /> <br /> ##########################<br /> # Install EKSCLI #<br /> ##########################<br /> curl --silent --location &quot;https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz&quot; | tar xz -C /tmp<br /> sudo mv /tmp/eksctl /usr/local/bin<br /> <br /> export eks_region=us-east-2<br /> export eks_cluster_name=ders-tmc-sm<br /> export eks_nodegroup_size=m5.xlarge<br /> <br /> eksctl create cluster --name $eks_cluster_name -r $eks_region -t $eks_nodegroup_size --nodes 3 --nodes-min 3 --nodes-max 11<br /> #Wait for Status Complete....... <br /> <br /> #Get Kubeconfig for EKS if needed<br /> #aws eks update-kubeconfig --region $eks_region --name $eks_cluster_name<br /> <br /> #Add another Node group if needed<br /> #export eks_nodegroup_name=ders-tmc-nodes<br /> #eksctl create nodegroup -c $eks_cluster_name -r $eks_region -n $eks_nodegroup_name -t $eks_nodegroup_size --nodes 3 --nodes-min 3 --nodes-max 11<br /> <br /> == Prepare EKS for TMC Deploy ==<br /> # Prep the EBS CSI<br /> eksctl utils associate-iam-oidc-provider \<br /> --region=$eks_region \<br /> --cluster=$eks_cluster_name \<br /> --approve<br /> <br /> eksctl create iamserviceaccount \<br /> --name ebs-csi-controller-sa \<br /> --namespace kube-system \<br /> --cluster $eks_cluster_name \<br /> --attach-policy-arn arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy \<br /> --approve \<br /> --role-only \<br /> --region=$eks_region \<br /> --role-name AmazonEKS_EBS_CSI_DriverRole<br /> <br /> eksctl create addon --name aws-ebs-csi-driver \<br /> --cluster $eks_cluster_name \<br /> --service-account-role-arn arn:aws:iam::$(aws sts get-caller-identity --query Account --output text):role/AmazonEKS_EBS_CSI_DriverRole \<br /> --region=$eks_region \<br /> --force<br /> <br /> == Create CA Cert for Cert-Manager ==<br /> ################################################<br /> # Create Config for CA SSL Certificate #<br /> ################################################<br /> mkdir -p /tmp/ssl<br /> cd /tmp/ssl<br /> cat &lt;&lt;EOF &gt; ca.cnf<br /> [ req ]<br /> default_bits = 2048<br /> default_md = sha256<br /> prompt = no<br /> encrypt_key = no<br /> distinguished_name = dn<br /> [ dn ]<br /> countryName = US<br /> stateOrProvinceName = Ohio<br /> localityName = Beavercreek<br /> organizationName = DER's LLC<br /> organizationalUnitName = IT<br /> commonName = ca.dersllc.com<br /> [ext]<br /> keyUsage=critical,keyCertSign,cRLSign<br /> basicConstraints=critical,CA:true,pathlen:1<br /> subjectAltName=DNS:ca.dersllc.com <br /> EOF<br /> <br /> ###############################################################<br /> # Create a Self-Signed CA Cert Using the Config Above #<br /> ###############################################################<br /> openssl req -x509 -nodes -newkey rsa:4096 -sha256 -days 3650 -nodes -keyout ders-ca.key -out ders-ca.cer -extensions ext -config ca.cnf<br /> <br /> ########################################################################################<br /> # Get Base64 encoded PEM and KEY for the K8S Issuer YAML Used in the Next Step #<br /> ########################################################################################<br /> cat ders-ca.cer | base64 -w0<br /> cat ders-ca.key | base64 -w0<br /> <br /> == Install TMC ==<br /> ################################################<br /> # Setup TMC Namespace and Cert-Manager #<br /> ################################################<br /> kubectl create ns tmc-local<br /> # Deploy Cert-Manager into EKS Cluster<br /> kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.12.0/cert-manager.yaml<br /> sleep 60<br /> # Add ders-ca issuer (this is referenced in the tmc-eks-values.yaml)<br /> kubectl apply -f https://ders-gitlab.dersllc.com/ders/vmware-se/-/raw/main/HomeLab/TMC%20on%20TKGm/tmc-issuer.yaml <br /> <br /> ################################################################<br /> # Setup Harbor Credentials For The tmc-local Namespace #<br /> ################################################################<br /> kubectl create secret generic regcred --from-file=.dockerconfigjson=/root/.docker/config.json --type=kubernetes.io/dockerconfigjson -n tmc-local<br /> kubectl patch serviceaccount default -p &quot;{\&quot;imagePullSecrets\&quot;: [{\&quot;name\&quot;: \&quot;regcred\&quot;}]}&quot; -n tmc-local<br /> <br /> ##################################<br /> # Create TMC Values File #<br /> ##################################<br /> #tmc/tmc-sm generate-values-schema --output-file tmc-eks-values.yaml #(Depending on the version or TMC you will use this or the next command.)<br /> #tmc/tmc-sm show-values-schema --output-filet tmc-eks-values.yaml<br /> <br /> #############################################<br /> # Pull TMC Values File and Validate #<br /> #############################################<br /> curl https://ders-gitlab.dersllc.com/ders/vmware-se/-/raw/main/HomeLab/TMC/tmc-eks-values.yaml &gt; tmc-eks-values.yaml<br /> tmc/tmc-sm validate-values tmc-values.yaml<br /> <br /> ############################################<br /> # Finally Install TMC Self-Managed #<br /> ############################################<br /> tmc/tmc-sm deploy --image-prefix $PRIVATE_IMAGE_REGISTRY/$TMC_HARBOR_PROJECT --kubeconfig ~/.kube/config --values=tmc-eks-values.yaml<br /> <br /> ###############################################################<br /> # During Install get the LB IP/Name and add it to DNS #<br /> ###############################################################<br /> kubectl get service -n tmc-local contour-envoy -o jsonpath='{.status.loadBalancer.ingress[0].hostname}'<br /> <br /> == Uninstall TMC ==<br /> tmc/tmc-local uninstall --kubeconfig ~/.kube/config<br /> <br /> == Setup Inspection Images ==<br /> Run the below command to create the download script.<br /> cat &gt; ./inspection-images.sh &lt;&lt; &quot;EOF&quot;<br /> #!/bin/bash<br /> <br /> # https://github.com/vmware-tanzu/sonobuoy/releases<br /> VERSION=${1:-&quot;v0.56.16&quot;}<br /> LATEST_RELEASE=${2:-&quot;sonobuoy_0.56.16_linux_amd64.tar.gz&quot;}<br /> CUSTOM_REGISTRY=${3:-&quot;harbor-aws.dersllc.com/tmc-1.0.0-beta.2-rc.3&quot;}<br /> DOCKER_PROXY=${4:-&quot;harbor.tanzu.io:8443/dockerhub-proxy-cache&quot;} # optional argument<br /> CUSTOM_TMC_REPO=&quot;${CUSTOM_REGISTRY}/498533941640.dkr.ecr.us-west-2.amazonaws.com&quot;<br /> <br /> # https://kubernetes.io/releases/patch-releases/<br /> k8s_versions=(v1.23.8 v1.24.10)<br /> <br /> wget &quot;https://github.com/vmware-tanzu/sonobuoy/releases/download/${VERSION}/${LATEST_RELEASE}&quot;<br /> tar -xvf ${LATEST_RELEASE}<br /> <br /> for i in &quot;${k8s_versions[@]}&quot;<br /> do<br /> echo &quot;================CHECKING K8S: $i=======================&quot;<br /> ./sonobuoy images list --kubernetes-version $i &gt; images_$i.txt<br /> <br /> while read image<br /> do<br /> echo &quot;================CHECKING IMAGE: $image==================&quot;<br /> base=$(basename &quot;$image&quot;)<br /> output=${image#*/*}<br /> <br /> if [[ $image == *&quot;docker&quot;* &amp;&amp; -n $DOCKER_PROXY ]];<br /> then<br /> docker pull $DOCKER_PROXY/$output<br /> docker tag $DOCKER_PROXY/$output ${CUSTOM_TMC_REPO}/extensions/inspection-images/$base<br /> else<br /> docker pull $image<br /> docker tag $image ${CUSTOM_TMC_REPO}/extensions/inspection-images/$base<br /> fi<br /> <br /> docker push ${CUSTOM_TMC_REPO}/extensions/inspection-images/$base<br /> echo &quot;===================PUSHING: ${CUSTOM_TMC_REPO}/extensions/inspection-images/$base ===========&quot;<br /> done &lt; images_$i.txt<br /> done<br /> <br /> # not part of sonobuoy image list, install manually, update these as images are found<br /> docker pull k8s.gcr.io/e2e-test-images/agnhost:2.31<br /> docker pull k8s.gcr.io/pause:3.9<br /> docker tag k8s.gcr.io/e2e-test-images/agnhost:2.31 ${CUSTOM_TMC_REPO}/extensions/inspection-images/agnhost:2.31<br /> docker tag k8s.gcr.io/pause:3.9 ${CUSTOM_TMC_REPO}/extensions/inspection-images/pause:3.9<br /> docker push ${CUSTOM_TMC_REPO}/extensions/inspection-images/agnhost:2.31<br /> docker push ${CUSTOM_TMC_REPO}/extensions/inspection-images/pause:3.9<br /> <br /> # clean up text files and sonobuoy tar<br /> rm images_*<br /> rm sonobuoy_*<br /> EOF<br /> Edit the file and set the Variables at the top. (VERSION, LATEST_RELEASE, CUSTOM_REGISTRY, and k8s_versions)<br /> vi inspection-images.sh<br /> Save the file and change the permissions<br /> chmod +x inspection-images.sh<br /> Run the Script<br /> ./inspection-images.sh</div> Admin http://wiki.dersllc.com/index.php?title=VMware/TMConEKS&diff=66 VMware/TMConEKS 2023-07-21T18:47:25Z <p>Admin: /* Setup EKS Cluster */</p> <hr /> <div>= TMC on EKS Setup =<br /> <br /> == Create Harbor on AWS==<br /> === SSH to Harbor-AWS EC2 Instance ===<br /> #On Plex<br /> ssh -i ~/.ssh/aws-keypair.pem ec2-user@ec2-54-91-52-46.compute-1.amazonaws.com<br /> <br /> === Install Harbor-AWS ===<br /> #THIS IS JUST PULLING IN MY STAR CERT and KEY FOR DERSLLC<br /> mkdir /data<br /> cd /data<br /> curl https://ders-gitlab.dersllc.com/ders/ders-proxy/-/raw/master/STAR_dersllc_com.crt &gt; /data/ders-star-chain.crt<br /> curl https://ders-gitlab.dersllc.com/ders/ders-proxy/-/raw/master/AddTrustExternalCARoot.crt &gt;&gt; /data/ders-star-chain.crt<br /> cp /data/ders-star-chain.crt /data/ders-star-chain.pem<br /> curl https://ders-gitlab.dersllc.com/ders/ders-proxy/-/raw/master/AddTrustExternalCARoot.crt &gt; /data/ders-ca.crt<br /> cat /data/ders-ca.crt &gt;&gt; /etc/pki/tls/certs/ca-bundle.crt<br /> curl https://ders-gitlab.dersllc.com/ders/ders-proxy/-/raw/master/dersllc-new.key &gt; /data/ders-star.key<br /> <br /> yum -y install docker<br /> service docker start<br /> systemctl enable docker<br /> <br /> wget https://github.com/docker/compose/releases/download/v2.18.1/docker-compose-linux-x86_64 -O /usr/local/bin/docker-compose<br /> chmod +x /usr/local/bin/docker-compose<br /> wget https://github.com/goharbor/harbor/releases/download/v2.8.1/harbor-offline-installer-v2.8.1.tgz<br /> tar -zxvf harbor-offline-installer-v2.8.1.tgz<br /> cd harbor<br /> cp harbor.yml.tmpl harbor.yml<br /> vi harbor.yml<br /> # add Hostname and certs and location<br /> #### harbor-aws.dersllc.com<br /> #### /data/ders-star-chain.crt<br /> #### /data/ders-star.key<br /> #### /data/harbor-data<br /> <br /> ./install.sh --with-trivy --with-notary<br /> <br /> == Load Harbor with Images ==<br /> # On a Jumpbox...<br /> docker login harbor-aws.dersllc.com<br /> #################################<br /> # Set Install Variables #<br /> #################################<br /> export IMGPKG_REGISTRY_HOSTNAME_0=&quot;harbor-aws.dersllc.com&quot;<br /> export IMGPKG_REGISTRY_USERNAME_0=&quot;admin&quot;<br /> export IMGPKG_REGISTRY_PASSWORD_0=&lt;PASSWORD&gt;<br /> export PRIVATE_IMAGE_REGISTRY_CA_PATH=&quot;/data/ders-ca.crt&quot;<br /> export PRIVATE_IMAGE_REGISTRY=&quot;harbor-aws.dersllc.com&quot;<br /> export TKG_IMAGE_REGISTRY=&quot;projects.registry.vmware.com/tkg&quot;<br /> export TKG_REPO_VERSION=&quot;v2.2.0_update.1&quot;<br /> export TMC_HARBOR_PROJECT=&quot;tmc-sm-1.0.0&quot;<br /> export TMC_BUNDLE=&quot;tmc-self-managed-1.0.0&quot;<br /> #########################<br /> # Prep TMC Bits #<br /> #########################<br /> mkdir tmc<br /> tar -xf $TMC_BUNDLE.tar -C tmc<br /> chmod +x /usr/local/bin/tmc<br /> tmc/tmc-sm push-images harbor --project $IMGPKG_REGISTRY_HOSTNAME_0/$TMC_HARBOR_PROJECT --username $IMGPKG_REGISTRY_USERNAME_0 --password $IMGPKG_REGISTRY_PASSWORD_0<br /> ############################################################<br /> # Upload Tanzu Standard Packages for TMC into Reop #<br /> ############################################################<br /> imgpkg copy --registry-ca-cert-path $PRIVATE_IMAGE_REGISTRY_CA_PATH \<br /> -b $TKG_IMAGE_REGISTRY/packages/standard/repo:$TKG_REPO_VERSION \<br /> --to-repo $PRIVATE_IMAGE_REGISTRY/$TMC_HARBOR_PROJECT/498533941640.dkr.ecr.us-west-2.amazonaws.com/packages/standard/repo<br /> <br /> == Setup EKS Cluster ==<br /> #########################<br /> # AWS AUTH INFO #<br /> #########################<br /> export AWS_ACCESS_KEY_ID=&lt;AWS_ACCESS_KEY_ID&gt;<br /> export AWS_SECRET_ACCESS_KEY=&lt;AWS_SECRET_ACCESS_KEY&gt;<br /> export AWS_SESSION_TOKEN=&lt;AWS_SESSION_TOKEN&gt;<br /> <br /> ##########################<br /> # INSTALL AWSCLI #<br /> ##########################<br /> curl &quot;https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip&quot; -o &quot;awscliv2.zip&quot;<br /> unzip awscliv2.zip<br /> sudo ./aws/install<br /> aws --version<br /> <br /> ##########################<br /> # Install EKSCLI #<br /> ##########################<br /> curl --silent --location &quot;https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz&quot; | tar xz -C /tmp<br /> sudo mv /tmp/eksctl /usr/local/bin<br /> <br /> export eks_region=us-east-2<br /> export eks_cluster_name=ders-tmc-sm<br /> export eks_nodegroup_size=m5.xlarge<br /> <br /> eksctl create cluster --name $eks_cluster_name -r $eks_region -t $eks_nodegroup_size --nodes 3 --nodes-min 3 --nodes-max 11<br /> #Wait for Status Complete....... <br /> <br /> #Get Kubeconfig for EKS if needed<br /> #aws eks update-kubeconfig --region $eks_region --name $eks_cluster_name<br /> <br /> #Add another Node group if needed<br /> #export eks_nodegroup_name=ders-tmc-nodes<br /> #eksctl create nodegroup -c $eks_cluster_name -r $eks_region -n $eks_nodegroup_name -t $eks_nodegroup_size --nodes 3 --nodes-min 3 --nodes-max 11<br /> <br /> == Prepare EKS for TMC Deploy ==<br /> # Prep the EBS CSI<br /> eksctl utils associate-iam-oidc-provider \<br /> --region=$eks_region \<br /> --cluster=$eks_cluster_name \<br /> --approve<br /> <br /> eksctl create iamserviceaccount \<br /> --name ebs-csi-controller-sa \<br /> --namespace kube-system \<br /> --cluster $eks_cluster_name \<br /> --attach-policy-arn arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy \<br /> --approve \<br /> --role-only \<br /> --region=$eks_region \<br /> --role-name AmazonEKS_EBS_CSI_DriverRole<br /> <br /> eksctl create addon --name aws-ebs-csi-driver \<br /> --cluster $eks_cluster_name \<br /> --service-account-role-arn arn:aws:iam::$(aws sts get-caller-identity --query Account --output text):role/AmazonEKS_EBS_CSI_DriverRole \<br /> --region=$eks_region \<br /> --force<br /> <br /> == Create CA Cert for Cert-Manager ==<br /> ################################################<br /> # Create Config for CA SSL Certificate #<br /> ################################################<br /> mkdir -p /tmp/ssl<br /> cd /tmp/ssl<br /> cat &lt;&lt;EOF &gt; ca.cnf<br /> [ req ]<br /> default_bits = 2048<br /> default_md = sha256<br /> prompt = no<br /> encrypt_key = no<br /> distinguished_name = dn<br /> [ dn ]<br /> countryName = US<br /> stateOrProvinceName = Ohio<br /> localityName = Beavercreek<br /> organizationName = DER's LLC<br /> organizationalUnitName = IT<br /> commonName = ca.dersllc.com<br /> [ext]<br /> keyUsage=critical,keyCertSign,cRLSign<br /> basicConstraints=critical,CA:true,pathlen:1<br /> subjectAltName=DNS:ca.dersllc.com <br /> EOF<br /> <br /> ###############################################################<br /> # Create a Self-Signed CA Cert Using the Config Above #<br /> ###############################################################<br /> openssl req -x509 -nodes -newkey rsa:4096 -sha256 -days 3650 -nodes -keyout ders-ca.key -out ders-ca.cer -extensions ext -config ca.cnf<br /> <br /> ########################################################################################<br /> # Get Base64 encoded PEM and KEY for the K8S Issuer YAML Used in the Next Step #<br /> ########################################################################################<br /> cat ders-ca.cer | base64 -w0<br /> cat ders-ca.key | base64 -w0<br /> <br /> == Install TMC ==<br /> ################################################<br /> # Setup TMC Namespace and Cert-Manager #<br /> ################################################<br /> kubectl create ns tmc-local<br /> # Deploy Cert-Manager into EKS Cluster<br /> kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.12.0/cert-manager.yaml<br /> sleep 60<br /> # Add ders-ca issuer (this is referenced in the tmc-eks-values.yaml)<br /> kubectl apply -f https://ders-gitlab.dersllc.com/ders/vmware-se/-/raw/main/HomeLab/TMC%20on%20TKGm/tmc-issuer.yaml <br /> <br /> ################################################################<br /> # Setup Harbor Credentials For The tmc-local Namespace #<br /> ################################################################<br /> kubectl create secret generic regcred --from-file=.dockerconfigjson=/root/.docker/config.json --type=kubernetes.io/dockerconfigjson -n tmc-local<br /> kubectl patch serviceaccount default -p &quot;{\&quot;imagePullSecrets\&quot;: [{\&quot;name\&quot;: \&quot;regcred\&quot;}]}&quot; -n tmc-local<br /> <br /> ##################################<br /> # Create TMC Values File #<br /> ##################################<br /> #tmc/tmc-local generate-values-schema --output-file tmc-eks-values.yaml #(Depending on the version or TMC you will use this or the next command.)<br /> #tmc/tmc-local show-values-schema --output-filet tmc-eks-values.yaml<br /> <br /> #############################################<br /> # Pull TMC Values File and Validate #<br /> #############################################<br /> curl https://ders-gitlab.dersllc.com/ders/vmware-se/-/raw/main/HomeLab/TMC/tmc-eks-values.yaml &gt; tmc-eks-values.yaml<br /> tmc/tmc-local validate-values tmc-values.yaml<br /> <br /> ############################################<br /> # Finally Install TMC Self-Managed #<br /> ############################################<br /> tmc/tmc-local deploy --image-prefix $PRIVATE_IMAGE_REGISTRY/$TMC_HARBOR_PROJECT --kubeconfig ~/.kube/config --values=tmc-eks-values.yaml<br /> <br /> ###############################################################<br /> # During Install get the LB IP/Name and add it to DNS #<br /> ###############################################################<br /> kubectl get service -n tmc-local contour-envoy -o jsonpath='{.status.loadBalancer.ingress[0].hostname}'<br /> <br /> == Uninstall TMC ==<br /> tmc/tmc-local uninstall --kubeconfig ~/.kube/config<br /> <br /> == Setup Inspection Images ==<br /> Run the below command to create the download script.<br /> cat &gt; ./inspection-images.sh &lt;&lt; &quot;EOF&quot;<br /> #!/bin/bash<br /> <br /> # https://github.com/vmware-tanzu/sonobuoy/releases<br /> VERSION=${1:-&quot;v0.56.16&quot;}<br /> LATEST_RELEASE=${2:-&quot;sonobuoy_0.56.16_linux_amd64.tar.gz&quot;}<br /> CUSTOM_REGISTRY=${3:-&quot;harbor-aws.dersllc.com/tmc-1.0.0-beta.2-rc.3&quot;}<br /> DOCKER_PROXY=${4:-&quot;harbor.tanzu.io:8443/dockerhub-proxy-cache&quot;} # optional argument<br /> CUSTOM_TMC_REPO=&quot;${CUSTOM_REGISTRY}/498533941640.dkr.ecr.us-west-2.amazonaws.com&quot;<br /> <br /> # https://kubernetes.io/releases/patch-releases/<br /> k8s_versions=(v1.23.8 v1.24.10)<br /> <br /> wget &quot;https://github.com/vmware-tanzu/sonobuoy/releases/download/${VERSION}/${LATEST_RELEASE}&quot;<br /> tar -xvf ${LATEST_RELEASE}<br /> <br /> for i in &quot;${k8s_versions[@]}&quot;<br /> do<br /> echo &quot;================CHECKING K8S: $i=======================&quot;<br /> ./sonobuoy images list --kubernetes-version $i &gt; images_$i.txt<br /> <br /> while read image<br /> do<br /> echo &quot;================CHECKING IMAGE: $image==================&quot;<br /> base=$(basename &quot;$image&quot;)<br /> output=${image#*/*}<br /> <br /> if [[ $image == *&quot;docker&quot;* &amp;&amp; -n $DOCKER_PROXY ]];<br /> then<br /> docker pull $DOCKER_PROXY/$output<br /> docker tag $DOCKER_PROXY/$output ${CUSTOM_TMC_REPO}/extensions/inspection-images/$base<br /> else<br /> docker pull $image<br /> docker tag $image ${CUSTOM_TMC_REPO}/extensions/inspection-images/$base<br /> fi<br /> <br /> docker push ${CUSTOM_TMC_REPO}/extensions/inspection-images/$base<br /> echo &quot;===================PUSHING: ${CUSTOM_TMC_REPO}/extensions/inspection-images/$base ===========&quot;<br /> done &lt; images_$i.txt<br /> done<br /> <br /> # not part of sonobuoy image list, install manually, update these as images are found<br /> docker pull k8s.gcr.io/e2e-test-images/agnhost:2.31<br /> docker pull k8s.gcr.io/pause:3.9<br /> docker tag k8s.gcr.io/e2e-test-images/agnhost:2.31 ${CUSTOM_TMC_REPO}/extensions/inspection-images/agnhost:2.31<br /> docker tag k8s.gcr.io/pause:3.9 ${CUSTOM_TMC_REPO}/extensions/inspection-images/pause:3.9<br /> docker push ${CUSTOM_TMC_REPO}/extensions/inspection-images/agnhost:2.31<br /> docker push ${CUSTOM_TMC_REPO}/extensions/inspection-images/pause:3.9<br /> <br /> # clean up text files and sonobuoy tar<br /> rm images_*<br /> rm sonobuoy_*<br /> EOF<br /> Edit the file and set the Variables at the top. (VERSION, LATEST_RELEASE, CUSTOM_REGISTRY, and k8s_versions)<br /> vi inspection-images.sh<br /> Save the file and change the permissions<br /> chmod +x inspection-images.sh<br /> Run the Script<br /> ./inspection-images.sh</div> Admin http://wiki.dersllc.com/index.php?title=VMware/TMConEKS&diff=65 VMware/TMConEKS 2023-07-21T18:14:04Z <p>Admin: /* Load Harbor with Images */</p> <hr /> <div>= TMC on EKS Setup =<br /> <br /> == Create Harbor on AWS==<br /> === SSH to Harbor-AWS EC2 Instance ===<br /> #On Plex<br /> ssh -i ~/.ssh/aws-keypair.pem ec2-user@ec2-54-91-52-46.compute-1.amazonaws.com<br /> <br /> === Install Harbor-AWS ===<br /> #THIS IS JUST PULLING IN MY STAR CERT and KEY FOR DERSLLC<br /> mkdir /data<br /> cd /data<br /> curl https://ders-gitlab.dersllc.com/ders/ders-proxy/-/raw/master/STAR_dersllc_com.crt &gt; /data/ders-star-chain.crt<br /> curl https://ders-gitlab.dersllc.com/ders/ders-proxy/-/raw/master/AddTrustExternalCARoot.crt &gt;&gt; /data/ders-star-chain.crt<br /> cp /data/ders-star-chain.crt /data/ders-star-chain.pem<br /> curl https://ders-gitlab.dersllc.com/ders/ders-proxy/-/raw/master/AddTrustExternalCARoot.crt &gt; /data/ders-ca.crt<br /> cat /data/ders-ca.crt &gt;&gt; /etc/pki/tls/certs/ca-bundle.crt<br /> curl https://ders-gitlab.dersllc.com/ders/ders-proxy/-/raw/master/dersllc-new.key &gt; /data/ders-star.key<br /> <br /> yum -y install docker<br /> service docker start<br /> systemctl enable docker<br /> <br /> wget https://github.com/docker/compose/releases/download/v2.18.1/docker-compose-linux-x86_64 -O /usr/local/bin/docker-compose<br /> chmod +x /usr/local/bin/docker-compose<br /> wget https://github.com/goharbor/harbor/releases/download/v2.8.1/harbor-offline-installer-v2.8.1.tgz<br /> tar -zxvf harbor-offline-installer-v2.8.1.tgz<br /> cd harbor<br /> cp harbor.yml.tmpl harbor.yml<br /> vi harbor.yml<br /> # add Hostname and certs and location<br /> #### harbor-aws.dersllc.com<br /> #### /data/ders-star-chain.crt<br /> #### /data/ders-star.key<br /> #### /data/harbor-data<br /> <br /> ./install.sh --with-trivy --with-notary<br /> <br /> == Load Harbor with Images ==<br /> # On a Jumpbox...<br /> docker login harbor-aws.dersllc.com<br /> #################################<br /> # Set Install Variables #<br /> #################################<br /> export IMGPKG_REGISTRY_HOSTNAME_0=&quot;harbor-aws.dersllc.com&quot;<br /> export IMGPKG_REGISTRY_USERNAME_0=&quot;admin&quot;<br /> export IMGPKG_REGISTRY_PASSWORD_0=&lt;PASSWORD&gt;<br /> export PRIVATE_IMAGE_REGISTRY_CA_PATH=&quot;/data/ders-ca.crt&quot;<br /> export PRIVATE_IMAGE_REGISTRY=&quot;harbor-aws.dersllc.com&quot;<br /> export TKG_IMAGE_REGISTRY=&quot;projects.registry.vmware.com/tkg&quot;<br /> export TKG_REPO_VERSION=&quot;v2.2.0_update.1&quot;<br /> export TMC_HARBOR_PROJECT=&quot;tmc-sm-1.0.0&quot;<br /> export TMC_BUNDLE=&quot;tmc-self-managed-1.0.0&quot;<br /> #########################<br /> # Prep TMC Bits #<br /> #########################<br /> mkdir tmc<br /> tar -xf $TMC_BUNDLE.tar -C tmc<br /> chmod +x /usr/local/bin/tmc<br /> tmc/tmc-sm push-images harbor --project $IMGPKG_REGISTRY_HOSTNAME_0/$TMC_HARBOR_PROJECT --username $IMGPKG_REGISTRY_USERNAME_0 --password $IMGPKG_REGISTRY_PASSWORD_0<br /> ############################################################<br /> # Upload Tanzu Standard Packages for TMC into Reop #<br /> ############################################################<br /> imgpkg copy --registry-ca-cert-path $PRIVATE_IMAGE_REGISTRY_CA_PATH \<br /> -b $TKG_IMAGE_REGISTRY/packages/standard/repo:$TKG_REPO_VERSION \<br /> --to-repo $PRIVATE_IMAGE_REGISTRY/$TMC_HARBOR_PROJECT/498533941640.dkr.ecr.us-west-2.amazonaws.com/packages/standard/repo<br /> <br /> == Setup EKS Cluster ==<br /> #########################<br /> # AWS AUTH INFO #<br /> #########################<br /> export AWS_ACCESS_KEY_ID=&lt;AWS_ACCESS_KEY_ID&gt;<br /> export AWS_SECRET_ACCESS_KEY=&lt;AWS_SECRET_ACCESS_KEY&gt;<br /> export AWS_SESSION_TOKEN=&lt;AWS_SESSION_TOKEN&gt;<br /> <br /> ##########################<br /> # INSTALL AWSCLI #<br /> ##########################<br /> curl &quot;https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip&quot; -o &quot;awscliv2.zip&quot;<br /> unzip awscliv2.zip<br /> sudo ./aws/install<br /> aws --version<br /> <br /> ##########################<br /> # Install EKSCLI #<br /> ##########################<br /> curl --silent --location &quot;https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz&quot; | tar xz -C /tmp<br /> sudo mv /tmp/eksctl /usr/local/bin<br /> <br /> export eks_region=us-east-2<br /> export eks_cluster_name=ders-tmc<br /> export eks_nodegroup_size=m5.xlarge<br /> <br /> eksctl create cluster --name $eks_cluster_name -r $eks_region -t $eks_nodegroup_size --nodes 3 --nodes-min 3 --nodes-max 11<br /> #Wait for Status Complete....... <br /> <br /> #Get Kubeconfig for EKS if needed<br /> #aws eks update-kubeconfig --region $eks_region --name $eks_cluster_name<br /> <br /> #Add another Node group if needed<br /> #export eks_nodegroup_name=ders-tmc-nodes<br /> #eksctl create nodegroup -c $eks_cluster_name -r $eks_region -n $eks_nodegroup_name -t $eks_nodegroup_size --nodes 3 --nodes-min 3 --nodes-max 11<br /> <br /> == Prepare EKS for TMC Deploy ==<br /> # Prep the EBS CSI<br /> eksctl utils associate-iam-oidc-provider \<br /> --region=$eks_region \<br /> --cluster=$eks_cluster_name \<br /> --approve<br /> <br /> eksctl create iamserviceaccount \<br /> --name ebs-csi-controller-sa \<br /> --namespace kube-system \<br /> --cluster $eks_cluster_name \<br /> --attach-policy-arn arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy \<br /> --approve \<br /> --role-only \<br /> --region=$eks_region \<br /> --role-name AmazonEKS_EBS_CSI_DriverRole<br /> <br /> eksctl create addon --name aws-ebs-csi-driver \<br /> --cluster $eks_cluster_name \<br /> --service-account-role-arn arn:aws:iam::$(aws sts get-caller-identity --query Account --output text):role/AmazonEKS_EBS_CSI_DriverRole \<br /> --region=$eks_region \<br /> --force<br /> <br /> == Create CA Cert for Cert-Manager ==<br /> ################################################<br /> # Create Config for CA SSL Certificate #<br /> ################################################<br /> mkdir -p /tmp/ssl<br /> cd /tmp/ssl<br /> cat &lt;&lt;EOF &gt; ca.cnf<br /> [ req ]<br /> default_bits = 2048<br /> default_md = sha256<br /> prompt = no<br /> encrypt_key = no<br /> distinguished_name = dn<br /> [ dn ]<br /> countryName = US<br /> stateOrProvinceName = Ohio<br /> localityName = Beavercreek<br /> organizationName = DER's LLC<br /> organizationalUnitName = IT<br /> commonName = ca.dersllc.com<br /> [ext]<br /> keyUsage=critical,keyCertSign,cRLSign<br /> basicConstraints=critical,CA:true,pathlen:1<br /> subjectAltName=DNS:ca.dersllc.com <br /> EOF<br /> <br /> ###############################################################<br /> # Create a Self-Signed CA Cert Using the Config Above #<br /> ###############################################################<br /> openssl req -x509 -nodes -newkey rsa:4096 -sha256 -days 3650 -nodes -keyout ders-ca.key -out ders-ca.cer -extensions ext -config ca.cnf<br /> <br /> ########################################################################################<br /> # Get Base64 encoded PEM and KEY for the K8S Issuer YAML Used in the Next Step #<br /> ########################################################################################<br /> cat ders-ca.cer | base64 -w0<br /> cat ders-ca.key | base64 -w0<br /> <br /> == Install TMC ==<br /> ################################################<br /> # Setup TMC Namespace and Cert-Manager #<br /> ################################################<br /> kubectl create ns tmc-local<br /> # Deploy Cert-Manager into EKS Cluster<br /> kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.12.0/cert-manager.yaml<br /> sleep 60<br /> # Add ders-ca issuer (this is referenced in the tmc-eks-values.yaml)<br /> kubectl apply -f https://ders-gitlab.dersllc.com/ders/vmware-se/-/raw/main/HomeLab/TMC%20on%20TKGm/tmc-issuer.yaml <br /> <br /> ################################################################<br /> # Setup Harbor Credentials For The tmc-local Namespace #<br /> ################################################################<br /> kubectl create secret generic regcred --from-file=.dockerconfigjson=/root/.docker/config.json --type=kubernetes.io/dockerconfigjson -n tmc-local<br /> kubectl patch serviceaccount default -p &quot;{\&quot;imagePullSecrets\&quot;: [{\&quot;name\&quot;: \&quot;regcred\&quot;}]}&quot; -n tmc-local<br /> <br /> ##################################<br /> # Create TMC Values File #<br /> ##################################<br /> #tmc/tmc-local generate-values-schema --output-file tmc-eks-values.yaml #(Depending on the version or TMC you will use this or the next command.)<br /> #tmc/tmc-local show-values-schema --output-filet tmc-eks-values.yaml<br /> <br /> #############################################<br /> # Pull TMC Values File and Validate #<br /> #############################################<br /> curl https://ders-gitlab.dersllc.com/ders/vmware-se/-/raw/main/HomeLab/TMC/tmc-eks-values.yaml &gt; tmc-eks-values.yaml<br /> tmc/tmc-local validate-values tmc-values.yaml<br /> <br /> ############################################<br /> # Finally Install TMC Self-Managed #<br /> ############################################<br /> tmc/tmc-local deploy --image-prefix $PRIVATE_IMAGE_REGISTRY/$TMC_HARBOR_PROJECT --kubeconfig ~/.kube/config --values=tmc-eks-values.yaml<br /> <br /> ###############################################################<br /> # During Install get the LB IP/Name and add it to DNS #<br /> ###############################################################<br /> kubectl get service -n tmc-local contour-envoy -o jsonpath='{.status.loadBalancer.ingress[0].hostname}'<br /> <br /> == Uninstall TMC ==<br /> tmc/tmc-local uninstall --kubeconfig ~/.kube/config<br /> <br /> == Setup Inspection Images ==<br /> Run the below command to create the download script.<br /> cat &gt; ./inspection-images.sh &lt;&lt; &quot;EOF&quot;<br /> #!/bin/bash<br /> <br /> # https://github.com/vmware-tanzu/sonobuoy/releases<br /> VERSION=${1:-&quot;v0.56.16&quot;}<br /> LATEST_RELEASE=${2:-&quot;sonobuoy_0.56.16_linux_amd64.tar.gz&quot;}<br /> CUSTOM_REGISTRY=${3:-&quot;harbor-aws.dersllc.com/tmc-1.0.0-beta.2-rc.3&quot;}<br /> DOCKER_PROXY=${4:-&quot;harbor.tanzu.io:8443/dockerhub-proxy-cache&quot;} # optional argument<br /> CUSTOM_TMC_REPO=&quot;${CUSTOM_REGISTRY}/498533941640.dkr.ecr.us-west-2.amazonaws.com&quot;<br /> <br /> # https://kubernetes.io/releases/patch-releases/<br /> k8s_versions=(v1.23.8 v1.24.10)<br /> <br /> wget &quot;https://github.com/vmware-tanzu/sonobuoy/releases/download/${VERSION}/${LATEST_RELEASE}&quot;<br /> tar -xvf ${LATEST_RELEASE}<br /> <br /> for i in &quot;${k8s_versions[@]}&quot;<br /> do<br /> echo &quot;================CHECKING K8S: $i=======================&quot;<br /> ./sonobuoy images list --kubernetes-version $i &gt; images_$i.txt<br /> <br /> while read image<br /> do<br /> echo &quot;================CHECKING IMAGE: $image==================&quot;<br /> base=$(basename &quot;$image&quot;)<br /> output=${image#*/*}<br /> <br /> if [[ $image == *&quot;docker&quot;* &amp;&amp; -n $DOCKER_PROXY ]];<br /> then<br /> docker pull $DOCKER_PROXY/$output<br /> docker tag $DOCKER_PROXY/$output ${CUSTOM_TMC_REPO}/extensions/inspection-images/$base<br /> else<br /> docker pull $image<br /> docker tag $image ${CUSTOM_TMC_REPO}/extensions/inspection-images/$base<br /> fi<br /> <br /> docker push ${CUSTOM_TMC_REPO}/extensions/inspection-images/$base<br /> echo &quot;===================PUSHING: ${CUSTOM_TMC_REPO}/extensions/inspection-images/$base ===========&quot;<br /> done &lt; images_$i.txt<br /> done<br /> <br /> # not part of sonobuoy image list, install manually, update these as images are found<br /> docker pull k8s.gcr.io/e2e-test-images/agnhost:2.31<br /> docker pull k8s.gcr.io/pause:3.9<br /> docker tag k8s.gcr.io/e2e-test-images/agnhost:2.31 ${CUSTOM_TMC_REPO}/extensions/inspection-images/agnhost:2.31<br /> docker tag k8s.gcr.io/pause:3.9 ${CUSTOM_TMC_REPO}/extensions/inspection-images/pause:3.9<br /> docker push ${CUSTOM_TMC_REPO}/extensions/inspection-images/agnhost:2.31<br /> docker push ${CUSTOM_TMC_REPO}/extensions/inspection-images/pause:3.9<br /> <br /> # clean up text files and sonobuoy tar<br /> rm images_*<br /> rm sonobuoy_*<br /> EOF<br /> Edit the file and set the Variables at the top. (VERSION, LATEST_RELEASE, CUSTOM_REGISTRY, and k8s_versions)<br /> vi inspection-images.sh<br /> Save the file and change the permissions<br /> chmod +x inspection-images.sh<br /> Run the Script<br /> ./inspection-images.sh</div> Admin http://wiki.dersllc.com/index.php?title=TDKC&diff=53 TDKC 2023-06-02T19:47:37Z <p>Admin: Created page with &quot;= System Administrator Documentation = ==Mediawiki Installation Procedures== * Build a Centos 7 Server * Set Selinux to Permissive and allow port 80 through the firewall: sed -i &#039;s/SELINUX=enforcing/SELINUX=permissive/&#039; /etc/selinux/config setenforce 0 firewall-cmd --add-port 80/tcp firewall-cmd --add-port 80/tcp --permanent * Install EPEL Repository: yum install -y epel-release * Install Required Packages: yum install -y mediawiki mariadb-server php-mysql * Enable...&quot;</p> <hr /> <div>= System Administrator Documentation =<br /> ==Mediawiki Installation Procedures==<br /> * Build a Centos 7 Server<br /> * Set Selinux to Permissive and allow port 80 through the firewall:<br /> sed -i 's/SELINUX=enforcing/SELINUX=permissive/' /etc/selinux/config<br /> setenforce 0<br /> firewall-cmd --add-port 80/tcp<br /> firewall-cmd --add-port 80/tcp --permanent<br /> * Install EPEL Repository:<br /> yum install -y epel-release<br /> * Install Required Packages:<br /> yum install -y mediawiki mariadb-server php-mysql<br /> * Enable and Turn on Services:<br /> systemctl enable httpd<br /> systemctl enable mariadb<br /> systemctl start httpd<br /> systemctl start mariadb<br /> * Configure Mariadb:<br /> mysql<br /> create database wiki;<br /> GRANT ALL PRIVILEGES ON wiki.* to 'wiki'@'localhost' IDENTIFIED BY '&lt;password&gt;';<br /> exit<br /> * Edit the /etc/httpd/conf.d/mediawiki123.conf to look like:<br /> Alias /mw-config /var/www/mediawiki123/mw-config<br /> <br /> Alias /index.php /var/www/mediawiki123/index.php<br /> Alias /api.php /var/www/mediawiki123/api.php<br /> Alias /load.php /var/www/mediawiki123/load.php<br /> Alias /opensearch_desc.php /var/www/mediawiki123/opensearch_desc.php<br /> Alias /skins /var/www/mediawiki123/skins<br /> Alias /images /var/www/mediawiki123/images<br /> Alias / /var/www/mediawiki123/index.php<br /> <br /> &lt;Directory /var/www/mediawiki123&gt;<br /> Options FollowSymLinks<br /> &lt;/Directory&gt;<br /> * Restart the httpd service and go http://wiki.tdkc.com/mw-config to configure the Site.<br /> ** Click Continue.<br /> ** Click Continue.<br /> ** Select the &lt;strong&gt;MySQL&lt;/strong&gt; radio button.<br /> ** Set the Database Name to &lt;strong&gt;wiki&lt;/strong&gt;.<br /> ** Set the Database Username to &lt;strong&gt;wiki&lt;/strong&gt;.<br /> ** Set the Database Password.<br /> ** Click Continue.<br /> ** Click Continue.<br /> ** Set the Wiki Name to &lt;strong&gt;TDKC Wiki&lt;/strong&gt;.<br /> ** Set the Administrator Username to &lt;strong&gt;admin&lt;/strong&gt;.<br /> ** Set the Administrator Password and Confirm it.<br /> ** Set the Administrator E-mail to &lt;strong&gt;cpowell@tdkc.com&lt;/strong&gt;.<br /> ** Select the &lt;strong&gt; Ask me more questions &lt;/strong&gt; radio button.<br /> ** Click Continue.<br /> ** Select the &lt;strong&gt; Authorized Editors Only &lt;/strong&gt; radio button.<br /> ** Check all of the Extensions.<br /> ** Check &lt;strong&gt; Enable File Uploads &lt;/strong&gt;.<br /> ** Check &lt;strong&gt; Enable Instant Commons &lt;/strong&gt;<br /> ** Click Continue.<br /> * Download the LocalSettings.php and place it at /var/www/mediawiki123/LocalSettings.php on the wiki server.<br /> * After the install comment the mw-config line in the /etc/httpd/conf.d/mediawiki123.conf:<br /> #Alias /mw-config /var/www/mediawiki123/mw-config<br /> * Restart httpd and go to http://wiki.tdkc.com<br /> <br /> = Disable Account Creation for everyon but admins=<br /> * Edit the LocalSettings.php file and add the following to the bottom.<br /> $wgGroupPermissions['*']['createaccount'] = false;<br /> = LDAP Integration =<br /> * Install required Software<br /> yum -y install php-ldap<br /> systemctl restart httpd<br /> * Allow httpd to make network calls<br /> setsebool -P httpd_can_network_connect on<br /> * Get Latest Plugin for your Version of MediaWiki<br /> https://www.mediawiki.org/wiki/Extension:LDAP_Authentication<br /> * Download Snapshot and copy tar file to the wiki server<br /> tar -zxvf &lt;tar&gt; -C /var/www/mediawiki123/extensions/<br /> * Add the following to the /var/www/mediawiki123/LocalSettings.php file<br /> #LDAP Settings<br /> require_once &quot;extensions/LdapAuthentication/LdapAuthentication.php&quot;;<br /> $wgAuth = new LdapAuthenticationPlugin();<br /> $wgLDAPDomainNames = array(&quot;TDKC&quot;);<br /> $wgLDAPServerNames = array(&quot;TDKC&quot; =&gt; &quot;&lt;IP&gt;&quot;);<br /> $wgLDAPEncryptionType = array(&quot;TDKC&quot; =&gt; &quot;clear&quot;);<br /> $wgLDAPUseLocal = true;<br /> $wgMinimalPasswordLength = 1;<br /> $wgLDAPBaseDNs = array(&quot;TDKC&quot; =&gt; &quot;dc=tdkc,dc=com&quot;);<br /> $wgLDAPSearchAttributes = array(&quot;TDKC&quot; =&gt; &quot;sAMAccountName&quot;);<br /> $wgLDAPRetrievePrefs = array(&quot;TDKC&quot; =&gt; true);<br /> $wgLDAPPreferences = array(&quot;TDKC&quot; =&gt; array(&quot;email&quot; =&gt; &quot;mail&quot;, &quot;realname&quot; =&gt; &quot;displayname&quot;));<br /> $wgLDAPProxyAgent = array(&quot;TDKC&quot; =&gt; &quot;wiki@tdkc.com&quot;);<br /> $wgLDAPProxyAgentPassword = array(&quot;TDKC&quot; =&gt; &quot;&lt;PASS&gt;&quot;);<br /> <br /> = Restricting Wiki Pages =<br /> * Get Latest Plugin for your Version of MediaWiki<br /> https://www.mediawiki.org/wiki/Extension:AccessControl<br /> * Download Snapshot and copy tar file to the wiki server<br /> tar -zxvf &lt;tar&gt; -C /var/www/mediawiki123/extensions/<br /> * Add the following to the /var/www/mediawiki123/LocalSettings.php file<br /> require_once &quot;$IP/extensions/AccessControl/AccessControl.php&quot;;<br /> $wgAdminCanReadAll = true;<br /> $wgAccessControlRedirect = false;<br /> * Add the below tag to the top of each page you want restricted:<br /> &lt;nowiki&gt;&lt;accesscontrol&gt;Administrators&lt;/accesscontrol&gt;&lt;/nowiki&gt;<br /> * Add / Remove users to the Administrators Group <br /> ** Go to Special Pages<br /> ** User Right Management<br /> ** Enter the username you wish to add/remove<br /> ** Check or Uncheck the administrator box<br /> ** Click Save user groups<br /> '''Note:''' You may need to do this as the &lt;strong&gt; admin &lt;/strong&gt; user.<br /> <br /> = Customizing the Logo =<br /> * Copy the logo to the wiki server and replace the /var/www/mediawiki123/skins/common/images/wiki.png file:<br /> mv /var/www/mediawiki123/skins/common/images/wiki.png /var/www/mediawiki123/skins/common/images/wiki.png.old<br /> mv /tmp/logo.png /var/www/mediawiki123/skins/common/images/wiki.png<br /> * Refresh the Webpage<br /> <br /> &lt;br&gt;<br /> ==Spacewalk Installation Procedures==<br /> =Spacewalk Installation Procedures=<br /> * Build a Centos 7 Server<br /> * Set Selinux to Permissive and allow port 80 through the firewall:<br /> sed -i 's/SELINUX=enforcing/SELINUX=permissive/' /etc/selinux/config<br /> setenforce 0<br /> firewall-cmd --add-port 80/tcp<br /> firewall-cmd --add-port 80/tcp --permanent<br /> firewall-cmd --add-port 443/tcp<br /> firewall-cmd --add-port 443/tcp --permanent<br /> <br /> * Install the Required Server Repositories:<br /> # Spacewalk Server Repository<br /> rpm -Uvh http://yum.spacewalkproject.org/2.3/RHEL/7/x86_64/spacewalk-repo-2.3-4.el7.noarch.rpm<br /> <br /> # JPackage Repository<br /> cat &lt;&lt;EOF&gt; /etc/yum.repos.d/jpackage-generic.repo<br /> [jpackage-generic]<br /> name=JPackage generic<br /> mirrorlist=http://www.jpackage.org/mirrorlist.php?dist=generic&amp;type=free&amp;release=5.0<br /> enabled=1<br /> gpgcheck=1<br /> gpgkey=http://www.jpackage.org/jpackage.asc<br /> EOF<br /> <br /> * Install The Spacewalk Database:<br /> yum -y install spacewalk-setup-postgresql<br /> <br /> * Install Spacewalk:<br /> yum -y install spacewalk-postgresql<br /> # EPEL Repository<br /> yum -y install epel-release<br /> <br /> =Spacewalk Configuration=<br /> == Basic Configuration ==<br /> * Start the installation wizard:<br /> spacewalk-setup --disconnected<br /> * Answer the questions:<br /> Admin Email Address? &lt;strong&gt;cpowell@tdkc.com&lt;/strong&gt;<br /> <br /> Should setup configure apache's default ssl server for you (saves original ssl.conf) [Y]? &lt;strong&gt;Y&lt;/strong&gt;<br /> <br /> CA certificate password? &lt;strong&gt;&lt;pass&gt;&lt;/strong&gt;<br /> Re-enter CA certificate password? &lt;strong&gt;&lt;pass&gt;&lt;/strong&gt;<br /> Organization? &lt;strong&gt;TDKC&lt;/strong&gt;<br /> Organization Unit? &lt;strong&gt;IT&lt;/strong&gt;<br /> Email Address [cpowell@tdkc.com]? &lt;strong&gt;cpowell@tdkc.com&lt;/strong&gt;<br /> City? &lt;strong&gt;Fairborn&lt;/strong&gt;<br /> State? &lt;strong&gt;OH&lt;/strong&gt;<br /> Country code (Examples: &quot;US&quot;, &quot;JP&quot;, &quot;IN&quot;, or type &quot;?&quot; to see a list)? &lt;strong&gt;US&lt;/strong&gt;<br /> <br /> Cobbler requires tftp and xinetd services be turned on for PXE provisioning functionality. Enable these services [Y]? &lt;strong&gt;Y&lt;/strong&gt;<br /> <br /> * On complete, start the Spacewalk service if not started automatically.<br /> /usr/sbin/spacewalk-service start<br /> <br /> * Go to https://spacewalk.tdkc.com and create an admin account<br /> [[File:Spacewalk1.png]]<br /> <br /> == Changing the Spacewalk Logo ==<br /> * Resize the TDKC logo to 44px wide<br /> * Change spacewalk logo to TDKC:<br /> mv /var/www/html/img/logo_vendor.png /var/www/html/img/logo_vendor.png.old<br /> mv /tmp/logo.png /var/www/html/img/logo_vendor.png<br /> <br /> == Creating Software Channels ==<br /> === Base Channels ===<br /> * Go to the Channels Tab.<br /> * Click the Manage Software Channels Tab on the Left Menu.<br /> * Click the Create Channel Button.<br /> * Fill out the form.<br /> Channel Name: &lt;strong&gt;CentOS 7&lt;/strong&gt;<br /> Channel Label: &lt;strong&gt;centos-7&lt;/strong&gt;<br /> Parent Channel: &lt;strong&gt;None&lt;/strong&gt;<br /> Architecture: &lt;strong&gt;x86_64&lt;/strong&gt;<br /> Yum Repository Checksum Type: &lt;strong&gt;sha512&lt;/strong&gt;<br /> Channel Summary: &lt;strong&gt;CentOS Base Channel&lt;/strong&gt;<br /> Channel Description: &lt;strong&gt;CentOS Base Channel&lt;/strong&gt;<br /> * Click Create Channel.<br /> * Repeat the above steps for each needed Base Channel<br /> === Sub Channels ===<br /> * Go to the Channels Tab.<br /> * Click the Manage Software Channels Tab on the Left Menu.<br /> * Click the Create Channel Button.<br /> * Fill out the form.<br /> Channel Name: &lt;strong&gt;CentOS 7 Updates&lt;/strong&gt;<br /> Channel Label: &lt;strong&gt;centos-7-updates&lt;/strong&gt;<br /> Parent Channel: &lt;strong&gt;CentOS 7&lt;/strong&gt;<br /> Architecture: &lt;strong&gt;x86_64&lt;/strong&gt;<br /> Yum Repository Checksum Type: &lt;strong&gt;sha512&lt;/strong&gt;<br /> Channel Summary: &lt;strong&gt;CentOS 7 Updates Sub Channel&lt;/strong&gt;<br /> Channel Description: &lt;strong&gt;CentOS 7 Updates Sub Channel&lt;/strong&gt;<br /> * Click Create Channel.<br /> * Repeat the above steps for each needed Sub Channel<br /> === Syncing Software Channels ===<br /> * SSH to the spacewalk server<br /> * Create a scripts directory<br /> mkdir -p /usr/share/rhn/scripts<br /> * Create a file called reposync.sh<br /> vi /usr/share/rhn/scripts/reposync.sh<br /> <br /> mkdir -p /var/log/scripts/<br /> date &gt; /var/log/scripts/spacewalk-repo-sync.log<br /> echo ##################################################### &gt;&gt; /var/log/scripts/spacewalk-repo-sync.log<br /> CENT7LATEST=`curl --silent http://mirror.centos.org/centos/ | grep folder | grep &quot;&gt;7\.&quot; | cut -d '&quot;' -f 8 | cut -d '/' -f 1 | sort -g | tail -1`<br /> <br /> spacewalk-repo-sync -u http://mirror.centos.org/centos/$CENT7LATEST/os/x86_64/ -c centos-7 &gt;&gt; /var/log/scripts/spacewalk-repo-sync.log<br /> spacewalk-repo-sync -u http://mirror.centos.org/centos/$CENT7LATEST/extras/x86_64/ -c centos-7-extras &gt;&gt; /var/log/scripts/spacewalk-repo-sync.log<br /> spacewalk-repo-sync -u http://mirror.centos.org/centos/$CENT7LATEST/updates/x86_64/ -c centos-7-updates &gt;&gt; /var/log/scripts/spacewalk-repo-sync.log<br /> spacewalk-repo-sync -u http://dl.fedoraproject.org/pub/epel/7/x86_64/ -c centos-7-epel &gt;&gt; /var/log/scripts/spacewalk-repo-sync.log <br /> spacewalk-repo-sync -u http://yum.spacewalkproject.org/latest-client/RHEL/7/x86_64/ -c centos-7-spacewalk-client &gt;&gt; /var/log/scripts/spacewalk-repo-sync.log<br /> <br /> chmod -R 777 /var/satellite/redhat/1/ <br /> echo #################################################### &gt;&gt; /var/log/scripts/spacewalk-repo-sync.log<br /> date &gt;&gt; /var/log/scripts/spacewalk-repo-sync.log<br /> <br /> * Change permissions to the reposync.sh file<br /> chmod 755 /usr/share/rhn/scripts/reposync.sh<br /> * To run it manually simply use the following command:<br /> /usr/share/rhn/scripts/reposync.sh<br /> * To schedule the script use cron as root:<br /> crontab -e <br /> * Add the following line to the crontab: (This will run the script once a week on sunday morning at 00:01)<br /> 1 0 * * 0 /usr/share/rhn/scripts/reposync.sh<br /> * This script is logged at /var/log/scripts/spacewalk-repo-sync.log<br /> <br /> == Creating System Groups ==<br /> * Go to the Systems Tab.<br /> * Click the System Groups Tab on the Left Menu.<br /> * Click the Create Group Button.<br /> * Fill out the form.<br /> Name: '''Centos 7 Servers'''<br /> Description: '''Centos 7 Servers'''<br /> * Repeat for all of the groups you wish to create.<br /> <br /> == Creating Configuration Channels ==<br /> These are groups of configuration files that are managed by spacewalk. These files can be pushed to the servers that are subscribed to the channel.<br /> * Go to the Configuration Tab.<br /> * Click the Configuration Channels Tab on the Left Menu.<br /> * Click the Create Config Channel Button.<br /> * Fill out the form.<br /> Name: '''Centos 7 Servers'''<br /> Label: '''centos-7-config'''<br /> Description: '''Centos 7 Servers'''<br /> * Click the Add Files Tab and add any configuration files you wish. <br /> '''Note:''' These can be added at anytime. &lt;br&gt;<br /> '''Note:''' These files can be pulled to each server that is subscribed, by running the command '''rhncfg-client get'''<br /> * Repeat for all of the channels you wish to create.<br /> <br /> == Creating Activation Keys ==<br /> These are used during kickstarts to join the spacewalk server. They are also use to assign kickstarted machines to the appropriate System Groups, Software Channels, Configuration Channels and more.<br /> * Go to the Systems Tab.<br /> * Click the Activation Keys Tab on the Left Menu.<br /> * Click the Create Key Button.<br /> * Fill out the form.<br /> Description: '''Centos 7 Servers'''<br /> Key: '''centos-7-key'''<br /> Base Channel: '''CentOS 7'''<br /> Check Provisioning<br /> * Under the '''Child Channels''' tab add all desired Software channels by pressing ctrl and clicking each channel you wish.<br /> * Then click the '''Update Key''' button.<br /> * Under the '''Packages''' Tab, add all of the software packages you wish to install at spacewalk registration time.<br /> * Then click the '''Update Key''' button.<br /> * Under the '''Configuration''' Tab and the Subscribe Channels Sub-Tab, add all of the configuration channels you wish the servers be added to. <br /> * Then click the '''Update Key''' button.<br /> * Under the '''Groups''' Tab and the '''Join''' sub-tab, check the groups you wish the activation key to add the server to. <br /> * Then click the '''Join Selected Group''' button.<br /> == Joining Existing Servers ==<br /> === Spacewalk Setup ===<br /> * Create a Repository file on the spacewalk server<br /> mkdir -p /var/www/html/pub/repo_files/<br /> vi /var/www/html/pub/repo_files/centos7.repo<br /> <br /> [local-centos-7]<br /> name=local-centos-7<br /> baseurl=http://spacewalk.tdkc.com/ks/dist/org/1/centos-7-latest<br /> enabled=1<br /> gpgcheck=0<br /> <br /> [local-centos-7-updates]<br /> name=local-centos-7-updates<br /> baseurl=http://spacewalk.tdkc.com/ks/dist/child/centos-7-updates/centos-7-latest<br /> enabled=1<br /> gpgcheck=0<br /> <br /> [local-centos-7-extras]<br /> name=local-centos-7-extras<br /> baseurl=http://spacewalk.tdkc.com/ks/dist/child/centos-7-extras/centos-7-latest<br /> enabled=1<br /> gpgcheck=0<br /> <br /> [local-centos-7-spacewalk-client]<br /> name=local-centos-7-spacewalk-client<br /> baseurl=http://spacewalk.tdkc.com/ks/dist/child/centos-7-spacewalk-client/centos-7-latest<br /> enabled=1<br /> gpgcheck=0<br /> <br /> [local-centos-7-epel]<br /> name=local-centos-7-epel<br /> baseurl=http://spacewalk.tdkc.com/ks/dist/child/centos-7-epel/centos-7-latest<br /> enabled=1<br /> gpgcheck=0<br /> <br /> ====Add python-gudev and python-hwdata to the CentOS 7 Spacewalk Client Repo====<br /> * Go to the '''Channels''' Tab<br /> * Go to the '''Manage Software Channels''' Tab on the Left hand side.<br /> * Click the '''CentOS 7 Spacewalk Client''' Channel.<br /> * Click the '''Packages''' Tab. <br /> * Click the '''Add''' Sub Tab.<br /> * Under channel Choose '''CentOS 7''' and Click '''View Packages'''<br /> * Search for python-gudev and python-hwdata and Click '''Add Packages'''<br /> * Then Click '''Confirm Addition''' Button.<br /> <br /> === Client Setup ===<br /> ==== CentOS 7 ====<br /> Run the following as '''ROOT''':<br /> mkdir -p /tmp/old_repos<br /> for i in `ls /etc/yum.repos.d/*`; do mv -f $i /tmp/old_repos/; done<br /> #for i in `ls /etc/yum.repos.d/Cent*`; do echo &gt; $i; done<br /> curl http://spacewalk/pub/repo_files/centos7.repo &gt; /etc/yum.repos.d/local-centos-7.repo<br /> yum -y install wget<br /> rpm --import http://spacewalk.tdkc.com/pub/repo_files/RPM-GPG-KEY-EPEL-7 http://spacewalk.tdkc.com/pub/repo_files/RPM-GPG-KEY-CentOS-7 http://spacewalk.tdkc.com/pub/repo_files/RPM-GPG-KEY-spacewalk-2008 http://spacewalk.tdkc.com/pub/repo_files/RPM-GPG-KEY-spacewalk-2010 http://spacewalk.tdkc.com/pub/repo_files/RPM-GPG-KEY-spacewalk-2012 http://spacewalk.tdkc.com/pub/repo_files/RPM-GPG-KEY-spacewalk-2014 http://spacewalk.tdkc.com/pub/repo_files/RPM-GPG-KEY-spacewalk-2015<br /> cat /tmp/ssl-key-* &gt; /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT<br /> perl -pe 's/RHNS-CA-CERT/RHN-ORG-TRUSTED-SSL-CERT/g' -i /etc/sysconfig/rhn/up2date<br /> yum -y install pyOpenSSL rhnlib libxml2 libxml2-python<br /> perl -npe 's|^(\s*(noSSLS\|s)erverURL\s*=\s*[^:]+://)[^/]*/|${1}spacewalk.tdkc.com/|' -i /etc/sysconfig/rhn/up2date<br /> mkdir -p /etc/sysconfig/rhn/allowed-actions/script<br /> touch /etc/sysconfig/rhn/allowed-actions/script/run<br /> mkdir -p /etc/sysconfig/rhn/allowed-actions/configfiles<br /> touch /etc/sysconfig/rhn/allowed-actions/configfiles/all <br /> mkdir -p /usr/share/rhn/<br /> wget http://spacewalk.tdkc.com/pub/RHN-ORG-TRUSTED-SSL-CERT -O /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT<br /> yum -y install rhncfg-client rhncfg rhncfg-actions osad osa-common jabberpy rhn-setup<br /> rhnreg_ks --serverUrl=https://spacewalk.tdkc.com/XMLRPC --sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT --activationkey=1-centos-7-key<br /> rhncfg-client get<br /> systemctl enable osad<br /> systemctl start osad<br /> systemctl disable firewalld<br /> systemctl stop firewalld<br /> <br /> # The Below are only needed if you want to keep firewalld ON<br /> #firewall-cmd --add-port 5222/tcp<br /> #firewall-cmd --add-port 4545/tcp<br /> #firewall-cmd --add-port 5222/tcp --permanent<br /> #firewall-cmd --add-port 4545/tcp --permanent<br /> <br /> ==== CentOS 6 ====<br /> Run the following as '''ROOT''':<br /> mkdir -p /tmp/old_repos<br /> for i in `ls /etc/yum.repos.d/*`; do mv -f $i /tmp/old_repos/; done<br /> #for i in `ls /etc/yum.repos.d/Cent*`; do echo &gt; $i; done<br /> curl http://spacewalk/pub/repo_files/centos6.repo &gt; /etc/yum.repos.d/local-centos-6.repo<br /> yum -y install wget<br /> rpm --import http://spacewalk.tdkc.com/pub/repo_files/RPM-GPG-KEY-pbis http://spacewalk.tdkc.com/pub/repo_files/RPM-GPG-KEY-EPEL-6 http://spacewalk.tdkc.com/pub/repo_files/RPM-GPG-KEY-CentOS-6 http://spacewalk.tdkc.com/pub/repo_files/RPM-GPG-KEY-spacewalk-2008 http://spacewalk.tdkc.com/pub/repo_files/RPM-GPG-KEY-spacewalk-2010 http://spacewalk.tdkc.com/pub/repo_files/RPM-GPG-KEY-spacewalk-2012 http://spacewalk.tdkc.com/pub/repo_files/RPM-GPG-KEY-spacewalk-2014 http://spacewalk.tdkc.com/pub/repo_files/RPM-GPG-KEY-spacewalk-2015<br /> cat /tmp/ssl-key-* &gt; /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT<br /> perl -pe 's/RHNS-CA-CERT/RHN-ORG-TRUSTED-SSL-CERT/g' -i /etc/sysconfig/rhn/up2date<br /> yum -y install pyOpenSSL rhnlib libxml2 libxml2-python<br /> perl -npe 's|^(\s*(noSSLS\|s)erverURL\s*=\s*[^:]+://)[^/]*/|${1}spacewalk.tdkc.com/|' -i /etc/sysconfig/rhn/up2date<br /> mkdir -p /etc/sysconfig/rhn/allowed-actions/script<br /> touch /etc/sysconfig/rhn/allowed-actions/script/run<br /> mkdir -p /etc/sysconfig/rhn/allowed-actions/configfiles<br /> touch /etc/sysconfig/rhn/allowed-actions/configfiles/all <br /> mkdir -p /usr/share/rhn/<br /> wget http://spacewalk.tdkc.com/pub/RHN-ORG-TRUSTED-SSL-CERT -O /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT<br /> yum -y install rhncfg-client rhncfg rhncfg-actions osad osa-common jabberpy rhn-setup<br /> rhnreg_ks --serverUrl=https://spacewalk.tdkc.com/XMLRPC --sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT --activationkey=1-centos-6-key --force<br /> rhncfg-client get<br /> chkconfig osad on <br /> service osad start<br /> chkconfig iptables off<br /> service iptables stop<br /> chkconfig ip6tables off<br /> service ip6tables stop<br /> <br /> # The Below are only needed if you want to keep iptables ON<br /> #sed -i '/--dport 22/a -A INPUT -m state --state NEW -m tcp -p tcp --dport 4545 -j ACCEPT' /etc/sysconfig/iptables<br /> #sed -i '/--dport 22/a -A INPUT -m state --state NEW -m tcp -p tcp --dport 5222 -j ACCEPT' /etc/sysconfig/iptables<br /> #sed -i '/--dport 22/a -A INPUT -m state --state NEW -m tcp -p tcp --dport 4545 -j ACCEPT' /etc/sysconfig/ip6tables<br /> #sed -i '/--dport 22/a -A INPUT -m state --state NEW -m tcp -p tcp --dport 5222 -j ACCEPT' /etc/sysconfig/ip6tables<br /> #service iptables restart<br /> #service ip6tables restart<br /> <br /> ==== CentOS 5 ====<br /> Run the following as '''ROOT''':<br /> mkdir -p /tmp/old_repos<br /> for i in `ls /etc/yum.repos.d/*`; do mv -f $i /tmp/old_repos/; done<br /> #for i in `ls /etc/yum.repos.d/Cent*`; do echo &gt; $i; done<br /> curl http://spacewalk/pub/repo_files/centos5.repo &gt; /etc/yum.repos.d/local-centos-5.repo<br /> yum -y install wget<br /> rpm --import http://spacewalk.tdkc.com/pub/repo_files/RPM-GPG-KEY-pbis http://spacewalk.tdkc.com/pub/repo_files/RPM-GPG-KEY-EPEL-5 http://spacewalk.tdkc.com/pub/repo_files/RPM-GPG-KEY-CentOS-5 http://spacewalk.tdkc.com/pub/repo_files/RPM-GPG-KEY-spacewalk-2008 http://spacewalk.tdkc.com/pub/repo_files/RPM-GPG-KEY-spacewalk-2010 http://spacewalk.tdkc.com/pub/repo_files/RPM-GPG-KEY-spacewalk-2012 http://spacewalk.tdkc.com/pub/repo_files/RPM-GPG-KEY-spacewalk-2014 http://spacewalk.tdkc.com/pub/repo_files/RPM-GPG-KEY-spacewalk-2015<br /> cat /tmp/ssl-key-* &gt; /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT<br /> perl -pe 's/RHNS-CA-CERT/RHN-ORG-TRUSTED-SSL-CERT/g' -i /etc/sysconfig/rhn/up2date<br /> yum -y install pyOpenSSL rhnlib libxml2 libxml2-python<br /> perl -npe 's|^(\s*(noSSLS\|s)erverURL\s*=\s*[^:]+://)[^/]*/|${1}spacewalk.tdkc.com/|' -i /etc/sysconfig/rhn/up2date<br /> mkdir -p /etc/sysconfig/rhn/allowed-actions/script<br /> touch /etc/sysconfig/rhn/allowed-actions/script/run<br /> mkdir -p /etc/sysconfig/rhn/allowed-actions/configfiles<br /> touch /etc/sysconfig/rhn/allowed-actions/configfiles/all <br /> echo '#includedir /etc/sudoers.d' &gt;&gt; /etc/sudoers<br /> chmod 755 /etc/sudoers.d/<br /> mkdir -p /usr/share/rhn/<br /> wget http://spacewalk.tdkc.com/pub/RHN-ORG-TRUSTED-SSL-CERT -O /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT<br /> yum -y install rhncfg-client rhncfg rhncfg-actions osad osa-common jabberpy rhn-setup<br /> rhnreg_ks --serverUrl=https://spacewalk.tdkc.com/XMLRPC --sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT --activationkey=1-centos-5-key<br /> rhncfg-client get<br /> chkconfig osad on <br /> service osad start<br /> chkconfig iptables off<br /> service iptables stop<br /> chkconfig ip6tables off<br /> service ip6tables stop<br /> <br /> # The Below are only needed if you want to keep iptables ON<br /> #sed -i '/--dport 22/a -A INPUT -m state --state NEW -m tcp -p tcp --dport 4545 -j ACCEPT' /etc/sysconfig/iptables<br /> #sed -i '/--dport 22/a -A INPUT -m state --state NEW -m tcp -p tcp --dport 5222 -j ACCEPT' /etc/sysconfig/iptables<br /> #sed -i '/--dport 22/a -A INPUT -m state --state NEW -m tcp -p tcp --dport 4545 -j ACCEPT' /etc/sysconfig/ip6tables<br /> #sed -i '/--dport 22/a -A INPUT -m state --state NEW -m tcp -p tcp --dport 5222 -j ACCEPT' /etc/sysconfig/ip6tables<br /> #service iptables restart<br /> #service ip6tables restart<br /> <br /> ==== Ubuntu 12.04 ====<br /> Run the following as '''ROOT''':<br /> mkdir -p /tmp/spacewalk/<br /> cd /tmp/spacewalk/<br /> wget http://spacewalk.tdkc.com/pub/register/ubuntu-1204/apt-transport-spacewalk-1.0.6-2.5-1ubuntu1-precise1.all-deb.deb http://spacewalk.tdkc.com/pub/register/ubuntu-1204/libnl1_1.1-7_amd64.deb http://spacewalk.tdkc.com/pub/register/ubuntu-1204/osad-5.9.21-2.all-deb.deb http://spacewalk.tdkc.com/pub/register/ubuntu-1204/pyjabber-0.5.0-1.4ubuntu3-precise1.all-deb.deb http://spacewalk.tdkc.com/pub/register/ubuntu-1204/python-dmidecode_3.10.11-1build2_amd64.deb http://spacewalk.tdkc.com/pub/register/ubuntu-1204/python-ethtool_0.6-0ubuntu1_amd64.deb http://spacewalk.tdkc.com/pub/register/ubuntu-1204/python-gudev_147.2-2_amd64.deb http://spacewalk.tdkc.com/pub/register/ubuntu-1204/python-libxml2-2.7.8.dfsg-5.1ubuntu4.15.amd64-deb.deb http://spacewalk.tdkc.com/pub/register/ubuntu-1204/python-newt_0.52.11-2ubuntu10_amd64.deb http://spacewalk.tdkc.com/pub/register/ubuntu-1204/python-rhn-2.5.52-1ubuntu1-precise1.all-deb.deb http://spacewalk.tdkc.com/pub/register/ubuntu-1204/python-support_1.0.14ubuntu2_all.deb http://spacewalk.tdkc.com/pub/register/ubuntu-1204/rhncfg-5.10.14-1ubuntu1-precise2.all-deb.deb http://spacewalk.tdkc.com/pub/register/ubuntu-1204/rhn-client-tools_1.8.9-4~precise1_amd64.deb http://spacewalk.tdkc.com/pub/register/ubuntu-1204/rhnsd-5.0.4-3.amd64-deb.deb http://spacewalk.tdkc.com/pub/register/ubuntu-1204/libgudev-1.0-0_175-0ubuntu9_amd64.deb http://spacewalk.tdkc.com/pub/register/ubuntu-1204/python-gobject-2_2.28.6-10ubuntu1_amd64.deb http://spacewalk.tdkc.com/pub/register/ubuntu-1204/python-gobject_3.2.2-1~precise_all.deb<br /> dpkg -i *.deb <br /> #add-apt-repository -y ppa:mj-casalogic/spacewalk-ubuntu<br /> #apt-get update<br /> mkdir -p /usr/share/rhn/<br /> wget http://spacewalk.tdkc.com/pub/RHN-ORG-TRUSTED-SSL-CERT -O /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT<br /> apt-get -y install rhncfg rhn-client-tools apt-transport-spacewalk python-rhn rhnsd python-libxml2<br /> sed -i 's/if not self.allow_none:/#if not self.allow_none:/' /usr/lib/python2.7/xmlrpclib.py<br /> sed -i 's/raise TypeError, &quot;cannot marshal None unless allow_none is enabled&quot;/#raise TypeError, &quot;cannot marshal None unless allow_none is enabled&quot;/' /usr/lib/python2.7/xmlrpclib.py<br /> mkdir /var/lock/subsys<br /> rhnreg_ks --activationkey=1-ubuntu-1204 --serverUrl=http://spacewalk.tdkc.com/XMLRPC --force <br /> rhn-actions-control --enable-run<br /> echo 'deb spacewalk://spacewalk.tdkc.com/XMLRPC channels: main ubuntu-1204-custom ubuntu-1204-security ubuntu-1204-updates' &gt; /etc/apt/sources.list.d/spacewalk.list<br /> mv /etc/apt/sources.list /etc/apt/sources.list.bak<br /> mkdir -p /var/spool/rhn<br /> cd /tmp<br /> rm -rf /tmp/spacewalk/<br /> apt-get update<br /> sleep 10<br /> apt-get update<br /> <br /> ==== Ubuntu 14.04 ====<br /> Run the following as '''ROOT''':<br /> mkdir -p /tmp/spacewalk/<br /> cd /tmp/spacewalk/<br /> mkdir -p /usr/share/rhn/<br /> wget http://spacewalk.tdkc.com/pub/register/ubuntu-1404/apt-transport-spacewalk-1.0.6-2.1.all-deb.deb http://spacewalk.tdkc.com/pub/register/ubuntu-1404/libgudev-1.0-0-1-204-5ubuntu20.22.amd64-deb.deb http://spacewalk.tdkc.com/pub/register/ubuntu-1404/libnl1-1.1-8ubuntu1.amd64-deb.deb http://spacewalk.tdkc.com/pub/register/ubuntu-1404/python-dbus-1.2.0-2build2.amd64-deb.deb http://spacewalk.tdkc.com/pub/register/ubuntu-1404/python-dbus-dev-1.2.0-2build2.all-deb.deb http://spacewalk.tdkc.com/pub/register/ubuntu-1404/python-dmidecode-3.10.13-3.amd64-deb.deb http://spacewalk.tdkc.com/pub/register/ubuntu-1404/python-ethtool-0.7-1.1.amd64-deb.deb http://spacewalk.tdkc.com/pub/register/ubuntu-1404/python-gi-3.12.0-1ubuntu1.amd64-deb.deb http://spacewalk.tdkc.com/pub/register/ubuntu-1404/python-gobject-2-2.28.6-12build1.amd64-deb.deb http://spacewalk.tdkc.com/pub/register/ubuntu-1404/python-gobject-3.12.0-1ubuntu1.all-deb.deb http://spacewalk.tdkc.com/pub/register/ubuntu-1404/python-gudev-147.2-3.amd64-deb.deb http://spacewalk.tdkc.com/pub/register/ubuntu-1404/python-libxml2-2.9.1+dfsg1-3ubuntu4.8.amd64-deb.deb http://spacewalk.tdkc.com/pub/register/ubuntu-1404/python-newt-0.52.15-2ubuntu5.amd64-deb.deb http://spacewalk.tdkc.com/pub/register/ubuntu-1404/python-rhn-2.5.52-1.all-deb.deb http://spacewalk.tdkc.com/pub/register/ubuntu-1404/python-support-1.0.15-X.all-deb.deb http://spacewalk.tdkc.com/pub/register/ubuntu-1404/rhncfg-5.10.14-1ubuntu1-saucy2.all-deb.deb http://spacewalk.tdkc.com/pub/register/ubuntu-1404/rhn-client-tools-1.8.26-4-ubuntu14.04.1-ppa1.amd64-deb.deb http://spacewalk.tdkc.com/pub/register/ubuntu-1404/rhnsd-4.9.15-1.amd64-deb.deb<br /> dpkg -i *.deb<br /> wget http://spacewalk.tdkc.com/pub/RHN-ORG-TRUSTED-SSL-CERT -O /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT<br /> apt-get -y install rhn-client-tools apt-transport-spacewalk python-rhn rhnsd python-libxml2<br /> wget http://spacewalk.tdkc.com/pub/register/rhncfg-5.10.14-1ubuntu1-saucy2.all-deb.deb<br /> dpkg -i rhncfg-5.10.14-1ubuntu1-saucy2.all-deb.deb <br /> sed -i 's/if not self.allow_none:/#if not self.allow_none:/' /usr/lib/python2.7/xmlrpclib.py<br /> sed -i 's/raise TypeError, &quot;cannot marshal None unless allow_none is enabled&quot;/#raise TypeError, &quot;cannot marshal None unless allow_none is enabled&quot;/' /usr/lib/python2.7/xmlrpclib.py<br /> apt-get install python-libxml2<br /> mkdir -p /var/lock/subsys<br /> rhnreg_ks --activationkey=1-ubuntu-1404 --serverUrl=http://spacewalk.tdkc.com/XMLRPC --force <br /> rhn-actions-control --enable-run<br /> rhn_check<br /> rhncfg-client get<br /> echo 'deb spacewalk://spacewalk.tdkc.com/XMLRPC channels: main ubuntu-1404-custom ubuntu-1404-security ubuntu-1404-updates' &gt; /etc/apt/sources.list.d/spacewalk.list<br /> mv /etc/apt/sources.list /etc/apt/sources.list.bak<br /> mkdir -p /var/spool/rhn<br /> cd /tmp<br /> rm -rf /tmp/spacewalk/<br /> apt-get update<br /> sleep 10<br /> apt-get update<br /> <br /> ==== Ubuntu 15.10 ====<br /> Run the following as '''ROOT''':<br /> mkdir -p /tmp/spacewalk/<br /> cd /tmp/spacewalk/<br /> #wget http://spacewalk.tdkc.com/download/package/9a990879fd7d446a221fb1beecb9386b4193b9dd/1486533691738/2/74389/apt-transport-spacewalk-1.0.6-4.1.all-deb.deb http://spacewalk.tdkc.com/download/package/1fe2d5c78bb3a4bcffd210bc38a55809c7cb493f/1486533709647/2/74390/libgudev-1.0-0-1:230-2.amd64-deb.deb http://spacewalk.tdkc.com/download/package/0c38f9a52f4cdefd3ab2a29e574d215f99e3905e/1486533717989/2/74391/libnl-route-3-200-3.2.26-1.amd64-deb.deb http://spacewalk.tdkc.com/download/package/6230d4117a0a9c2ec92e348696efe3befad4355f/1486533730178/2/74393/python-cffi-1.1.2-1ubuntu2.all-deb.deb http://spacewalk.tdkc.com/download/package/4ca9d34787524960ef65707edda3f05353029408/1486533739004/2/74394/python-cffi-backend-1.1.2-1ubuntu2.amd64-deb.deb http://spacewalk.tdkc.com/download/package/d85db44c341d453689819112feb6150e9e14916d/1486533748338/2/74395/python-cryptography-1.0.1-1ubuntu1.amd64-deb.deb http://spacewalk.tdkc.com/download/package/2b6ee8eddeee8532995e732212aa590e6780cc6e/1486533757114/2/74396/python-dbus-1.2.0-2build3.amd64-deb.deb http://spacewalk.tdkc.com/download/package/73437d3050ecbc99ce5e0b52f9236963d327f1fd/1486533777174/2/74397/python-dbus-dev-1.2.0-2build3.all-deb.deb http://spacewalk.tdkc.com/download/package/ad71b97a51a6d2d41ef0169c9d2ab2e146f09a1e/1486533790037/2/74398/python-dmidecode-3.12.2-1.amd64-deb.deb http://spacewalk.tdkc.com/download/package/645ea178fa3d1d9109a630054e40650116118edf/1486533799975/2/74399/python-enum34-1.0.4-2.all-deb.deb http://spacewalk.tdkc.com/download/package/7fddb9738fe66b922e505e8258125cf2f3556734/1486533809243/2/74400/python-ethtool-0.11-3.amd64-deb.deb http://spacewalk.tdkc.com/download/package/9db7758c9f44c5600100046e022e7e78ee285d9c/1486533818862/2/74401/python-gi-3.16.2-1build1.amd64-deb.deb http://spacewalk.tdkc.com/download/package/45b505436891a30e5038f98f1125e5c8faf87255/1486533827584/2/73063/python-gobject-2-2.28.6-12build1.amd64-deb.deb http://spacewalk.tdkc.com/download/package/e3b34a2322fbc36ea1f14f5629402eed3a341345/1486533838570/2/74402/python-gobject-3.16.2-1build1.all-deb.deb http://spacewalk.tdkc.com/download/package/cac91472f41247a71e0cdfc09dc9ced6aa191808/1486533847044/2/73066/python-gudev-147.2-3.amd64-deb.deb http://spacewalk.tdkc.com/download/package/bc96ea69767e2929b0d42089e21306eed4a70c96/1486533855510/2/74403/python-idna-2.0-3.all-deb.deb http://spacewalk.tdkc.com/download/package/22a736afd87c57cc10b5d66077d68d96bbe2e303/1486533863520/2/74404/python-ipaddress-1.0.14-2.all-deb.deb http://spacewalk.tdkc.com/download/package/16d798f91c1736ea0b8cc85ae10ebc425ecfb20c/1486533872744/2/74405/python-libxml2-2.9.2+zdfsg1-4ubuntu0.4.amd64-deb.deb http://spacewalk.tdkc.com/download/package/2df719267a55d9e7f45eda9a9b5f2f54bf28efe8/1486533882046/2/74406/python-newt-0.52.18-1ubuntu1.amd64-deb.deb http://spacewalk.tdkc.com/download/package/24e041a6f29874de148225d3d3d42a035bc399a5/1486533891902/2/74408/python-openssl-0.15.1-2build1.all-deb.deb http://spacewalk.tdkc.com/download/package/2a18f3173b2af6c901f19631571170ee909482f5/1486533901275/2/74409/python-pkg-resources-18.4-1.all-deb.deb http://spacewalk.tdkc.com/download/package/83c2bfd93db39cc2976bfb242ba35ec15dd4ec19/1486533909664/2/74410/python-ply-3.7-1.all-deb.deb http://spacewalk.tdkc.com/download/package/ca446abc1e8472df4de42930170f6e3993a074c0/1486533925603/2/74411/python-pyasn1-0.1.8-2.all-deb.deb http://spacewalk.tdkc.com/download/package/2c37e07e157e58310e68b331bdcf74da4be2fdb7/1486533934180/2/74413/python-pycparser-2.14+dfsg-2build1.all-deb.deb http://spacewalk.tdkc.com/download/package/3200828f2c633a17a6776d8a8387c3144795c12c/1486533943711/2/74414/python-rhn-2.5.55-2.all-deb.deb http://spacewalk.tdkc.com/download/package/43e0245e31ec67a9c1bf508c8710f52a134af713/1486533958421/2/74415/python-six-1.9.0-5.all-deb.deb http://spacewalk.tdkc.com/download/package/683688494c9a41c085211fb8ecc7cf2fca3a82c1/1486533966846/2/74416/rhn-client-tools-1.8.26-4.amd64-deb.deb http://spacewalk.tdkc.com/download/package/1464b7a0f4d17718fe9eb2262df30a3e6c0bade3/1486533975390/2/74417/rhnsd-5.0.4-3.amd64-deb.deb http://spacewalk.tdkc.com/download/package/4100a3dcc3bde6c366888af2fc264e498167dddf/1486534916145/2/73403/rhncfg-5.10.14-1ubuntu1~saucy2.all-deb.deb<br /> wget http://spacewalk.tdkc.com/pub/RHN-ORG-TRUSTED-SSL-CERT -O /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT<br /> apt-get -y install rhn-client-tools apt-transport-spacewalk python-rhn rhnsd python-libxml2<br /> wget http://spacewalk.tdkc.com/pub/register/rhncfg-5.10.14-1ubuntu1-saucy2.all-deb.deb<br /> dpkg -i rhncfg-5.10.14-1ubuntu1-saucy2.all-deb.deb <br /> #dpkg -i *.deb<br /> sed -i 's/if not self.allow_none:/#if not self.allow_none:/' /usr/lib/python2.7/xmlrpclib.py<br /> sed -i 's/raise TypeError, &quot;cannot marshal None unless allow_none is enabled&quot;/#raise TypeError, &quot;cannot marshal None unless allow_none is enabled&quot;/' /usr/lib/python2.7/xmlrpclib.py<br /> mkdir -p /var/lock/subsys<br /> rhnreg_ks --activationkey=1-ubuntu-1510 --serverUrl=http://spacewalk.tdkc.com/XMLRPC --force <br /> rhn-actions-control --enable-run<br /> rhn_check<br /> rhncfg-client get<br /> echo 'deb spacewalk://spacewalk.tdkc.com/XMLRPC channels: main ubuntu-1510-custom ubuntu-1510-security ubuntu-1510-updates' &gt; /etc/apt/sources.list.d/spacewalk.list<br /> mv /etc/apt/sources.list /etc/apt/sources.list.bak<br /> mkdir -p /var/spool/rhn<br /> cd /tmp<br /> rm -rf /tmp/spacewalk/<br /> apt-get update<br /> sleep 10<br /> apt-get update<br /> <br /> &lt;br&gt;<br /> ==Files Managed By Spacewalk==<br /> = Files Managed By Spacewalk = <br /> == /etc/sssd/sssd.conf ==<br /> This File is here to ensure proper configuration of the SSSD clients.<br /> <br /> By Default SSSD does not configure itself with all of the needed settings. <br /> <br /> == /etc/sudoers.d/master-sudoers ==<br /> This file is managed by spacewalk to ensure all machines are compliant with the concept of least privilege.<br /> <br /> The % refers to groups<br /> <br /> Adding '''TDKC\\''' in front of groups and users allow likewise joined servers (without the '''/opt/pbis/bin/config AssumeDefaultDomain true''' command run) to be compatible with the sudoers file.<br /> <br /> For in-depth information on this file please refer to https://linux.die.net/man/5/sudoers.<br /> <br /> == /etc/sysconfig/rhn/rhnsd ==<br /> This file is managed by spacewalk to reduce the amount of time that the clients check in with spacewalk. The Default is 4 hours. Setting the INTERVAL to 60 (the lowest it allows) tells the clients to check in once an hour. <br /> <br /> == /etc/profile.d/security_lockdowns.sh ==<br /> This file is managed by spacewalk to provide the spacewalk clients with the proper profile lockdowns.<br /> <br /> TMOUT refers to the amount of Idle time a session is allowed, in seconds. If a user is idle for this length of time they will be automatically logged off.<br /> <br /> &lt;br&gt;<br /> ==General Linux Commands and Scripts==<br /> = General Linux Commands and Scripts =<br /> == Create Keytab file for adjoin user ==<br /> Run the following code as '''ROOT''':<br /> <br /> yum -y install krb5-workstation<br /> ktutil<br /> addent -password -p adjoin@TDKC.COM -k 1 -e RC4-HMAC<br /> '''&lt;enter password for username&gt;'''<br /> wkt adjoin.keytab <br /> q<br /> <br /> == Joining CentOS 7 Server to Active Directory (AD) ==<br /> You must first join the Spacewalk server:<br /> [[Admin/Spacewalk_Install#CentOS_7 | Join CentOS 7 to Spacewalk]]<br /> <br /> Run the following code as '''ROOT''':<br /> <br /> # Install Required Software<br /> yum install -y realmd samba samba-common oddjob oddjob-mkhomedir sssd adcli sssd-tools samba-libs krb5-workstation<br /> <br /> # Get Keytab for authentication<br /> wget -q http://spacewalk.tdkc.com/pub/join/adjoin.keytab -O /root/adjoin.keytab<br /> <br /> kinit -k -t /root/adjoin.keytab adjoin@TDKC.COM<br /> <br /> # Leave all realms (this is only really needed if you are previously joined)<br /> realm leave<br /> sleep 5<br /> <br /> # Join the Domain using an admin account and place the computer in the Servers OU<br /> realm join --no-password --computer-ou=&quot;ou=VMs,OU=TDKCMachines,dc=tdkc,dc=com&quot; &quot;tdkc.com&quot;<br /> sleep 15<br /> <br /> # Pull the Corrected configuration file from Spacewalk <br /> systemctl stop sssd<br /> rm -rf /var/lib/sss/db/*<br /> rhncfg-client get<br /> systemctl start sssd<br /> sleep 10<br /> systemctl restart sssd<br /> <br /> # Remove Keytab File<br /> rm -rf /root/adjoin.keytab<br /> <br /> # Test to make sure it worked<br /> id droessner<br /> <br /> == Joining Ubuntu Server to Active Directory (AD) ==<br /> You must first join the Spacewalk server:<br /> [[Admin/Spacewalk_Install#Ubuntu_12.04 | Join Ubuntu Server to Spacewalk]]<br /> <br /> Run the following code as '''ROOT''':<br /> <br /> # Download PBIS Script<br /> wget http://spacewalk.tdkc.com/pub/pbis/pbis-open-8.0.1.2029.linux.x86_64.deb.sh<br /> bash pbis-open-8.0.1.2029.linux.x86_64.deb.sh<br /> <br /> Answer the Script's Questions:<br /> # Would you like to install package for legacy links? '''yes'''<br /> # Would you like to install now? '''yes'''<br /> <br /> # Cleanup after script<br /> rm -rf pbis-open-8.0.1.2029.linux.x86_64.deb pbis-open-8.0.1.2029.linux.x86_64.deb.sh<br /> <br /> #'''****ONLY RUN THIS ON 15.10****'''<br /> cat &lt;&lt;EOF&gt; /lib/systemd/system/lwsmd.service<br /> [Unit]<br /> Description=BeyondTrust PBIS Service Manager<br /> After=network.target<br /> <br /> [Service]<br /> Type=forking<br /> EnvironmentFile=/opt/pbis/libexec/init-base.sh<br /> ExecStart=/opt/pbis/sbin/lwsmd --start-as-daemon<br /> ExecReload=/opt/pbis/bin/lwsm refresh<br /> ExecStop=/opt/pbis/bin/lwsm shutdown<br /> # We want systemd to give lwsmd some time to finish gracefully, but still want<br /> # it to kill lwsmd after TimeoutStopSec if something went wrong during the<br /> # graceful stop. Normally, Systemd sends SIGTERM signal right after the<br /> # ExecStop, which would kill lwsmd. We are sending useless SIGCONT here to give<br /> # lwsmd time to finish.<br /> KillSignal=SIGCONT<br /> PrivateTmp=true<br /> <br /> [Install]<br /> WantedBy=multi-user.target nss-lookup.target<br /> EOF<br /> cd /etc/systemd/system<br /> ln -s /lib/systemd/system/lwsmd.service<br /> systemctl enable lwsmd.service<br /> systemctl start lwsmd.service<br /> <br /> # Join the Domain<br /> domainjoin-cli join --ou &quot;ou=VMs,OU=TDKCMachines,dc=tdkc,dc=com&quot; TDKC.COM '''&lt;DOMAIN_ADMIN&gt;'''@tdkc.com<br /> <br /> # Make PBIS Assume the Default Domain<br /> /opt/pbis/bin/config AssumeDefaultDomain true<br /> <br /> # Test to make sure it worked<br /> id droessner@tdkc.com<br /> <br /> # Reboot Server<br /> reboot<br /> '''Note:''' You need to login using full domain name.. i.e. droessner@tdkc.com<br /> <br /> == Joining CentOS 5/6 Server to Active Directory (AD) ==<br /> You must first join the Spacewalk server:<br /> [[Admin/Spacewalk_Install#CentOS_6 | Join CentOS 6 Server to Spacewalk]]<br /> <br /> Run the following code as '''ROOT''':<br /> <br /> # Install Required Software<br /> yum -y install pbis-open<br /> <br /> # Join the Domain<br /> domainjoin-cli join --ou &quot;ou=VMs,OU=TDKCMachines,dc=tdkc,dc=com&quot; TDKC.COM '''&lt;DOMAIN_ADMIN&gt;'''@tdkc.com<br /> <br /> # Make PBIS Assume the Default Domain<br /> /opt/pbis/bin/config AssumeDefaultDomain true<br /> <br /> # Test to make sure it worked<br /> id droessner@tdkc.com<br /> <br /> # Reboot Server<br /> reboot<br /> '''Note:''' You need to login using full domain name.. i.e. droessner@tdkc.com<br /> <br /> == Modify Local User Accounts ==<br /> Run the following code as '''ROOT''':<br /> <br /> usermod -l cpowell-local cpowell<br /> usermod -l jwalrath-local jwalrath<br /> mv /home/cpowell /home/cpowell-local<br /> mv /home/jwalrath /home/jwalrath-local<br /> <br /> == Restrict Users from Ubuntu Linux Login ==<br /> The Following command will enable the access security on the Server:<br /> grep -q pam_access.so /etc/pam.d/common-account &amp;&amp; echo &quot;Already There!&quot; || sed -i '1s/^/account required pam_access.so\n/' /etc/pam.d/common-account<br /> The Following commands will create a default access config file:<br /> echo '+ : root : ALL' &gt; /etc/security/access.conf<br /> echo '+ : TDKC\domain^admins : ALL' &gt;&gt; /etc/security/access.conf<br /> echo '+ : TDKC\subcontractors : ALL' &gt;&gt; /etc/security/access.conf<br /> echo '- : TDKC\domain^users : ALL' &gt;&gt; /etc/security/access.conf<br /> echo '- : ALL : ALL' &gt;&gt; /etc/security/access.conf<br /> <br /> The file is read from Top to bottom so if the user is denied on line 1 but allowed on line 2, the user is Denied access. (The first match wins)<br /> <br /> '''Legend:'''<br /> * The First Column:<br /> + = Allow Access<br /> - = Deny Access<br /> * The Second Column: <br /> user / group to be denied or allowed<br /> * The Third Column:<br /> The location the user is connecting from<br /> <br /> For more information please refer to https://linux.die.net/man/5/access.conf<br /> <br /> == Add Client to Elastic Stack ==<br /> === CentOS 7 ===<br /> Copy the SSL certificate from elastic.tdkc.com to the client:<br /> scp /etc/pki/tls/certs/logstash-forwarder.crt '''user'''@'''client''':/tmp<br /> <br /> Copy the filebeat.yml file from a reference machine:<br /> scp /etc/filebeat/filebeat.yml '''user'''@'''client''':/tmp<br /> <br /> Run the following code as '''Root''':<br /> mkdir -p /etc/pki/tls/certs<br /> cp /tmp/logstash-forwarder.crt /etc/pki/tls/certs/<br /> rpm --import http://packages.elastic.co/GPG-KEY-elasticsearch<br /> vi /etc/yum.repos.d/elastic-beats.repo<br /> <br /> Edit the open file to contain the following:<br /> [elastic-5.x]<br /> name=Elastic repository for 5.x packages<br /> baseurl=https://artifacts.elastic.co/packages/5.x/yum<br /> gpgcheck=1<br /> gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch<br /> enabled=1<br /> autorefresh=1<br /> type=rpm-md<br /> <br /> Run the following code as '''Root''':<br /> yum -y install filebeat<br /> chown root:root /tmp/filebeat.yml<br /> mv /tmp/filebeat.yml /etc/filebeat/filebeat.yml<br /> systemctl start filebeat<br /> systemctl enable filebeat<br /> systemctl restart filebeat<br /> systemctl status filebeat<br /> <br /> Ensure that the &quot;TLS&quot; section of filebeat.yml is labled &quot;SSL&quot;, it was changed in a recent version.<br /> <br /> &lt;br&gt;<br /> ==Network layout information==<br /> === DHCP Reservation Preservation ===<br /> Export all current reservations as a CSV file<br /> Sort by IP address and create new a new CSV file per subnet/vlan<br /> Create new DHCP scopes<br /> Import the matching CSV file per subnet/vlan<br /> <br /> <br /> === VLAN Structure ===<br /> <br /> One subnet to a vlan<br /> 10.179.0.0/24 = VLAN 500 - Virtual machine network<br /> 10.179.1.0/24 = VLAN 501 - Infrastructure - WAP's, switches, printers, physical servers, UPS<br /> 10.179.2.0/24 = VLAN 502 - Company Owned computers/have reservations - Wired<br /> 10.179.3.0/24 = VLAN 503 - Company Owned computers/have reservations - Wireless<br /> 10.179.4.0/24 = VLAN 504 - Company or user owned trusted devices but no reservations<br /> 10.179.5.0/24 = VLAN 505 - Growth, not currently in use<br /> 10.179.6.0/24 = VLAN 506 - Growth, not currently in use<br /> 10.179.7.0/24 = VLAN 507 - VPN pool - used by remote users - connectivity needs to be tested manually</div> Admin http://wiki.dersllc.com/index.php?title=DevNet&diff=52 DevNet 2023-06-02T19:43:56Z <p>Admin: </p> <hr /> <div>= Spacewalk Documentation =<br /> == Lockdown Scripts ==<br /> #raw<br /> printf &quot; Locking Down CentOS 7: &quot;<br /> /bin/bash /tmp/status.sh &amp; <br /> <br /> echo 'CCE-27053-8 - Set Password Hashing Algorithm in /etc/libuser.conf' &gt;&gt; /root/ks-lockdown.log<br /> sed -i 's~crypt_style.*~crypt_style = sha512~' /etc/libuser.conf <br /> <br /> yum -y remove vasclnt &amp;&gt; /dev/null<br /> yum -y install clamav &amp;&gt; /dev/null<br /> <br /> echo 'Installing oscap' &gt;&gt; /root/ks-lockdown.log<br /> yum -y --nogpgcheck install spacewalk-oscap scap-security-guide &amp;&gt;&gt; /root/ks-lockdown.log<br /> sed -i '/&lt;platform idref=&quot;cpe:\/o:redhat:enterprise_linux:7&quot;\/&gt;/a \ \ &lt;platform idref=&quot;cpe:\/o:centos:centos:7&quot; \/&gt;' /usr/share/xml/scap/ssg/content/ssg-rhel7-xccdf.xml<br /> #sed -i 's~idref=&quot;audit_rules_privileged_commands&quot; selected=&quot;.*&quot;~idref=&quot;audit_rules_privileged_commands&quot; selected=&quot;false&quot;~' /usr/share/xml/scap/ssg/content/ssg-centos7-xccdf.xml<br /> /usr/bin/oscap xccdf eval --profile stig-rhel7-server-upstream --remediate /usr/share/xml/scap/ssg/content/ssg-rhel7-xccdf.xml &amp;&gt;&gt; /root/ks-lockdown.log<br /> sed -i &quot;s/MACs/\\nMACs/&quot; /etc/ssh/sshd_config <br /> /usr/bin/oscap xccdf eval --profile stig-rhel7-server-upstream --oval-results --results ssg-rhel7-xccdf.xml.result.xml /usr/share/xml/scap/ssg/content/ssg-rhel7-xccdf.xml &amp;&gt;&gt; /root/ks-lockdown.log<br /> /usr/bin/oscap xccdf generate report --oval-template ssg-rhel7-oval.xml.result.xml ssg-rhel7-xccdf.xml.result.xml &gt; /root/stig-report-xccdf-oval.html<br /> <br /> echo 'CVE-2004-1653' &gt;&gt; /root/ks-lockdown.log<br /> cat /etc/ssh/sshd_config | grep -q &quot;\#AllowTcpForwarding yes&quot; &amp;&amp; sed -i 's/\#AllowTcpForwarding yes/AllowTcpForwarding no/' /etc/ssh/sshd_config || sed -i '$a\CVE-2004-1653 (1 of 2) Already complete' /root/ks-lockdown.log<br /> cat /etc/ssh/sshd_config | grep -q &quot;AllowTcpForwarding yes&quot; &amp;&amp; sed -i 's/AllowTcpForwarding yes/AllowTcpForwarding no/' /etc/ssh/sshd_config || sed -i '$a\CVE-2004-1653 (2 of 2)Already complete' /root/ks-lockdown.log<br /> <br /> echo 'CVE-2007-2243' &gt;&gt; /root/ks-lockdown.log<br /> cat /etc/ssh/sshd_config | grep -q &quot;\#ChallengeResponseAuthentication yes&quot; &amp;&amp; sed -i 's/\#ChallengeResponseAuthentication yes/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config || sed -i '$a\CVE-2007-2243 (1 of 2) Already complete' /root/ks-lockdown.log <br /> cat /etc/ssh/sshd_config | grep -q &quot;ChallengeResponseAuthentication yes&quot; &amp;&amp; sed -i 's/ChallengeResponseAuthentication yes/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config || sed -i '$a\CVE-2007-2243 (2 of 2) Already complete' /root/ks-lockdown.log <br /> <br /> STATUSPID=`ps -ef | grep status| egrep -v grep | head -1 | awk '{print $2}'`<br /> kill $STATUSPID<br /> printf &quot;\b\b\b\b\b\b\b\b&quot;<br /> echo -e &quot;[ \e[1;32mOK\e[0;39m ]&quot;<br /> #end raw<br /> <br /> https://copr-be.cloud.fedoraproject.org/results/openscapmaint/openscap-latest/epel-7-x86_64/<br /> <br /> = Spacewalk Installation Instructions =<br /> == Installing Spacewalk ==<br /> <br /> [https://fedorahosted.org/spacewalk/wiki/HowToInstall How-to]<br /> <br /> == Joining a Client (Centos 6) to Spacewalk ==<br /> '''On the Client as root, run:'''<br /> mkdir reg-rpms<br /> cd reg-rpms<br /> wget http://spacewalk/pub/register/rhn-check-2.2.7-1.el6.noarch.rpm http://spacewalk/pub/register/rhn-client-tools-2.2.7-1.el6.noarch.rpm http://spacewalk/pub/register/rhn-setup-2.2.7-1.el6.noarch.rpm http://spacewalk/pub/register/rhncfg-5.10.73-1.el6.noarch.rpm http://spacewalk/pub/register/rhncfg-actions-5.10.73-1.el6.noarch.rpm http://spacewalk/pub/register/rhncfg-client-5.10.73-1.el6.noarch.rpm http://spacewalk/pub/register/rhnsd-5.0.14-1.el6.x86_64.rpm http://spacewalk/pub/register/yum-rhn-plugin-2.2.7-1.el6.noarch.rpm http://spacewalk/pub/register/m2crypto-0.20.2-9.el6.x86_64.rpm http://spacewalk/pub/register/python-dmidecode-3.10.13-3.el6_4.x86_64.rpm http://spacewalk/pub/register/python-gudev-147.1-4.el6_0.1.x86_64.rpm http://spacewalk/pub/register/python-hwdata-1.7.3-1.el6.noarch.rpm <br /> yum -y localinstall rhn-setup-2.2.7-1.el6.noarch.rpm rhnsd-5.0.14-1.el6.x86_64.rpm rhn-check-2.2.7-1.el6.noarch.rpm rhn-client-tools-2.2.7-1.el6.noarch.rpm yum-rhn-plugin-2.2.7-1.el6.noarch.rpm m2crypto-0.20.2-9.el6.x86_64.rpm python-dmidecode-3.10.13-3.el6_4.x86_64.rpm python-hwdata-1.7.3-1.el6.noarch.rpm python-gudev-147.1-4.el6_0.1.x86_64.rpm<br /> cd ..<br /> rm -rf reg-rpms<br /> mkdir keys<br /> cd keys<br /> wget http://spacewalk.devnet.prv/pub/keys/RPM-GPG-KEY-EPEL-6 http://spacewalk.devnet.prv/pub/keys/RPM-GPG-KEY-CentOS-6 http://spacewalk.devnet.prv/pub/keys/RPM-GPG-KEY-EPEL-7 http://spacewalk.devnet.prv/pub/keys/RPM-GPG-KEY-CentOS-7 http://spacewalk.devnet.prv/pub/keys/RPM-GPG-KEY-redhat-release5 http://spacewalk.devnet.prv/pub/keys/RPM-GPG-KEY-redhat-release6 http://spacewalk.devnet.prv/pub/keys/RPM-GPG-KEY-spacewalk-2014 http://spacewalk.devnet.prv/pub/keys/RPM-GPG-KEY-spacewalk-2012 http://spacewalk.devnet.prv/pub/keys/RPM-GPG-KEY-spacewalk-2010 http://spacewalk.devnet.prv/pub/keys/RPM-GPG-KEY-spacewalk-2008<br /> rpm --import *<br /> cd ..<br /> rm -rf keys/<br /> mkdir -p /etc/sysconfig/rhn/allowed-actions/script<br /> touch /etc/sysconfig/rhn/allowed-actions/script/run<br /> mkdir -p /etc/sysconfig/rhn/allowed-actions/configfiles<br /> touch /etc/sysconfig/rhn/allowed-actions/configfiles/all<br /> mkdir -p /usr/share/rhn/<br /> wget http://spacewalk.devnet.prv/pub/RHN-ORG-TRUSTED-SSL-CERT -O /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT <br /> perl -npe 's/RHNS-CA-CERT/RHN-ORG-TRUSTED-SSL-CERT/g' -i /etc/sysconfig/rhn/*<br /> rhnreg_ks --serverUrl=https://spacewalk.devnet.prv/XMLRPC --sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT --activationkey=1-97d994ea86b8f4ce665d6ef01546834b,1-centos6<br /> <br /> == Joining a Client (Centos 7) to Spacewalk ==<br /> '''On the Client as root, run:'''<br /> mkdir reg-rpms<br /> cd reg-rpms<br /> wget http://spacewalk/pub/register/centos7/jabberpy-0.5-0.27.el7.noarch.rpm http://spacewalk/pub/register/centos7/osad-5.11.57-1.el7.noarch.rpm http://spacewalk/pub/register/centos7/python-hwdata-1.7.3-4.el7.noarch.rpm http://spacewalk/pub/register/centos7/rhncfg-5.10.83-1.el7.noarch.rpm http://spacewalk/pub/register/centos7/rhncfg-actions-5.10.83-1.el7.noarch.rpm http://spacewalk/pub/register/centos7/rhncfg-client-5.10.83-1.el7.noarch.rpm http://spacewalk/pub/register/centos7/rhn-check-2.3.16-1.el7.noarch.rpm http://spacewalk/pub/register/centos7/rhn-client-tools-2.3.16-1.el7.noarch.rpm http://spacewalk/pub/register/centos7/rhnsd-5.0.15-1.el7.x86_64.rpm http://spacewalk/pub/register/centos7/rhn-setup-2.3.16-1.el7.noarch.rpm http://spacewalk/pub/register/centos7/yum-rhn-plugin-2.3.3-1.el7.noarch.rpm http://spacewalk/pub/register/centos7/osa-common-5.11.57-1.el7.noarch.rpm http://spacewalk/pub/register/centos7/rhnlib-2.5.75-1.el7.noarch.rpm http://spacewalk/pub/register/centos7/systemd-sysv-208-20.el7.x86_64.rpm http://spacewalk/pub/register/centos7/systemd-208-20.el7.x86_64.rpm http://spacewalk/pub/register/centos7/python-2.7.5-16.el7.x86_64.rpm http://spacewalk/pub/register/centos7/libnl-1.1.4-3.el7.x86_64.rpm http://spacewalk/pub/register/centos7/libxml2-python-2.9.1-5.el7_0.1.x86_64.rpm http://spacewalk/pub/register/centos7/m2crypto-0.21.1-15.el7.x86_64.rpm http://spacewalk/pub/register/centos7/pygobject2-2.28.6-11.el7.x86_64.rpm http://spacewalk/pub/register/centos7/pyOpenSSL-0.13.1-3.el7.x86_64.rpm http://spacewalk/pub/register/centos7/python-dmidecode-3.10.13-11.el7.x86_64.rpm http://spacewalk/pub/register/centos7/python-ethtool-0.8-5.el7.x86_64.rpm http://spacewalk/pub/register/centos7/usermode-1.111-5.el7.x86_64.rpm http://spacewalk/pub/register/centos7/python-gudev-147.2-7.el7.x86_64.rpm http://spacewalk/pub/register/centos7/libxml2-python-2.9.1-5.el7_1.2.x86_64.rpm<br /> yum -y localinstall jabberpy-0.5-0.27.el7.noarch.rpm python-hwdata-1.7.3-4.el7.noarch.rpm rhncfg-actions-5.10.83-1.el7.noarch.rpm rhn-check-2.3.16-1.el7.noarch.rpm rhnsd-5.0.15-1.el7.x86_64.rpm yum-rhn-plugin-2.3.3-1.el7.noarch.rpm osad-5.11.57-1.el7.noarch.rpm rhncfg-5.10.83-1.el7.noarch.rpm rhncfg-client-5.10.83-1.el7.noarch.rpm rhn-client-tools-2.3.16-1.el7.noarch.rpm rhn-setup-2.3.16-1.el7.noarch.rpm systemd-sysv-208-20.el7.x86_64.rpm rhnlib-2.5.75-1.el7.noarch.rpm osa-common-5.11.57-1.el7.noarch.rpm libnl-1.1.4-3.el7.x86_64.rpm m2crypto-0.21.1-15.el7.x86_64.rpm pygobject2-2.28.6-11.el7.x86_64.rpm pyOpenSSL-0.13.1-3.el7.x86_64.rpm python-dmidecode-3.10.13-11.el7.x86_64.rpm python-ethtool-0.8-5.el7.x86_64.rpm usermode-1.111-5.el7.x86_64.rpm python-gudev-147.2-7.el7.x86_64.rpm libxml2-python-2.9.1-5.el7_1.2.x86_64.rpm<br /> cd ..<br /> rm -rf reg-rpms<br /> mkdir keys<br /> cd keys<br /> wget http://spacewalk.devnet.prv/pub/keys/RPM-GPG-KEY-EPEL-6 http://spacewalk.devnet.prv/pub/keys/RPM-GPG-KEY-CentOS-6 http://spacewalk.devnet.prv/pub/keys/RPM-GPG-KEY-EPEL-7 http://spacewalk.devnet.prv/pub/keys/RPM-GPG-KEY-CentOS-7 http://spacewalk.devnet.prv/pub/keys/RPM-GPG-KEY-redhat-release5 http://spacewalk.devnet.prv/pub/keys/RPM-GPG-KEY-redhat-release6 http://spacewalk.devnet.prv/pub/keys/RPM-GPG-KEY-spacewalk-2014 http://spacewalk.devnet.prv/pub/keys/RPM-GPG-KEY-spacewalk-2012 http://spacewalk.devnet.prv/pub/keys/RPM-GPG-KEY-spacewalk-2010 http://spacewalk.devnet.prv/pub/keys/RPM-GPG-KEY-spacewalk-2008<br /> rpm --import *<br /> cd ..<br /> rm -rf keys/<br /> mkdir -p /etc/sysconfig/rhn/allowed-actions/script<br /> touch /etc/sysconfig/rhn/allowed-actions/script/run<br /> mkdir -p /etc/sysconfig/rhn/allowed-actions/configfiles<br /> touch /etc/sysconfig/rhn/allowed-actions/configfiles/all<br /> mkdir -p /usr/share/rhn/<br /> wget http://spacewalk.devnet.prv/pub/RHN-ORG-TRUSTED-SSL-CERT -O /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT <br /> perl -npe 's/RHNS-CA-CERT/RHN-ORG-TRUSTED-SSL-CERT/g' -i /etc/sysconfig/rhn/*<br /> rhnreg_ks --serverUrl=https://spacewalk.devnet.prv/XMLRPC --sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT --activationkey=1-centos7<br /> <br /> == Building RPM's ==<br /> https://fedoraproject.org/wiki/How_to_create_an_RPM_package#Preparing_your_system<br /> <br /> == Finding GPG key ID and fingerprint ==<br /> gpg --with-fingerprint RPM-GPG-KEY-redhat-release5<br /> <br /> Output (First highlighted area is the ID and the Second is the fingerprint):<br /> pub 1024D/&lt;span style=&quot;background:#FFFF00&quot;&gt;37017186&lt;/span&gt; 2006-12-06 Red Hat, Inc. (release key) &lt;security@redhat.com&gt;<br /> Key fingerprint = &lt;span style=&quot;background:#FFFF00&quot;&gt;47DB 2877 89B2 1722 B6D9 5DDE 5326 8101 3701 7186&lt;/span&gt;<br /> <br /> == Import GPG key on Servers ==<br /> === Centos 6 ===<br /> wget http://spacewalk.devnet.prv/pub/keys/RPM-GPG-KEY-EPEL-6<br /> wget http://spacewalk.devnet.prv/pub/keys/RPM-GPG-KEY-CentOS-6<br /> rpm --import RPM-GPG-KEY-EPEL-6 RPM-GPG-KEY-CentOS-6<br /> rm -f RPM-GPG-KEY-EPEL-6 RPM-GPG-KEY-CentOS-6<br /> <br /> === Centos 7 ===<br /> wget http://spacewalk.devnet.prv/pub/keys/RPM-GPG-KEY-EPEL-7<br /> wget http://spacewalk.devnet.prv/pub/keys/RPM-GPG-KEY-CentOS-7<br /> rpm --import RPM-GPG-KEY-EPEL-7 RPM-GPG-KEY-CentOS-7<br /> rm -f RPM-GPG-KEY-EPEL-7 RPM-GPG-KEY-CentOS-7<br /> <br /> === RHEL 5 ===<br /> wget http://spacewalk.devnet.prv/pub/keys/RPM-GPG-KEY-redhat-release5<br /> rpm --import RPM-GPG-KEY-redhat-release5<br /> rm -f RPM-GPG-KEY-redhat-release5<br /> <br /> === RHEL 6 ===<br /> wget http://spacewalk.devnet.prv/pub/keys/RPM-GPG-KEY-redhat-release6<br /> wget http://spacewalk.devnet.prv/pub/keys/RPM-GPG-KEY-EPEL-6<br /> rpm --import RPM-GPG-KEY-redhat-release6 RPM-GPG-KEY-EPEL-6<br /> rm -f RPM-GPG-KEY-redhat-release6 RPM-GPG-KEY-EPEL-6<br /> <br /> == Configure PXE Booting ==<br /> === Change PXE Menu Names ===<br /> vi /etc/cobbler/pxe/pxeprofile.template<br /> #set $new_name = $profile_name.replace(':1:SpacewalkDefaultOrganization', ' ')<br /> #set $new_menu_label = $menu_label.replace(':1:SpacewalkDefaultOrganization', ' ')<br /> LABEL $new_name<br /> MENU PASSWD<br /> kernel $kernel_path<br /> $new_menu_label<br /> $append_line<br /> ipappend 2<br /> Update PXE files<br /> cobbler sync<br /> cat /var/lib/tftpboot/pxelinux.cfg/default<br /> <br /> === Add Password, Background, and WindowsDeployment to PXE Menu ===<br /> vi /etc/cobbler/pxe/pxedefault.template<br /> DEFAULT vesamenu.c32<br /> PROMPT 0<br /> MENU TITLE DevNet Image Central<br /> MENU BACKGROUND /devnetSplash.png<br /> MENU MARGIN 1<br /> MENU ROWS 15<br /> MENU COLOR BORDER 30;44 #ffffffff #00000000 std<br /> MENU COLOR TITLE 1;36;44 #ffffffff #00000000 std<br /> MENU COLOR UNSEL 37;44 #ffffffff #00000000 std<br /> MENU COLOR TIMEOUT_MSG 37;40 #ffffffff #00000000 std<br /> MENU MASTER PASSWD $1$YVi/j0hL$a6SdxIUHZCA7jFisNZh6O/<br /> TIMEOUT 80<br /> TOTALTIMEOUT 6000<br /> ONTIMEOUT $pxe_timeout_profile<br /> LABEL local<br /> MENU LABEL (Boot Local System)<br /> MENU DEFAULT<br /> LOCALBOOT 0 <br /> $pxe_menu_items<br /> LABEL WindowsDeployment<br /> MENU LABEL Windows Deployment<br /> MENU PASSWD<br /> PXE tftp://10.81.49.27/pxelinux.0 <br /> MENU end<br /> == Setup Pam Authentication w/ VAS ==<br /> * Put the following in /etc/pam.d/rhn-satellite<br /> #%PAM-1.0<br /> auth required pam_env.so<br /> auth sufficient pam_vas3.so<br /> auth required pam_deny.so<br /> account sufficient pam_vas3.so<br /> account requisite pam_vas3.so echo_return<br /> account required pam_unix.so broken_shadow<br /> * Add the following line to /etc/rhn/rhn.conf<br /> pam_auth_service = rhn-satellite<br /> == Troubleshooting ==<br /> === Client Yum Errors ===<br /> '''Error: Cannot retrieve repository metadata (repomd.xml) for repository: &lt;channel&gt; Please verify its path and try again.'''<br /> * Client Side: Check /etc/sysconfig/rhn/up2date and make sure that the spacewalk URL is Fully Qualified.<br /> * Spacewalk Side: Check /var/cache/rhn/repodata/&lt;channel&gt;/<br /> ** If noyumrepo.txt exists log into the Web GUI and manage channels. Make sure that the channel Checksum Type is not set to 'None'.<br /> === Kickstart Errors ===<br /> '''Installing error populating transaction, retrying (1/10)'''<br /> '''error populating transaction after 10 retries: failure: getPackage/&lt;package name&gt; from &lt;repo name&gt;: [Errno 256] No more mirrors to try.'''<br /> * Spacewalk Side: Try running the following command:<br /> chmod -R 777 /var/satellite/redhat/1/<br /> <br /> = Spacewalk Scripts =<br /> ==cleanupPackages==<br /> #!/bin/bash<br /> # Script that uses RHN API to cleanup obsolete packages<br /> # on Spacewalk server.<br /> # Copyright (C) 2012 Nicolas PRADELLES<br /> #<br /> # Author: Nicolas PRADELLES (npradelles@eutelsat.fr)<br /> #<br /> # This library is free software; you can redistribute it and/or<br /> # modify it under the terms of the GNU Lesser General Public<br /> # License as published by the Free Software Foundation; either<br /> # version 2.1 of the License, or (at your option) any later version.<br /> #<br /> # This library is distributed in the hope that it will be useful,<br /> # but WITHOUT ANY WARRANTY; without even the implied warranty of<br /> # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU<br /> # Lesser General Public License for more details.<br /> #<br /> # You should have received a copy of the GNU Lesser General Public<br /> # License along with this library; if not, write to the Free Software<br /> # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA<br /> #<br /> # Version Information:<br /> #<br /> # 0.1 - 2012-04-17 - Nicolas PRADELLES<br /> <br /> LOGIN='droessne'<br /> PASS=''<br /> SRV='localhost'<br /> DIR='/tmp'<br /> <br /> <br /> # extract spacewalk channels<br /> CHANNELS=(`spacecmd -s $SRV -u $LOGIN -p $PASS -q softwarechannel_list`)<br /> # string cleanup to remove &quot;esc[?1034h&quot; in line beginning<br /> CHANNELS=${CHANNELS:8:${#CHANNELS}}<br /> <br /> <br /> TOTALSIZE=0<br /> <br /> # For each channel<br /> for CHANNEL in ${CHANNELS[@]}; do<br /> <br /> echo -e &quot;################\n$CHANNEL\n################&quot;<br /> <br /> <br /> # extract all packages in channel<br /> spacecmd -s $SRV -u $LOGIN -p $PASS -q softwarechannel_listallpackages $CHANNEL &gt; $DIR/$CHANNEL.tmp<br /> sed '1s/^.\{8\}//' $DIR/$CHANNEL.tmp &gt; $DIR/$CHANNEL.all<br /> <br /> sort $DIR/$CHANNEL.all -o $DIR/$CHANNEL.all<br /> <br /> # extract latest packages in channel<br /> spacecmd -s $SRV -u $LOGIN -p $PASS -q softwarechannel_listpackages $CHANNEL &gt; $DIR/$CHANNEL.tmp<br /> sed '1s/^.\{8\}//' $DIR/$CHANNEL.tmp &gt; $DIR/$CHANNEL.latest<br /> sort $DIR/$CHANNEL.latest -o $DIR/$CHANNEL.latest<br /> <br /> # diff to find obsolete packages<br /> comm -23 $DIR/$CHANNEL.all $DIR/$CHANNEL.latest &gt; $DIR/$CHANNEL.old<br /> <br /> DELETED=0<br /> <br /> # if we have found obsolete packages<br /> if [[ `wc -l &lt; $DIR/$CHANNEL.old` -gt 0 ]]; then<br /> # check if the old package is installed on a managed client<br /> while read PACKAGE; do<br /> echo $PACKAGE<br /> SYSTEMS=(`spacecmd -s $SRV -u $LOGIN -p $PASS -q package_listinstalledsystems $PACKAGE`)<br /> SYSTEMS=${SYSTEMS:8:${#SYSTEMS}}<br /> <br /> # If this package is not installed on a managed client<br /> if [[ ${#SYSTEMS[@]} -eq 2 ]]; then<br /> # delete the package in the channel<br /> spacecmd -s $SRV -u $LOGIN -p $PASS -q -y softwarechannel_removepackages $CHANNEL $PACKAGE &gt; /dev/null<br /> let DELETED=$DELETED+1<br /> <br /> fi<br /> done &lt; $DIR/$CHANNEL.old<br /> fi<br /> <br /> echo &quot;$CHANNEL: ALL=`wc -l &lt; $DIR/$CHANNEL.all`, LATEST=`wc -l &lt; $DIR/$CHANNEL.latest`, OLD=`wc -l &lt; $DIR/$CHANNEL.old`, DELETED=$DELETED&quot;<br /> rm -f $DIR/$CHANNEL.*<br /> done<br /> <br /> # delete orphaned packages<br /> spacecmd -s $SRV -u $LOGIN -p $PASS -q -y package_removeorphans &gt; /dev/null<br /> <br /> # delete orphaned packages on disk<br /> spacewalk-data-fsck -r -S -C -O<br /> <br /> ==convertISOtoKickstartTree==<br /> #!/bin/bash<br /> ISO=$1<br /> if [[ $ISO == '' ]]; then<br /> echo &quot;USAGE: convertISOtoKickstartableTree.sh &lt;linux.iso&gt;&quot;<br /> else<br /> NAME=`echo $ISO | rev | cut -d '/' -f 1 | rev | sed 's/-dvd.iso//'`<br /> mkdir -p /kickiso<br /> mount -o loop $ISO /kickiso &gt; 2&amp;&gt;/dev/null<br /> mkdir -p /var/satellite/rhn/kickstart/$NAME<br /> cp -Ruf /kickiso/* /var/satellite/rhn/kickstart/$NAME/<br /> umount /kickiso<br /> rm -rf /kickiso<br /> cd /var/satellite/rhn/kickstart/$NAME <br /> find -type f -name '*.rpm' -exec rm -f {} \;<br /> chmod 777 .<br /> fi<br /> <br /> ==createKickstartISO==<br /> #yum -y install syslinux &amp;&gt; /dev/null<br /> mkdir -p isolinux<br /> rm -rf dren-ks.iso<br /> rm -rf isolinux/*<br /> cp -R /usr/share/syslinux/* isolinux/<br /> cp -a ../centos7-latest/isolinux/* isolinux/<br /> rm -rf isolinux/isolinux.cfg isolinux/splash.png<br /> cp /var/lib/tftpboot/pxelinux.cfg/default isolinux/isolinux.cfg<br /> cp /var/lib/tftpboot/splash.png isolinux/splash.png<br /> sed -i '/vmlinuz/c\ kernel vmlinuz ' isolinux/isolinux.cfg<br /> sed -i 's/\(initrd\).*\(initrd.img\)/initrd=initrd.img/g' isolinux/isolinux.cfg<br /> mkisofs -o dren-ks.iso -c isolinux/boot.cat -b isolinux/isolinux.bin -no-emul-boot -boot-load-size 4 -boot-info-table -J -l -r -T -v -V &quot;DREN Kickstart CD&quot; .<br /> <br /> <br /> <br /> sudo su -<br /> cd /var/satellite/rhn/kickstart/1/ISO<br /> ./createKickstartISO.sh<br /> mv dren-ks.iso &lt;destination directory&gt;<br /> <br /> ==exportAllChannels==<br /> DIRECTORY=&quot;/projects/SpacewalkExports&quot;<br /> CHANNELS=`rhn-satellite-exporter --list-channels | egrep -v '=' | egrep -v Channel | grep 'B\|C' | awk '{ print $2 }'`<br /> mkdir -p $DIRECTORY/working<br /> CMD=&quot; rhn-satellite-exporter --start-date='`cat /usr/share/rhn/scripts/lastexportdate.txt`' --make-isos=dvd -d &quot;$DIRECTORY&quot;/working/&quot;<br /> for channel in $CHANNELS; do<br /> CMD=$CMD&quot; -c &quot;$channel<br /> done<br /> <br /> eval $CMD<br /> <br /> mv $DIRECTORY/working/satellite-isos/*.iso $DIRECTORY/<br /> rsync -a --delete /empty/ $DIRECTORY/working/<br /> #rm -rf $DIRECTORY/working<br /> date +%Y%m%d &gt; /usr/share/rhn/scripts/lastexportdate.txt<br /> <br /> ==findAndGetKickstartTree==<br /> #!/bin/bash<br /> echo '########################################################################' &gt;&gt; /var/log/scripts/findAndGetKickstartTree.log<br /> date &gt;&gt; /var/log/scripts/findAndGetKickstartTree.log<br /> cobbler sync 2&amp;&gt;/dev/null<br /> <br /> CENT7LATEST=`curl --silent http://mirror.centos.org/centos/ | grep folder | grep &quot;&gt;7\.&quot; | cut -d '&quot;' -f 8 | cut -d '/' -f 1 | sort -g | tail -1`<br /> CENT6LATEST=`curl --silent http://mirror.centos.org/centos/ | grep folder | grep &quot;&gt;6\.&quot; | cut -d '&quot;' -f 8 | cut -d '/' -f 1 | sort -g | tail -1`<br /> <br /> /usr/share/rhn/scripts/mk-KickstartTree.py --release $CENT7LATEST --arch x86_64 --target /var/satellite/rhn/kickstart --mirror http://mirror.centos.org/centos/ -b centos7 -c 2&amp;&gt;&gt; /var/log/scripts/findAndGetKickstartTree.log<br /> <br /> /usr/share/rhn/scripts/mk-KickstartTree.py --release $CENT6LATEST --arch x86_64 --target /var/satellite/rhn/kickstart --mirror http://mirror.centos.org/centos/ -b centos6 -c 2&amp;&gt;&gt; /var/log/scripts/findAndGetKickstartTree.log<br /> <br /> cobbler sync 2&amp;&gt;/dev/null<br /> date &gt;&gt; /var/log/scripts/findAndGetKickstartTree.log <br /> echo '########################################################################' &gt;&gt; /var/log/scripts/findAndGetKickstartTree.log<br /> <br /> ==getCompletedActionId==<br /> #!/usr/bin/python<br /> import xmlrpclib<br /> import time<br /> from datetime import datetime<br /> from space_cred import *<br /> SPACEWALK_USER, SPACEWALK_PASSWORD = space_cred()<br /> <br /> SPACEWALK_URL = &quot;http://spacewalk.devnet.prv/rpc/api&quot;<br /> <br /> CLIENT = xmlrpclib.Server(SPACEWALK_URL, verbose=0)<br /> KEY = CLIENT.auth.login(SPACEWALK_USER, SPACEWALK_PASSWORD)<br /> ACTIONS = CLIENT.schedule.listCompletedActions(KEY)<br /> <br /> print &quot;-----------------------------------&quot;<br /> for A in ACTIONS:<br /> print &quot;Action Name: &quot;+A['name']<br /> print &quot;Action ID: &quot;+str(A['id'])<br /> print &quot;-----------------------------------&quot;<br /> <br /> CLIENT.auth.logout(KEY)<br /> <br /> ==getServerIds==<br /> #!/usr/bin/python<br /> import xmlrpclib<br /> import time<br /> from datetime import datetime<br /> from space_cred import *<br /> SPACEWALK_USER, SPACEWALK_PASSWORD = space_cred()<br /> <br /> SPACEWALK_URL = &quot;http://spacewalk.devnet.prv/rpc/api&quot; <br /> <br /> CLIENT = xmlrpclib.Server(SPACEWALK_URL, verbose=0)<br /> KEY = CLIENT.auth.login(SPACEWALK_USER, SPACEWALK_PASSWORD)<br /> LIST = CLIENT.system.listSystems(KEY)<br /> <br /> print &quot;-----------------------------------&quot;<br /> for L in LIST:<br /> print &quot;Server Name: &quot;+L['name']<br /> print &quot;Server ID: &quot;+str(L['id'])<br /> print &quot;-----------------------------------&quot;<br /> <br /> CLIENT.auth.logout(KEY)<br /> <br /> ==makeKickstartTree==<br /> #!/usr/bin/env python<br /> from optparse import OptionParser<br /> import sys<br /> import os<br /> import shutil<br /> import xmlrpclib<br /> import getpass<br /> import stat<br /> <br /> <br /> #defining default mirrors<br /> default_centos=&quot;http://mirror.centos.org/centos&quot;<br /> default_scientific=&quot;http://ftp.scientificlinux.org/linux/scientific&quot;<br /> default_fedora=&quot;http://mirrors.kernel.org/fedora&quot;<br /> default_folders=[&quot;images&quot;,&quot;isolinux&quot;,&quot;repodata&quot;]<br /> <br /> if __name__ == &quot;__main__&quot;:<br /> #define description, version and load parser<br /> desc='''%prog is used to create kickstartable distribution trees of EL-like distros like CentOS, Fedora and ScientificLinux. Optionally you can also create kickstart distributions on Spacewalk, Red Hat Satellite and SUSE Manager. Login credentials are assigned using the following shell variables:<br /> SATELLITE_LOGIN username<br /> SATELLITE_PASSWORD password<br /> It is also possible to create an authfile (permissions 0600) for usage with this script. The first line needs to contain the username, the second line should consist of the appropriate password.<br /> If you're not defining variables or an authfile you will be prompted to enter your login information.<br /> Checkout the GitHub page for updates: https://github.com/stdevel/mkelfs'''<br /> <br /> parser = OptionParser(description=desc,version=&quot;%prog version 0.4&quot;)<br /> <br /> #-r / --release<br /> parser.add_option(&quot;-r&quot;, &quot;--release&quot;, action=&quot;store&quot;, type=&quot;string&quot;, dest=&quot;release&quot;, help=&quot;define which release to use (e.g. 6.5)&quot;, metavar=&quot;RELEASE&quot;)<br /> <br /> #-x / --arch<br /> parser.add_option(&quot;-x&quot;, &quot;--arch&quot;, action=&quot;store&quot;, type=&quot;string&quot;, dest=&quot;arch&quot;, help=&quot;define which architecture to use (e.g. x86_64)&quot;, metavar=&quot;ARCH&quot;)<br /> <br /> #-t / --target<br /> parser.add_option(&quot;-t&quot;, &quot;--target&quot;, action=&quot;store&quot;, type=&quot;string&quot;, dest=&quot;target&quot;, default=&quot;/var/satellite/kickstart_tree&quot;, help=&quot;define where to store kickstart files. A subfolder will be created automatically. (default: /var/satellite/kickstart_tree)&quot;, metavar=&quot;DIR&quot;)<br /> <br /> #-m / --mirror<br /> parser.add_option(&quot;-m&quot;, &quot;--mirror&quot;, dest=&quot;mirror&quot;, action=&quot;store&quot;, type=&quot;string&quot;, help=&quot;define a valid EL mirror to use - DON'T add the trailing slash! Have a loot at the EL mirror list (e.g. http://www.centos.org/download/mirrors) for alternatives&quot;, metavar=&quot;MIRROR&quot;)<br /> <br /> #-o / --distribution<br /> parser.add_option(&quot;-o&quot;, &quot;--distro&quot;, dest=&quot;distro&quot;, default=&quot;centos&quot;, action=&quot;store&quot;, type=&quot;string&quot;, help=&quot;defines for which distro the files are downloaded (default: centos) - other possible values: fedora, scientific&quot;, metavar=&quot;DISTRO&quot;)<br /> <br /> #-f / --force<br /> parser.add_option(&quot;-f&quot;, &quot;--force&quot;, dest=&quot;force&quot;, default=False, action=&quot;store_true&quot;, help=&quot;defines whether pre-existing kickstart files shall be overwritten&quot;)<br /> <br /> #-i / --ignore-existing<br /> parser.add_option(&quot;-i&quot;, &quot;--ignore-existing&quot;, dest=&quot;ignoreExisting&quot;, default=False, action=&quot;store_true&quot;, help=&quot;don't throw errors if downloaded files are already existing (e.g. testing purposes)&quot;)<br /> <br /> #-q / --quiet<br /> parser.add_option(&quot;-q&quot;, &quot;--quiet&quot;, action=&quot;store_false&quot;, dest=&quot;verbose&quot;, default=True, help=&quot;don't print status messages to stdout&quot;)<br /> <br /> #-d / --debug<br /> parser.add_option(&quot;-d&quot;, &quot;--debug&quot;, dest=&quot;debug&quot;, default=False, action=&quot;store_true&quot;, help=&quot;enable debugging outputs&quot;)<br /> <br /> #-c / --create-distribution<br /> parser.add_option(&quot;-c&quot;, &quot;--create-distribution&quot;, dest=&quot;createDistribution&quot;, default=False, action=&quot;store_true&quot;, help=&quot;creates a kickstart distribution on the Spacewalk / Red Hat Satellite or SUSE Manager server&quot;)<br /> <br /> #-b / --base-channel<br /> parser.add_option(&quot;-b&quot;, &quot;--base-channel&quot;, dest=&quot;baseChannel&quot;, type=&quot;string&quot;, default=&quot;&quot;, help=&quot;defines the name of the distro base-channel&quot;, metavar=&quot;CHANNEL&quot;)<br /> <br /> #-a / --authfile<br /> parser.add_option(&quot;-a&quot;, &quot;--authfile&quot;, dest=&quot;authfile&quot;, metavar=&quot;FILE&quot;, default=&quot;&quot;, help=&quot;defines an auth file to use instead of shell variables&quot;)<br /> <br /> #-s / --server<br /> parser.add_option(&quot;-s&quot;, &quot;--server&quot;, dest=&quot;server&quot;, metavar=&quot;SERVER&quot;, default=&quot;localhost&quot;, help=&quot;defines the server to use&quot;)<br /> <br /> #parse arguments<br /> (options, args) = parser.parse_args()<br /> <br /> #check whether all required options are given<br /> if options.release is None and options.arch is None:<br /> parser.error(&quot;missing values for release and arch!&quot;)<br /> else:<br /> #make options being lower-case in case you missed it<br /> options.distro = str(options.distro).lower()<br /> options.release = str(options.release).lower()<br /> options.arch = str(options.arch).lower()<br /> <br /> #setup default mirror URL (if no other defined) depending on selected distro<br /> if options.mirror == None:<br /> if str(options.distro).lower() == &quot;scientific&quot;: options.mirror = default_scientific<br /> if str(options.distro).lower() == &quot;fedora&quot;: options.mirror = default_fedora<br /> if str(options.distro).lower() == &quot;centos&quot;: options.mirror = default_centos<br /> if str(options.distro).lower() == &quot;scientific&quot;: url = options.mirror+&quot;/&quot;+options.release+&quot;/&quot;+options.arch+&quot;/os&quot;<br /> elif str(options.distro).lower() == &quot;fedora&quot;: url = options.mirror+&quot;/releases/&quot;+options.release+&quot;/Fedora/&quot;+options.arch+&quot;/os&quot;<br /> else: url = options.mirror+&quot;/&quot;+options.release+&quot;/os/&quot;+options.arch<br /> <br /> #workaround for EL7<br /> if options.release == &quot;7&quot; and options.distro.lower() in [&quot;centos&quot;,&quot;scientific&quot;]:<br /> default_folders.append(&quot;LiveOS&quot;)<br /> if options.verbose: print(&quot;INFO: EL7 detected, making sure to also download LiveOS&quot;)<br /> <br /> #print debug output if required<br /> if options.debug: print(&quot;release: &quot; + options.release + &quot;\narch: &quot; + options.arch + &quot;\ntarget: &quot; + options.target + &quot;\nmirror: &quot; + options.mirror + &quot;\nforce: &quot; + `options.force` + &quot;\nverbose: &quot; + `options.verbose` + &quot;\ndebug: &quot; + `options.debug` + &quot;\ndistro: &quot; + options.distro + &quot;\nURL: &quot; + url)<br /> <br /> #define URL and login information<br /> SATELLITE_URL = &quot;http://&quot;+options.server+&quot;/rpc/api&quot;<br /> <br /> #setup client and key depending on mode<br /> client = xmlrpclib.Server(SATELLITE_URL, verbose=options.debug)<br /> if options.authfile:<br /> #use authfile<br /> if options.debug: print &quot;DEBUG: using authfile&quot;<br /> try:<br /> #check filemode and read file<br /> filemode = oct(stat.S_IMODE(os.lstat(options.authfile).st_mode))<br /> if filemode == &quot;0600&quot;:<br /> if options.debug: print &quot;DEBUG: file permission (&quot;+filemode+&quot;) matches 0600&quot;<br /> fo = open(options.authfile, &quot;r&quot;)<br /> s_username=fo.readline().replace(&quot;\n&quot;, &quot;&quot;)<br /> s_password=fo.readline().replace(&quot;\n&quot;, &quot;&quot;)<br /> key = client.auth.login(s_username, s_password)<br /> else:<br /> if options.verbose: print &quot;ERROR: file permission (&quot;+filemode+&quot;) not matching 0600!&quot;<br /> exit(1)<br /> except OSError:<br /> print &quot;ERROR: file non-existent or permissions not 0600!&quot;<br /> exit(1)<br /> elif &quot;SATELLITE_LOGIN&quot; in os.environ and &quot;SATELLITE_PASSWORD&quot; in os.environ:<br /> #shell variables<br /> if options.debug: print &quot;DEBUG: checking shell variables&quot;<br /> key = client.auth.login(os.environ[&quot;SATELLITE_LOGIN&quot;], os.environ[&quot;SATELLITE_PASSWORD&quot;])<br /> else:<br /> s_username = &quot;&quot;<br /> s_password = &quot;&quot;<br /> try:<br /> from space_cred import *<br /> s_username, s_password = space_cred()<br /> except:<br /> pass<br /> if s_username == &quot;&quot;:<br /> if options.debug: print &quot;DEBUG: prompting for login credentials&quot;<br /> s_username = raw_input(&quot;Username: &quot;)<br /> if s_password == &quot;&quot;:<br /> if options.debug: print &quot;DEBUG: prompting for login credentials&quot;<br /> s_password = getpass.getpass(&quot;Password: &quot;)<br /> key = client.auth.login(s_username, s_password)<br /> <br /> #check whether the API version matches the minimum required<br /> api_level = client.api.getVersion()<br /> if not api_level in supportedAPI:<br /> print &quot;ERROR: your API version (&quot;+api_level+&quot;) does not support the required calls. You'll need API version 1.8 (11.1) or higher!&quot;<br /> exit(1)<br /> else:<br /> if options.debug: print &quot;INFO: supported API version (&quot;+api_level+&quot;) found.&quot;<br /> <br /> #search for base-channel or check base-channel<br /> listChannels = client.channel.listAllChannels(key)<br /> if options.debug: print &quot;INFO: all channels&quot; + str(listChannels)<br /> if options.baseChannel != &quot;&quot;:<br /> #check base-channel<br /> if options.baseChannel not in str(listChannels):<br /> print &quot;ERROR: base-channel '&quot; + options.baseChannel + &quot;' does not exist!&quot;<br /> exit(1)<br /> else:<br /> for dict in listChannels:<br /> if dict[&quot;label&quot;] == options.baseChannel:<br /> if options.arch == &quot;i386&quot;:<br /> if dict[&quot;arch_name&quot;] != &quot;IA-32&quot;:<br /> print &quot;ERROR: base-channel '&quot; + options.baseChannel + &quot;' has a different architecture!&quot;<br /> exit(1)<br /> else:<br /> if dict[&quot;arch_name&quot;] != options.arch:<br /> print &quot;ERROR: base-channel '&quot; + options.baseChannel + &quot;' has a different architecture!&quot;<br /> exit(1)<br /> else:<br /> #search base-channel<br /> for dict in listChannels:<br /> #print dict<br /> if dict[&quot;label&quot;] == options.distro+options.release+&quot;-&quot;+options.arch:<br /> if options.verbose: print &quot;INFO: found matching base channel '&quot; + dict[&quot;label&quot;] + &quot;'&quot;<br /> options.baseChannel = dict[&quot;label&quot;]<br /> <br /> #last check if we configured a base-channel<br /> if options.baseChannel == &quot;&quot;:<br /> print &quot;ERROR: unable to find a valid base-channel, please check your channels!&quot;<br /> exit(1)<br /> <br /> #check whether target is writable<br /> if os.access(options.target, os.W_OK):<br /> if options.verbose: print &quot;INFO: path exists and writable&quot;<br /> <br /> #switch to directory and create subfolder non-existent<br /> os.chdir(options.target)<br /> <br /> #check whether the directory already exists<br /> if os.path.exists(options.distro+&quot;-&quot;+options.release+&quot;-&quot;+options.arch):<br /> <br /> #delete content of directory if force given<br /> if options.force == True:<br /> shutil.rmtree(options.target+&quot;/&quot;+options.distro+&quot;-&quot;+options.release+&quot;-&quot;+options.arch)<br /> if options.verbose: print &quot;INFO: deleted directory (&quot;+options.target+&quot;/&quot;+options.distro+&quot;-&quot;+options.release+&quot;-&quot;+options.arch+&quot;) because -f / --force given&quot;<br /> elif options.ignoreExisting == False:<br /> #abort with error<br /> print &gt;&gt; sys.stderr, &quot;ERROR: kickstart tree directory (&quot;+options.target+&quot;/&quot;+options.distro+&quot;-&quot;+options.release+&quot;-&quot;+options.arch+&quot;) already exists! Use -f / --force to overwrite!&quot;<br /> exit(1)<br /> <br /> #create directory and change directory<br /> if options.ignoreExisting == False: os.system(&quot;mkdir &quot;+options.distro+&quot;-&quot;+options.release+&quot;-&quot;+options.arch)<br /> os.chdir(options.target+&quot;/&quot;+options.distro+&quot;-&quot;+options.release+&quot;-&quot;+options.arch) <br /> <br /> #download files<br /> if options.ignoreExisting == False:<br /> if options.verbose: print &quot;INFO: about to download kickstart files for EL &quot;+options.release+&quot; &quot;+options.arch+&quot; from mirror &quot;+options.mirror+&quot;...&quot;<br /> for i in default_folders:<br /> #setting offset based on mirror and distro<br /> if options.distro == &quot;fedora&quot;: dir_offset=6<br /> elif &quot;vault&quot; in options.mirror: dir_offset=3<br /> elif options.distro == &quot;scientific&quot;: dir_offset=5<br /> else: dir_offset=5<br /> if options.debug: print &quot;INFO: dir_offset: &quot;+`dir_offset`<br /> #run wget with or without quiet mode<br /> cmd = &quot;wget -e robots=off -q -r -nH --cut-dirs=&quot;+`dir_offset`+&quot; --no-parent --reject 'index.html*' &quot;+url+&quot;/&quot;+i+&quot;/&quot;<br /> if options.verbose == False:<br /> cmd = cmd+&quot; --quiet&quot;<br /> retcode = os.system(cmd)<br /> else:<br /> retcode = os.system(cmd)<br /> <br /> #print error if wget had a error<br /> if retcode != 0:<br /> print &gt;&gt; sys.stderr, &quot;ERROR: some error occurred (see output above!) - hint: check URL (&quot;+options.mirror+&quot;/&quot;+options.release+&quot;)&quot;<br /> exit(1)<br /> else:<br /> if options.verbose: print &quot;INFO: successfully downloaded kickstart files for EL &quot;+options.release+&quot; &quot;+options.arch+&quot;!\nUse this file path for cobbler or the webui: &quot;+options.target+&quot;/&quot;+options.distro+&quot;-&quot;+options.release+&quot;-&quot;+options.arch<br /> if &quot;7.&quot; in options.release:<br /> #setting offset based on mirror and distro<br /> if options.distro == &quot;fedora&quot;: dir_offset=6<br /> elif &quot;vault&quot; in options.mirror: dir_offset=3<br /> elif options.distro == &quot;scientific&quot;: dir_offset=5<br /> else: dir_offset=5<br /> if options.debug: print &quot;INFO: dir_offset: &quot;+`dir_offset`<br /> #run wget with or without quiet mode<br /> cmd = &quot;wget -e robots=off -q -r -nH --cut-dirs=&quot;+`dir_offset`+&quot; --no-parent --reject 'index.html*' &quot;+url+&quot;/LiveOS/&quot;<br /> if options.verbose == False:<br /> cmd = cmd+&quot; --quiet&quot;<br /> retcode = os.system(cmd)<br /> else:<br /> retcode = os.system(cmd)<br /> <br /> #print error if wget had a error<br /> if retcode != 0:<br /> print &gt;&gt; sys.stderr, &quot;ERROR: some error occurred (see output above!) - hint: check URL (&quot;+options.mirror+&quot;/&quot;+options.release+&quot;)&quot;<br /> exit(1)<br /> else:<br /> if options.verbose: print &quot;INFO: successfully downloaded kickstart files for EL &quot;+options.release+&quot; &quot;+options.arch+&quot;!\nUse this file path for cobbler or the webui: &quot;+options.target+&quot;/&quot;+options.distro+&quot;-&quot;+options.release+&quot;-&quot;+options.arch<br /> cmd = &quot;chmod -R 0777 &quot;+options.target+&quot;/&quot;+options.distro+&quot;-&quot;+options.release+&quot;-&quot;+options.arch<br /> #print &quot;CMD: &quot;+cmd<br /> retcode = os.system(cmd)<br /> <br /> else:<br /> print &gt;&gt; sys.stderr, &quot;ERROR: path non-existent or non-writable!&quot;<br /> <br /> #create kickstart distribution<br /> if options.createDistribution:<br /> if options.verbose: print &quot;INFO: Creating kickstart distribution...&quot;<br /> #set install type<br /> if options.distro == &quot;fedora&quot;: installType = &quot;fedora&quot;<br /> else:<br /> if &quot;2.1&quot; in options.release: installType = &quot;rhel_2.1&quot;<br /> if &quot;3.&quot; in options.release: installType = &quot;rhel_3&quot;<br /> if &quot;4.&quot; in options.release: installType = &quot;rhel_4&quot;<br /> if &quot;5.&quot; in options.release: installType = &quot;rhel_5&quot;<br /> if &quot;6.&quot; in options.release: installType = &quot;rhel_6&quot;<br /> if &quot;7.&quot; in options.release: installType = &quot;rhel_7&quot;<br /> if options.debug: print &quot;DEBUG: install type is '&quot; + installType + &quot;'&quot;<br /> <br /> #create distribution<br /> result = client.kickstart.tree.create(key,&quot;KD-&quot;+options.distro+&quot;-&quot;+options.release+&quot;-&quot;+options.arch,options.target+&quot;/&quot;+options.distro+&quot;-&quot;+options.release+&quot;-&quot;+options.arch,options.baseChannel,installType)<br /> if result == 1:<br /> if options.verbose: print &quot;Successfully created kickstart distribution 'KD-&quot; + options.distro+&quot;-&quot;+options.release+&quot;-&quot;+options.arch + &quot;'&quot;<br /> <br /> #logout and exit<br /> client.auth.logout(key)<br /> <br /> ==pushConfigurationChannelFiles==<br /> #!/usr/bin/python<br /> import xmlrpclib<br /> import time<br /> from datetime import datetime<br /> from space_cred import *<br /> SPACEWALK_USER, SPACEWALK_PASSWORD = space_cred()<br /> #################################################################<br /> # VARIABLES #<br /> #################################################################<br /> SPACEWALK_URL = &quot;http://spacewalk.devnet.prv/rpc/api&quot;<br /> MISSING_ENABLED = 0<br /> ACTION_ID = [3064]<br /> <br /> <br /> <br /> #################################################################<br /> # CODE #<br /> #################################################################<br /> CLIENT = xmlrpclib.Server(SPACEWALK_URL, verbose=0)<br /> KEY = CLIENT.auth.login(SPACEWALK_USER, SPACEWALK_PASSWORD)<br /> LIST = CLIENT.system.listSystems(KEY)<br /> TOTAL_ID_LIST = []<br /> for L in LIST:<br /> TOTAL_ID_LIST.append(L['id'])<br /> ACTION_ID_LIST = []<br /> MISSING_SERVER_LIST = []<br /> MISSING_ID_LIST = []<br /> ACTION_SYSTEMS = CLIENT.schedule.listCompletedSystems(KEY, ACTION_ID[0])<br /> for A in ACTION_SYSTEMS:<br /> ACTION_ID_LIST.append(A['server_id'])<br /> for TID in TOTAL_ID_LIST:<br /> if TID not in ACTION_ID_LIST:<br /> for L in LIST:<br /> if TID == L['id']:<br /> MISSING_SERVER_LIST.append(L['name'])<br /> MISSING_ID_LIST.append(L['id'])<br /> print &quot;Missing %d Systems from the current scheduled action.&quot; % (len(MISSING_SERVER_LIST))<br /> print &quot;Pushing Configuration files to %d Systems&quot; % (len(ACTION_ID_LIST))<br /> RESULTS = CLIENT.schedule.rescheduleActions(KEY, ACTION_ID, 0)<br /> if RESULTS == 1:<br /> print &quot;Successfully re-scheduled the action for the %d systems.&quot; % (len(ACTION_ID_LIST))<br /> else:<br /> print &quot;An Error occured while re-scheduling action ID %d.&quot; % (ACTION_ID[0])<br /> if MISSING_ENABLED == 1:<br /> print &quot;Pushing Configuration files to %d missing systems&quot; % (len(MISSING_ID_LIST))<br /> TODAY = datetime.today()<br /> EARLIEST_OCCURANCE = xmlrpclib.DateTime(TODAY)<br /> RESULTS = CLIENT.system.config.deployAll(KEY, MISSING_ID_LIST, EARLIEST_OCCURANCE)<br /> if RESULTS == 1:<br /> print &quot;Successfully scheduled a deploy action for all %d missinge systems.&quot; % (len(MISSING_ID_LIST))<br /> else:<br /> print &quot;An Error occured while scheduling the deploy action.&quot;<br /> CLIENT.auth.logout(KEY)<br /> <br /> ==reposync==<br /> mkdir -p /var/log/scripts/<br /> echo ##################################################### &gt;&gt; /var/log/scripts/spacewalk-repo-sync.log<br /> CENT7LATEST=`curl --silent http://mirror.centos.org/centos/ | grep folder | grep &quot;&gt;7\.&quot; | cut -d '&quot;' -f 8 | cut -d '/' -f 1 | sort -g | tail -1`<br /> CENT6LATEST=`curl --silent http://mirror.centos.org/centos/ | grep folder | grep &quot;&gt;6\.&quot; | cut -d '&quot;' -f 8 | cut -d '/' -f 1 | sort -g | tail -1`<br /> <br /> spacewalk-repo-sync -u http://yum.spacewalkproject.org/latest/RHEL/6/x86_64/ -c spacewalk-server6 &gt;&gt; /var/log/scripts/spacewalk-repo-sync.log<br /> spacewalk-repo-sync -u http://yum.spacewalkproject.org/latest/RHEL/7/x86_64/ -c spacewalk-server7 &gt;&gt; /var/log/scripts/spacewalk-repo-sync.log<br /> spacewalk-repo-sync -u http://yum.spacewalkproject.org/latest-client/RHEL/6/x86_64/ -c spacewalk-client &gt;&gt; /var/log/scripts/spacewalk-repo-sync.log<br /> spacewalk-repo-sync -u http://yum.spacewalkproject.org/latest-client/RHEL/7/x86_64/ -c spacewalk-client-centos7 &gt;&gt; /var/log/scripts/spacewalk-repo-sync.log<br /> spacewalk-repo-sync -u http://yum.spacewalkproject.org/latest-client/RHEL/6/x86_64/ -c spacewalk-client-rhel-6 &gt;&gt; /var/log/scripts/spacewalk-repo-sync.log<br /> spacewalk-repo-sync -u http://yum.postgresql.org/9.4/redhat/rhel-7-x86_64/ -c 7-postgres94 &gt;&gt; /var/log/scripts/spacewalk-repo-sync.log<br /> spacewalk-repo-sync -u http://yum.postgresql.org/9.5/redhat/rhel-7-x86_64/ -c 7-postgres95 &gt;&gt; /var/log/scripts/spacewalk-repo-sync.log<br /> spacewalk-repo-sync -u http://download.ceph.com/rpm/el7/x86_64/ -c ceph-centos7 &gt;&gt; /var/log/scripts/spacewalk-repo-sync.log<br /> spacewalk-repo-sync -u http://mirror.centos.org/centos/$CENT7LATEST/extras/x86_64/ -c centos-7-extras &gt;&gt; /var/log/scripts/spacewalk-repo-sync.log<br /> spacewalk-repo-sync -u http://mirror.centos.org/centos/$CENT7LATEST/updates/x86_64/ -c centos-7-updates &gt;&gt; /var/log/scripts/spacewalk-repo-sync.log<br /> spacewalk-repo-sync -u http://dl.fedoraproject.org/pub/epel/6/x86_64/ -c rhel-6 &gt;&gt; /var/log/scripts/spacewalk-repo-sync.log<br /> spacewalk-repo-sync -u http://rhel6.devnet.prv/rhel6/ -c rhel-6 &gt;&gt; /var/log/scripts/spacewalk-repo-sync.log<br /> spacewalk-repo-sync -u http://dl.fedoraproject.org/pub/epel/6/x86_64/ -c centos6 &gt;&gt; /var/log/scripts/spacewalk-repo-sync.log<br /> spacewalk-repo-sync -u http://dl.fedoraproject.org/pub/epel/7/x86_64/ -c epel-7 &gt;&gt; /var/log/scripts/spacewalk-repo-sync.log<br /> spacewalk-repo-sync -u http://mirror.centos.org/centos/$CENT6LATEST/os/x86_64/ -c centos6 &gt;&gt; /var/log/scripts/spacewalk-repo-sync.log<br /> spacewalk-repo-sync -u http://mirror.centos.org/centos/$CENT6LATEST/extras/x86_64/ -c centos6 &gt;&gt; /var/log/scripts/spacewalk-repo-sync.log<br /> spacewalk-repo-sync -u http://mirror.centos.org/centos/$CENT6LATEST/updates/x86_64/ -c centos6 &gt;&gt; /var/log/scripts/spacewalk-repo-sync.log<br /> spacewalk-repo-sync -u http://mirror.centos.org/centos/$CENT7LATEST/os/x86_64/ -c centos7 &gt;&gt; /var/log/scripts/spacewalk-repo-sync.log<br /> spacewalk-repo-sync -u http://rhel5.devnet.prv/rhel5/ -c rhel-x86_64-server-5 &gt;&gt; /var/log/scripts/spacewalk-repo-sync.log<br /> spacewalk-repo-sync -u http://yum.spacewalkproject.org/latest-client/RHEL/5/x86_64/ -c spacewalk-client5 &gt;&gt; /var/log/scripts/spacewalk-repo-sync.log<br /> spacewalk-repo-sync -u http://yum.spacewalkproject.org/latest-client/RHEL/7/x86_64/ -c spacewalk-client-rhel-7 &gt;&gt; /var/log/scripts/spacewalk-repo-sync.log<br /> spacewalk-repo-sync -u http://rhel7.devnet.prv/rhel7/ -c rhel-7 &gt;&gt; /var/log/scripts/spacewalk-repo-sync.log<br /> spacewalk-repo-sync -u http://dl.fedoraproject.org/pub/epel/7/x86_64/ -c rhel-7-epel &gt;&gt; /var/log/scripts/spacewalk-repo-sync.log<br /> <br /> chmod -R 777 /var/satellite/redhat/1/<br /> echo #################################################### &gt;&gt; /var/log/scripts/spacewalk-repo-sync.log<br /> date &gt;&gt; /var/log/scripts/spacewalk-repo-sync.log<br /> <br /> ==spacewalkCreds==<br /> #!/usr/bin/python<br /> def space_cred():<br /> SPACEWALK_USER = &quot;droessne&quot;<br /> SPACEWALK_PASSWORD = &quot;&quot;<br /> <br /> return SPACEWALK_USER, SPACEWALK_PASSWORD</div> Admin http://wiki.dersllc.com/index.php?title=DevNet&diff=51 DevNet 2023-06-02T19:40:52Z <p>Admin: Created page with &quot;= Spacewalk Documentation = == Lockdown Scripts == #raw printf &quot; Locking Down CentOS 7: &quot; /bin/bash /tmp/status.sh &amp; echo &#039;CCE-27053-8 - Set Password Hashing Algorithm in /etc/libuser.conf&#039; &gt;&gt; /root/ks-lockdown.log sed -i &#039;s~crypt_style.*~crypt_style = sha512~&#039; /etc/libuser.conf yum -y remove vasclnt &amp;&gt; /dev/null yum -y install clamav &amp;&gt; /dev/null echo &#039;Installing oscap&#039; &gt;&gt; /root/ks-lockdown.log yum -y...&quot;</p> <hr /> <div>= Spacewalk Documentation =<br /> == Lockdown Scripts ==<br /> #raw<br /> printf &quot; Locking Down CentOS 7: &quot;<br /> /bin/bash /tmp/status.sh &amp; <br /> <br /> echo 'CCE-27053-8 - Set Password Hashing Algorithm in /etc/libuser.conf' &gt;&gt; /root/ks-lockdown.log<br /> sed -i 's~crypt_style.*~crypt_style = sha512~' /etc/libuser.conf <br /> <br /> yum -y remove vasclnt &amp;&gt; /dev/null<br /> yum -y install clamav &amp;&gt; /dev/null<br /> <br /> echo 'Installing oscap' &gt;&gt; /root/ks-lockdown.log<br /> yum -y --nogpgcheck install spacewalk-oscap scap-security-guide &amp;&gt;&gt; /root/ks-lockdown.log<br /> sed -i '/&lt;platform idref=&quot;cpe:\/o:redhat:enterprise_linux:7&quot;\/&gt;/a \ \ &lt;platform idref=&quot;cpe:\/o:centos:centos:7&quot; \/&gt;' /usr/share/xml/scap/ssg/content/ssg-rhel7-xccdf.xml<br /> #sed -i 's~idref=&quot;audit_rules_privileged_commands&quot; selected=&quot;.*&quot;~idref=&quot;audit_rules_privileged_commands&quot; selected=&quot;false&quot;~' /usr/share/xml/scap/ssg/content/ssg-centos7-xccdf.xml<br /> /usr/bin/oscap xccdf eval --profile stig-rhel7-server-upstream --remediate /usr/share/xml/scap/ssg/content/ssg-rhel7-xccdf.xml &amp;&gt;&gt; /root/ks-lockdown.log<br /> sed -i &quot;s/MACs/\\nMACs/&quot; /etc/ssh/sshd_config <br /> /usr/bin/oscap xccdf eval --profile stig-rhel7-server-upstream --oval-results --results ssg-rhel7-xccdf.xml.result.xml /usr/share/xml/scap/ssg/content/ssg-rhel7-xccdf.xml &amp;&gt;&gt; /root/ks-lockdown.log<br /> /usr/bin/oscap xccdf generate report --oval-template ssg-rhel7-oval.xml.result.xml ssg-rhel7-xccdf.xml.result.xml &gt; /root/stig-report-xccdf-oval.html<br /> <br /> echo 'CVE-2004-1653' &gt;&gt; /root/ks-lockdown.log<br /> cat /etc/ssh/sshd_config | grep -q &quot;\#AllowTcpForwarding yes&quot; &amp;&amp; sed -i 's/\#AllowTcpForwarding yes/AllowTcpForwarding no/' /etc/ssh/sshd_config || sed -i '$a\CVE-2004-1653 (1 of 2) Already complete' /root/ks-lockdown.log<br /> cat /etc/ssh/sshd_config | grep -q &quot;AllowTcpForwarding yes&quot; &amp;&amp; sed -i 's/AllowTcpForwarding yes/AllowTcpForwarding no/' /etc/ssh/sshd_config || sed -i '$a\CVE-2004-1653 (2 of 2)Already complete' /root/ks-lockdown.log<br /> <br /> echo 'CVE-2007-2243' &gt;&gt; /root/ks-lockdown.log<br /> cat /etc/ssh/sshd_config | grep -q &quot;\#ChallengeResponseAuthentication yes&quot; &amp;&amp; sed -i 's/\#ChallengeResponseAuthentication yes/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config || sed -i '$a\CVE-2007-2243 (1 of 2) Already complete' /root/ks-lockdown.log <br /> cat /etc/ssh/sshd_config | grep -q &quot;ChallengeResponseAuthentication yes&quot; &amp;&amp; sed -i 's/ChallengeResponseAuthentication yes/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config || sed -i '$a\CVE-2007-2243 (2 of 2) Already complete' /root/ks-lockdown.log <br /> <br /> STATUSPID=`ps -ef | grep status| egrep -v grep | head -1 | awk '{print $2}'`<br /> kill $STATUSPID<br /> printf &quot;\b\b\b\b\b\b\b\b&quot;<br /> echo -e &quot;[ \e[1;32mOK\e[0;39m ]&quot;<br /> #end raw<br /> <br /> https://copr-be.cloud.fedoraproject.org/results/openscapmaint/openscap-latest/epel-7-x86_64/<br /> <br /> = Spacewalk Installation Instructions =<br /> == Installing Spacewalk ==<br /> <br /> [https://fedorahosted.org/spacewalk/wiki/HowToInstall How-to]<br /> <br /> == Joining a Client (Centos 6) to Spacewalk ==<br /> '''On the Client as root, run:'''<br /> mkdir reg-rpms<br /> cd reg-rpms<br /> wget http://spacewalk/pub/register/rhn-check-2.2.7-1.el6.noarch.rpm http://spacewalk/pub/register/rhn-client-tools-2.2.7-1.el6.noarch.rpm http://spacewalk/pub/register/rhn-setup-2.2.7-1.el6.noarch.rpm http://spacewalk/pub/register/rhncfg-5.10.73-1.el6.noarch.rpm http://spacewalk/pub/register/rhncfg-actions-5.10.73-1.el6.noarch.rpm http://spacewalk/pub/register/rhncfg-client-5.10.73-1.el6.noarch.rpm http://spacewalk/pub/register/rhnsd-5.0.14-1.el6.x86_64.rpm http://spacewalk/pub/register/yum-rhn-plugin-2.2.7-1.el6.noarch.rpm http://spacewalk/pub/register/m2crypto-0.20.2-9.el6.x86_64.rpm http://spacewalk/pub/register/python-dmidecode-3.10.13-3.el6_4.x86_64.rpm http://spacewalk/pub/register/python-gudev-147.1-4.el6_0.1.x86_64.rpm http://spacewalk/pub/register/python-hwdata-1.7.3-1.el6.noarch.rpm <br /> yum -y localinstall rhn-setup-2.2.7-1.el6.noarch.rpm rhnsd-5.0.14-1.el6.x86_64.rpm rhn-check-2.2.7-1.el6.noarch.rpm rhn-client-tools-2.2.7-1.el6.noarch.rpm yum-rhn-plugin-2.2.7-1.el6.noarch.rpm m2crypto-0.20.2-9.el6.x86_64.rpm python-dmidecode-3.10.13-3.el6_4.x86_64.rpm python-hwdata-1.7.3-1.el6.noarch.rpm python-gudev-147.1-4.el6_0.1.x86_64.rpm<br /> cd ..<br /> rm -rf reg-rpms<br /> mkdir keys<br /> cd keys<br /> wget http://spacewalk.devnet.prv/pub/keys/RPM-GPG-KEY-EPEL-6 http://spacewalk.devnet.prv/pub/keys/RPM-GPG-KEY-CentOS-6 http://spacewalk.devnet.prv/pub/keys/RPM-GPG-KEY-EPEL-7 http://spacewalk.devnet.prv/pub/keys/RPM-GPG-KEY-CentOS-7 http://spacewalk.devnet.prv/pub/keys/RPM-GPG-KEY-redhat-release5 http://spacewalk.devnet.prv/pub/keys/RPM-GPG-KEY-redhat-release6 http://spacewalk.devnet.prv/pub/keys/RPM-GPG-KEY-spacewalk-2014 http://spacewalk.devnet.prv/pub/keys/RPM-GPG-KEY-spacewalk-2012 http://spacewalk.devnet.prv/pub/keys/RPM-GPG-KEY-spacewalk-2010 http://spacewalk.devnet.prv/pub/keys/RPM-GPG-KEY-spacewalk-2008<br /> rpm --import *<br /> cd ..<br /> rm -rf keys/<br /> mkdir -p /etc/sysconfig/rhn/allowed-actions/script<br /> touch /etc/sysconfig/rhn/allowed-actions/script/run<br /> mkdir -p /etc/sysconfig/rhn/allowed-actions/configfiles<br /> touch /etc/sysconfig/rhn/allowed-actions/configfiles/all<br /> mkdir -p /usr/share/rhn/<br /> wget http://spacewalk.devnet.prv/pub/RHN-ORG-TRUSTED-SSL-CERT -O /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT <br /> perl -npe 's/RHNS-CA-CERT/RHN-ORG-TRUSTED-SSL-CERT/g' -i /etc/sysconfig/rhn/*<br /> rhnreg_ks --serverUrl=https://spacewalk.devnet.prv/XMLRPC --sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT --activationkey=1-97d994ea86b8f4ce665d6ef01546834b,1-centos6<br /> <br /> == Joining a Client (Centos 7) to Spacewalk ==<br /> '''On the Client as root, run:'''<br /> mkdir reg-rpms<br /> cd reg-rpms<br /> wget http://spacewalk/pub/register/centos7/jabberpy-0.5-0.27.el7.noarch.rpm http://spacewalk/pub/register/centos7/osad-5.11.57-1.el7.noarch.rpm http://spacewalk/pub/register/centos7/python-hwdata-1.7.3-4.el7.noarch.rpm http://spacewalk/pub/register/centos7/rhncfg-5.10.83-1.el7.noarch.rpm http://spacewalk/pub/register/centos7/rhncfg-actions-5.10.83-1.el7.noarch.rpm http://spacewalk/pub/register/centos7/rhncfg-client-5.10.83-1.el7.noarch.rpm http://spacewalk/pub/register/centos7/rhn-check-2.3.16-1.el7.noarch.rpm http://spacewalk/pub/register/centos7/rhn-client-tools-2.3.16-1.el7.noarch.rpm http://spacewalk/pub/register/centos7/rhnsd-5.0.15-1.el7.x86_64.rpm http://spacewalk/pub/register/centos7/rhn-setup-2.3.16-1.el7.noarch.rpm http://spacewalk/pub/register/centos7/yum-rhn-plugin-2.3.3-1.el7.noarch.rpm http://spacewalk/pub/register/centos7/osa-common-5.11.57-1.el7.noarch.rpm http://spacewalk/pub/register/centos7/rhnlib-2.5.75-1.el7.noarch.rpm http://spacewalk/pub/register/centos7/systemd-sysv-208-20.el7.x86_64.rpm http://spacewalk/pub/register/centos7/systemd-208-20.el7.x86_64.rpm http://spacewalk/pub/register/centos7/python-2.7.5-16.el7.x86_64.rpm http://spacewalk/pub/register/centos7/libnl-1.1.4-3.el7.x86_64.rpm http://spacewalk/pub/register/centos7/libxml2-python-2.9.1-5.el7_0.1.x86_64.rpm http://spacewalk/pub/register/centos7/m2crypto-0.21.1-15.el7.x86_64.rpm http://spacewalk/pub/register/centos7/pygobject2-2.28.6-11.el7.x86_64.rpm http://spacewalk/pub/register/centos7/pyOpenSSL-0.13.1-3.el7.x86_64.rpm http://spacewalk/pub/register/centos7/python-dmidecode-3.10.13-11.el7.x86_64.rpm http://spacewalk/pub/register/centos7/python-ethtool-0.8-5.el7.x86_64.rpm http://spacewalk/pub/register/centos7/usermode-1.111-5.el7.x86_64.rpm http://spacewalk/pub/register/centos7/python-gudev-147.2-7.el7.x86_64.rpm http://spacewalk/pub/register/centos7/libxml2-python-2.9.1-5.el7_1.2.x86_64.rpm<br /> yum -y localinstall jabberpy-0.5-0.27.el7.noarch.rpm python-hwdata-1.7.3-4.el7.noarch.rpm rhncfg-actions-5.10.83-1.el7.noarch.rpm rhn-check-2.3.16-1.el7.noarch.rpm rhnsd-5.0.15-1.el7.x86_64.rpm yum-rhn-plugin-2.3.3-1.el7.noarch.rpm osad-5.11.57-1.el7.noarch.rpm rhncfg-5.10.83-1.el7.noarch.rpm rhncfg-client-5.10.83-1.el7.noarch.rpm rhn-client-tools-2.3.16-1.el7.noarch.rpm rhn-setup-2.3.16-1.el7.noarch.rpm systemd-sysv-208-20.el7.x86_64.rpm rhnlib-2.5.75-1.el7.noarch.rpm osa-common-5.11.57-1.el7.noarch.rpm libnl-1.1.4-3.el7.x86_64.rpm m2crypto-0.21.1-15.el7.x86_64.rpm pygobject2-2.28.6-11.el7.x86_64.rpm pyOpenSSL-0.13.1-3.el7.x86_64.rpm python-dmidecode-3.10.13-11.el7.x86_64.rpm python-ethtool-0.8-5.el7.x86_64.rpm usermode-1.111-5.el7.x86_64.rpm python-gudev-147.2-7.el7.x86_64.rpm libxml2-python-2.9.1-5.el7_1.2.x86_64.rpm<br /> cd ..<br /> rm -rf reg-rpms<br /> mkdir keys<br /> cd keys<br /> wget http://spacewalk.devnet.prv/pub/keys/RPM-GPG-KEY-EPEL-6 http://spacewalk.devnet.prv/pub/keys/RPM-GPG-KEY-CentOS-6 http://spacewalk.devnet.prv/pub/keys/RPM-GPG-KEY-EPEL-7 http://spacewalk.devnet.prv/pub/keys/RPM-GPG-KEY-CentOS-7 http://spacewalk.devnet.prv/pub/keys/RPM-GPG-KEY-redhat-release5 http://spacewalk.devnet.prv/pub/keys/RPM-GPG-KEY-redhat-release6 http://spacewalk.devnet.prv/pub/keys/RPM-GPG-KEY-spacewalk-2014 http://spacewalk.devnet.prv/pub/keys/RPM-GPG-KEY-spacewalk-2012 http://spacewalk.devnet.prv/pub/keys/RPM-GPG-KEY-spacewalk-2010 http://spacewalk.devnet.prv/pub/keys/RPM-GPG-KEY-spacewalk-2008<br /> rpm --import *<br /> cd ..<br /> rm -rf keys/<br /> mkdir -p /etc/sysconfig/rhn/allowed-actions/script<br /> touch /etc/sysconfig/rhn/allowed-actions/script/run<br /> mkdir -p /etc/sysconfig/rhn/allowed-actions/configfiles<br /> touch /etc/sysconfig/rhn/allowed-actions/configfiles/all<br /> mkdir -p /usr/share/rhn/<br /> wget http://spacewalk.devnet.prv/pub/RHN-ORG-TRUSTED-SSL-CERT -O /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT <br /> perl -npe 's/RHNS-CA-CERT/RHN-ORG-TRUSTED-SSL-CERT/g' -i /etc/sysconfig/rhn/*<br /> rhnreg_ks --serverUrl=https://spacewalk.devnet.prv/XMLRPC --sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT --activationkey=1-centos7<br /> <br /> == Building RPM's ==<br /> https://fedoraproject.org/wiki/How_to_create_an_RPM_package#Preparing_your_system<br /> <br /> == Finding GPG key ID and fingerprint ==<br /> gpg --with-fingerprint RPM-GPG-KEY-redhat-release5<br /> <br /> Output (First highlighted area is the ID and the Second is the fingerprint):<br /> pub 1024D/&lt;span style=&quot;background:#FFFF00&quot;&gt;37017186&lt;/span&gt; 2006-12-06 Red Hat, Inc. (release key) &lt;security@redhat.com&gt;<br /> Key fingerprint = &lt;span style=&quot;background:#FFFF00&quot;&gt;47DB 2877 89B2 1722 B6D9 5DDE 5326 8101 3701 7186&lt;/span&gt;<br /> <br /> == Import GPG key on Servers ==<br /> === Centos 6 ===<br /> wget http://spacewalk.devnet.prv/pub/keys/RPM-GPG-KEY-EPEL-6<br /> wget http://spacewalk.devnet.prv/pub/keys/RPM-GPG-KEY-CentOS-6<br /> rpm --import RPM-GPG-KEY-EPEL-6 RPM-GPG-KEY-CentOS-6<br /> rm -f RPM-GPG-KEY-EPEL-6 RPM-GPG-KEY-CentOS-6<br /> <br /> === Centos 7 ===<br /> wget http://spacewalk.devnet.prv/pub/keys/RPM-GPG-KEY-EPEL-7<br /> wget http://spacewalk.devnet.prv/pub/keys/RPM-GPG-KEY-CentOS-7<br /> rpm --import RPM-GPG-KEY-EPEL-7 RPM-GPG-KEY-CentOS-7<br /> rm -f RPM-GPG-KEY-EPEL-7 RPM-GPG-KEY-CentOS-7<br /> <br /> === RHEL 5 ===<br /> wget http://spacewalk.devnet.prv/pub/keys/RPM-GPG-KEY-redhat-release5<br /> rpm --import RPM-GPG-KEY-redhat-release5<br /> rm -f RPM-GPG-KEY-redhat-release5<br /> <br /> === RHEL 6 ===<br /> wget http://spacewalk.devnet.prv/pub/keys/RPM-GPG-KEY-redhat-release6<br /> wget http://spacewalk.devnet.prv/pub/keys/RPM-GPG-KEY-EPEL-6<br /> rpm --import RPM-GPG-KEY-redhat-release6 RPM-GPG-KEY-EPEL-6<br /> rm -f RPM-GPG-KEY-redhat-release6 RPM-GPG-KEY-EPEL-6<br /> <br /> == Configure PXE Booting ==<br /> === Change PXE Menu Names ===<br /> vi /etc/cobbler/pxe/pxeprofile.template<br /> #set $new_name = $profile_name.replace(':1:SpacewalkDefaultOrganization', ' ')<br /> #set $new_menu_label = $menu_label.replace(':1:SpacewalkDefaultOrganization', ' ')<br /> LABEL $new_name<br /> MENU PASSWD<br /> kernel $kernel_path<br /> $new_menu_label<br /> $append_line<br /> ipappend 2<br /> Update PXE files<br /> cobbler sync<br /> cat /var/lib/tftpboot/pxelinux.cfg/default<br /> <br /> === Add Password, Background, and WindowsDeployment to PXE Menu ===<br /> vi /etc/cobbler/pxe/pxedefault.template<br /> DEFAULT vesamenu.c32<br /> PROMPT 0<br /> MENU TITLE DevNet Image Central<br /> MENU BACKGROUND /devnetSplash.png<br /> MENU MARGIN 1<br /> MENU ROWS 15<br /> MENU COLOR BORDER 30;44 #ffffffff #00000000 std<br /> MENU COLOR TITLE 1;36;44 #ffffffff #00000000 std<br /> MENU COLOR UNSEL 37;44 #ffffffff #00000000 std<br /> MENU COLOR TIMEOUT_MSG 37;40 #ffffffff #00000000 std<br /> MENU MASTER PASSWD $1$YVi/j0hL$a6SdxIUHZCA7jFisNZh6O/<br /> TIMEOUT 80<br /> TOTALTIMEOUT 6000<br /> ONTIMEOUT $pxe_timeout_profile<br /> LABEL local<br /> MENU LABEL (Boot Local System)<br /> MENU DEFAULT<br /> LOCALBOOT 0 <br /> $pxe_menu_items<br /> LABEL WindowsDeployment<br /> MENU LABEL Windows Deployment<br /> MENU PASSWD<br /> PXE tftp://10.81.49.27/pxelinux.0 <br /> MENU end<br /> == Setup Pam Authentication w/ VAS ==<br /> * Put the following in /etc/pam.d/rhn-satellite<br /> #%PAM-1.0<br /> auth required pam_env.so<br /> auth sufficient pam_vas3.so<br /> auth required pam_deny.so<br /> account sufficient pam_vas3.so<br /> account requisite pam_vas3.so echo_return<br /> account required pam_unix.so broken_shadow<br /> * Add the following line to /etc/rhn/rhn.conf<br /> pam_auth_service = rhn-satellite<br /> == Troubleshooting ==<br /> === Client Yum Errors ===<br /> '''Error: Cannot retrieve repository metadata (repomd.xml) for repository: &lt;channel&gt; Please verify its path and try again.'''<br /> * Client Side: Check /etc/sysconfig/rhn/up2date and make sure that the spacewalk URL is Fully Qualified.<br /> * Spacewalk Side: Check /var/cache/rhn/repodata/&lt;channel&gt;/<br /> ** If noyumrepo.txt exists log into the Web GUI and manage channels. Make sure that the channel Checksum Type is not set to 'None'.<br /> === Kickstart Errors ===<br /> '''Installing error populating transaction, retrying (1/10)'''<br /> '''error populating transaction after 10 retries: failure: getPackage/&lt;package name&gt; from &lt;repo name&gt;: [Errno 256] No more mirrors to try.'''<br /> * Spacewalk Side: Try running the following command:<br /> chmod -R 777 /var/satellite/redhat/1/<br /> <br /> = Spacewalk Scripts =<br /> ==cleanupPackages==<br /> ==convertISOtoKickstartTree==<br /> ==createKickstartISO==<br /> ==exportAllChannels==<br /> ==findAndGetKickstartTree==<br /> ==getCompletedActionId==<br /> ==getServerIds==<br /> ==makeKickstartTree==<br /> ==pushConfigurationChannelFiles==<br /> ==reposync==<br /> ==spacewalkCreds==</div> Admin http://wiki.dersllc.com/index.php?title=DREN/Kickstart/snippets&diff=50 DREN/Kickstart/snippets 2023-06-02T19:36:23Z <p>Admin: /* | StatusBarScript */</p> <hr /> <div>= AddADGroups =<br /> #raw<br /> printf &quot; Adding AD Groups: &quot;<br /> /bin/bash /tmp/status.sh &amp;<br /> <br /> groupadd domain_users -g 1342600513<br /> <br /> STATUSPID=`ps -ef | grep status| egrep -v grep | head -1 | awk '{print $2}'`<br /> kill $STATUSPID<br /> printf &quot;\b\b\b\b\b\b\b\b&quot;<br /> echo -e &quot;[ \e[1;32mOK\e[0;39m ]&quot;<br /> #end raw<br /> <br /> = AddAcasUser =<br /> #raw<br /> printf &quot; Creating ACAS Scan User: &quot;<br /> /bin/bash /tmp/status.sh &amp;<br /> <br /> useradd scan_account -g users<br /> sudo -u scan_account ssh-keygen -b 2048 -t rsa -f /home/scan_account/.ssh/id_rsa -q -N &quot;&quot;<br /> sudo -u scan_account rm -rf /home/scan_account/.ssh/id_rsa <br /> sudo -u scan_account curl --cacert /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT https://rdhpwngmp-01/pub/kickstart/nga_acas.pub &gt; /home/scan_account/.ssh/authorized_keys<br /> <br /> STATUSPID=`ps -ef | grep status| egrep -v grep | head -1 | awk '{print $2}'`<br /> kill $STATUSPID<br /> printf &quot;\b\b\b\b\b\b\b\b&quot;<br /> echo -e &quot;[ \e[1;32mOK\e[0;39m ]&quot;<br /> #end raw<br /> <br /> = AddMounts =<br /> #raw<br /> printf &quot; Adding NFS Mounts: &quot;<br /> /bin/bash /tmp/status.sh &amp;<br /> <br /> mkdir -p /users<br /> chown :domain_users /users<br /> chmod 775 /users<br /> mkdir -p /data<br /> chown :domain_users /data<br /> chmod 775 /data<br /> echo 'users:/users /users nfs noauto,x-systemd.automount,x-systemd.device-timeout=10,timeo=14,relatime 0 0' &gt;&gt; /etc/fstab<br /> echo 'data:/data /data nfs noauto,x-systemd.automount,x-systemd.device-timeout=10,timeo=14,relatime 0 0' &gt;&gt; /etc/fstab<br /> <br /> STATUSPID=`ps -ef | grep status| egrep -v grep | head -1 | awk '{print $2}'`<br /> kill $STATUSPID<br /> printf &quot;\b\b\b\b\b\b\b\b&quot;<br /> echo -e &quot;[ \e[1;32mOK\e[0;39m ]&quot;<br /> #end raw<br /> <br /> = AddScaleUser =<br /> #raw<br /> printf &quot; Creating Scale User: &quot;<br /> /bin/bash /tmp/status.sh &amp;<br /> <br /> useradd scale -u 7498 -g 1342600513 -G users<br /> sed -i 's~scale:!!:~scale:$6$hQ5XU8FI$BFssO833kwMzahuVXMnMO9qReK4VRAXtMKRL/csxtJoFtj7Wgc9twzp6E79jw8y.U/JfSqMhzMafhijnISiyh1:~' /etc/shadow<br /> <br /> STATUSPID=`ps -ef | grep status| egrep -v grep | head -1 | awk '{print $2}'`<br /> kill $STATUSPID<br /> printf &quot;\b\b\b\b\b\b\b\b&quot;<br /> echo -e &quot;[ \e[1;32mOK\e[0;39m ]&quot;<br /> #end raw<br /> <br /> = AddSpacewalkToHosts =<br /> #raw<br /> printf &quot; Adding Spacewalk server to /etc/hosts: &quot;<br /> /bin/bash /tmp/status.sh &amp;<br /> curl http://140.32.192.51/pub/kickstart/hosts &gt; /mnt/sysimage/etc/hosts<br /> curl http://140.32.192.51/pub/kickstart/hosts &gt; /etc/hosts<br /> STATUSPID=`ps -ef | grep status| egrep -v grep | head -1 | awk '{print $2}'`<br /> kill $STATUSPID<br /> printf &quot;\b\b\b\b\b\b\b\b&quot;<br /> echo -e &quot;[ \e[1;32mOK\e[0;39m ]&quot;<br /> #end raw<br /> <br /> = ForceTime =<br /> printf &quot; Forcing Time Synce with NTP Server: &quot;<br /> /bin/bash /tmp/status.sh &amp;<br /> ntpdate -s 140.32.191.249<br /> STATUSPID=`ps -ef | grep status| egrep -v grep | head -1 | awk '{print $2}'`<br /> kill $STATUSPID<br /> printf &quot;\b\b\b\b\b\b\b\b&quot;<br /> echo -e &quot;[ \e[1;32mOK\e[0;39m ]&quot;<br /> <br /> = InstallDCOSMaster =<br /> #raw<br /> printf &quot; Installing DCOS Master: &quot;<br /> /bin/bash /tmp/status.sh &amp;<br /> #end raw<br /> $SNIPPET('spacewalk/1/InstallDCOSPrereqs')<br /> #raw<br /> # This is needed for using the dcos command with jenkins <br /> yum -y install expect &amp;&gt; /dev/null<br /> <br /> # Creating installDCOS.sh script <br /> echo &quot;#CHECK=\`systemctl is-active docker\`&quot; &gt; /root/installDCOS.sh<br /> echo &quot;#while [[ \$CHECK != 'active' ]]; do sleep 5; CHECK=\`systemctl is-active docker\`;done&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;/bin/bash /tmp/dcos/dcos_install.sh master&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;mkdir -p /var/log/mesos/archive&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;echo 'ENABLE_CHECK_TIME=false' &gt;&gt; /opt/mesosphere/environment&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;#sleep 6000&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;#rm -rf /root/installDCOS.sh&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;sed -i 's/\/bin\/bash\ \/root\/installDCOS.sh//g' /etc/rc.d/rc.local&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;sed -i 's~LD_LIBRARY_PATH=/opt/mesosphere/lib~LD_LIBRARY_PATH=/lib64~' /opt/mesosphere/environment.export&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;curl -fLsS --retry 20 -Y 100000 -y 60 https://downloads.dcos.io/binaries/cli/linux/x86-64/dcos-1.8/dcos -o dcos&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;mv dcos /usr/local/bin&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;chmod +x /usr/local/bin/dcos&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;dcos config set core.dcos_url http://172.16.99.200&quot; &gt;&gt; /root/installDCOS.sh<br /> <br /> chmod 777 /root/installDCOS.sh<br /> echo &quot;/bin/bash /root/installDCOS.sh&quot; &gt;&gt; /etc/rc.d/rc.local<br /> chmod +x /etc/rc.d/rc.local<br /> <br /> STATUSPID=`ps -ef | grep status| egrep -v grep | head -1 | awk '{print $2}'`<br /> kill $STATUSPID<br /> printf &quot;\b\b\b\b\b\b\b\b&quot;<br /> echo -e &quot;[ \e[1;32mOK\e[0;39m ]&quot;<br /> #end raw<br /> <br /> = InstallDCOSPrereqs =<br /> echo &quot;proxy=http://192.168.1.73:3128&quot; &gt;&gt; /etc/yum.conf<br /> yum -y install ipset tar xz unzip curl docker docker-selinux &amp;&gt; /dev/null<br /> yum -y upgrade &amp;&gt; /dev/null<br /> <br /> grep -q Restart=on-failure /usr/lib/systemd/system/docker.service &amp;&amp; printf 'Restart function is already set in systemd script' || sed -i '/MountFlags=slave/aRestart=on-failure' /usr/lib/systemd/system/docker.service<br /> rhncfg-client get<br /> systemctl daemon-reload <br /> systemctl enable docker.service<br /> systemctl start docker.service<br /> <br /> # DCOS requires this firewall to be shut off.<br /> ## https://docs.mesosphere.com/1.7/administration/installing/custom/system-requirements/<br /> systemctl disable firewalld<br /> systemctl stop firewalld<br /> <br /> mkdir -p /var/{lib,log}/mesos<br /> chown nobody /var/{lib,log}/mesos<br /> touch /var/marathon.ip<br /> chown /var/marathon.ip<br /> <br /> groupadd nogroup -g 9999<br /> groupadd docker<br /> <br /> yum -y remove dnsmasq &amp;&gt; /dev/null<br /> PIDS=`ps -ef | grep dnsmasq | egrep -v grep | awk '{ print $2 }'`<br /> kill $PIDS<br /> mkdir -p /tmp/dcos &amp;&amp; cd /tmp/dcos<br /> #curl -s http://140.32.192.51/dcos/install/genconf/serve/dcos_install.sh &gt; dcos_install.sh<br /> curl -s http://192.168.1.73:81/dcos/genconf/serve/dcos_install.sh &gt; dcos_install.sh<br /> <br /> = InstallDCOSSlave =<br /> #raw<br /> printf &quot; Installing DCOS Slave: &quot;<br /> /bin/bash /tmp/status.sh &amp;<br /> #end raw<br /> $SNIPPET('spacewalk/1/InstallDCOSPrereqs')<br /> #raw<br /> echo &quot;setenforce 0&quot; &gt; /root/installDCOS.sh<br /> echo &quot;#CHECK=\`systemctl is-active docker\`&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;#while [[ \$CHECK != 'active' ]]; do sleep 5; CHECK=\`systemctl is-active docker\`;done&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;/bin/bash /tmp/dcos/dcos_install.sh slave&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;DCOS_CONFIG=\`grep -ir 'MESOS_HOSTNAME_LOOKUP=false' /opt/mesosphere/packages/dcos-config* | grep mesos-slave-common | cut -d ':' -f 1\`&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;for i in \$DCOS_CONFIG; do sed -i 's~MESOS_HOSTNAME_LOOKUP=.*~MESOS_HOSTNAME_LOOKUP=true~' \$i; done&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;rm -rf /var/lib/mesos/slave/meta/slaves/latest&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;echo 'ENABLE_CHECK_TIME=false' &gt;&gt; /opt/mesosphere/environment&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;#sleep 6000&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;#rm -rf /root/installDCOS.sh&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;sed -i 's/\/bin\/bash\ \/root\/installDCOS.sh//g' /etc/rc.d/rc.local&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;sed -i 's~LD_LIBRARY_PATH=/opt/mesosphere/lib~LD_LIBRARY_PATH=/lib64~' /opt/mesosphere/environment.export&quot; &gt;&gt; /root/installDCOS.sh<br /> <br /> chmod 777 /root/installDCOS.sh<br /> echo &quot;/bin/bash /root/installDCOS.sh&quot; &gt;&gt; /etc/rc.d/rc.local<br /> chmod +x /etc/rc.d/rc.local<br /> <br /> STATUSPID=`ps -ef | grep status| egrep -v grep | head -1 | awk '{print $2}'`<br /> kill $STATUSPID<br /> printf &quot;\b\b\b\b\b\b\b\b&quot;<br /> echo -e &quot;[ \e[1;32mOK\e[0;39m ]&quot;<br /> #end raw<br /> <br /> = InstallDesktopPackages =<br /> #raw<br /> printf &quot; Installing GNOME Desktop Packages: &quot;<br /> /bin/bash /tmp/status.sh &amp;<br /> yum -y --nogpgcheck groupinstall &quot;GNOME Desktop&quot; &amp;&gt; /dev/null<br /> sed -i 's/id:3:/id:5:/' /etc/inittab<br /> systemctl set-default graphical.target<br /> rm -f /etc/xdg/autostart/gnome-initial-setup-first-login.desktop &amp;&gt; /dev/null<br /> rm -f /etc/xdg/autostart/gnome-initial-setup-copy-worker.desktop &amp;&gt; /dev/null<br /> rm -f /etc/xdg/autostart/gnome-welcome-tour.desktop &amp;&gt; /dev/null<br /> sed -i '/daemon/a InitialSetupEnable=False' /etc/gdm/custom.conf<br /> STATUSPID=`ps -ef | grep status| egrep -v grep | head -1 | awk '{print $2}'`<br /> kill $STATUSPID<br /> printf &quot;\b\b\b\b\b\b\b\b&quot;<br /> echo -e &quot;[ \e[1;32mOK\e[0;39m ]&quot;<br /> #end raw<br /> <br /> = InstallVMTools =<br /> #raw<br /> if [[ $(lspci|grep -i vmware) ]]; then<br /> printf &quot; Installing VMware Tools: &quot;<br /> /bin/bash /tmp/status.sh &amp;<br /> yum -y install open-vm-tools<br /> STATUSPID=`ps -ef | grep status| egrep -v grep | head -1 | awk '{print $2}'`<br /> kill $STATUSPID<br /> printf &quot;\b\b\b\b\b\b\b\b&quot;<br /> echo -e &quot;[ \e[1;32mOK\e[0;39m ]&quot;<br /> fi<br /> #end raw<br /> <br /> = JoinAD =<br /> #raw<br /> printf &quot; Creating /root/joinAD.sh: &quot;<br /> /bin/bash /tmp/status.sh &amp;<br /> <br /> yum install -y realmd samba samba-common oddjob oddjob-mkhomedir sssd adcli sssd-tools samba-libs krb5-workstation &amp;&gt; /dev/null<br /> echo 'read -p &quot;Enter Admin Username: &quot; USERNAME' &gt; /root/joinAD.sh<br /> echo 'yum install -y realmd samba samba-common oddjob oddjob-mkhomedir sssd adcli sssd-tools samba-libs krb5-workstation &amp;&gt; /dev/null' &gt;&gt; /root/joinAD.sh<br /> echo 'rhncfg-client get &amp;&gt; /dev/null' &gt;&gt; /root/joinAD.sh<br /> echo 'realm leave' &gt;&gt; /root/joinAD.sh<br /> echo 'sleep 5' &gt;&gt; /root/joinAD.sh<br /> echo 'realm join --user=$USERNAME &quot;711hpw.afrl-wrs.hpc.mil&quot;' &gt;&gt; /root/joinAD.sh<br /> echo 'sleep 15' &gt;&gt; /root/joinAD.sh<br /> echo 'systemctl stop sssd' &gt;&gt; /root/joinAD.sh<br /> echo 'rm -rf /var/lib/sss/db/*' &gt;&gt; /root/joinAD.sh<br /> echo 'rhncfg-client get &amp;&gt; /dev/null' &gt;&gt; /root/joinAD.sh<br /> echo 'systemctl start sssd' &gt;&gt; /root/joinAD.sh<br /> echo 'sleep 10' &gt;&gt; /root/joinAD.sh<br /> echo 'systemctl restart sssd' &gt;&gt; /root/joinAD.sh<br /> chmod 777 /root/joinAD.sh<br /> <br /> STATUSPID=`ps -ef | grep status| egrep -v grep | head -1 | awk '{print $2}'`<br /> kill $STATUSPID<br /> printf &quot;\b\b\b\b\b\b\b\b&quot;<br /> echo -e &quot;[ \e[1;32mOK\e[0;39m ]&quot;<br /> #end raw<br /> <br /> = PostNoChroot-InstallNetworking =<br /> $SNIPPET('spacewalk/1/StatusBarScript')<br /> $SNIPPET('spacewalk/1/SwitchToTTY7')<br /> #raw<br /> # Set-Hostname-Network Snippet<br /> printf &quot; Setting up Networking: &quot;<br /> /bin/bash /tmp/status.sh &amp;<br /> PID=`ps -ef | grep status.sh | egrep -v grep | sed 's/\ \ \ \ /\ /g' | sed 's/\ \ \ /\ /g' | sed 's/\ \ /\ /g' | cut -d ' ' -f 2`<br /> \cp -f /tmp/network /mnt/sysimage/etc/sysconfig/network<br /> \cp -f /tmp/hostname /mnt/sysimage/tmp/hostname<br /> \cp -f /tmp/newnic.txt /mnt/sysimage/tmp/newnic.txt<br /> \cp -f /tmp/nics.txt /mnt/sysimage/tmp/nics.txt<br /> NAME`grep HOSTNAME /tmp/hostname | cut -d &quot;=&quot; -f 2`<br /> /mnt/sysimage/usr/bin/hostname ${NAME} &amp;&gt; /dev/null<br /> /mnt/sysimage/usr/bin/hostnamectl set-hostname ${NAME} &amp;&gt; /dev/null<br /> /bin/hostname ${NAME} &amp;&gt; /dev/null<br /> /bin/hostnamectl set-hostname ${NAME} &amp;&gt; /dev/null<br /> /mnt/sysimage/bin/hostname ${NAME} &amp;&gt; /dev/null<br /> /mnt/sysimage/bin/hostnamectl set-hostname ${NAME} &amp;&gt; /dev/null<br /> DEVICE1=`cat /tmp/newnic.txt`<br /> \cp -f /tmp/ifcfg-${DEVICE1} /mnt/sysimage/etc/sysconfig/network-scripts/ifcfg-${DEVICE1}<br /> \cp -f /tmp/ifcfg-${DEVICE1} /mnt/sysimage/tmp/ifcfg-${DEVICE1}<br /> while read NIC<br /> do<br /> \cp -f /tmp/ifcfg-${NIC} /mnt/sysimage/etc/sysconfig/network-scripts/ifcfg-${NIC}<br /> \cp -f /tmp/ifcfg-${NIC} /mnt/sysimage/tmp/ifcfg-${NIC}<br /> done &lt; /tmp/nics.txt<br /> \cp -f /tmp/newnic.txt /mnt/sysimage/tmp/newnic.txt<br /> \cp -f /tmp/nics.txt /mnt/sysimage/tmp/nics.txt<br /> kill $PID<br /> printf &quot;\b\b\b\b\b\b\b\b&quot;<br /> echo -e &quot;[ \e[1;32mOK\e[0;39m ]&quot;<br /> printf &quot; Setting up DNS: &quot;<br /> /bin/bash /tmp/status.sh &amp;<br /> \cp -f /tmp/resolv.conf /mnt/sysimage/etc/resolv.conf<br /> PID=`ps -ef | grep status.sh | egrep -v grep | sed 's/\ \ \ \ /\ /g' | sed 's/\ \ \ /\ /g' | sed 's/\ \ /\ /g' | cut -d ' ' -f 2`<br /> kill $PID<br /> printf &quot;\b\b\b\b\b\b\b\b&quot;<br /> echo -e &quot;[ \e[1;32mOK\e[0;39m ]&quot;<br /> #end raw<br /> $SNIPPET('spacewalk/1/SwitchToTTY1')<br /> <br /> = PreScript Get-Hostname-Network =<br /> $SNIPPET('spacewalk/1/SwitchToTTY7')<br /> #raw<br /> # Get-Hostname-Network Snippet<br /> uname -r | grep -q el7 &amp;&amp; OS7=True || OS7=False<br /> uname -r | grep -q el6 &amp;&amp; OS6=True || OS6=False<br /> SEP7=&quot;#########################################################################################&quot;<br /> LINE7=&quot;-----------------------------------------------------------------------------------------&quot;<br /> SEP6=&quot;#####################################################################&quot;<br /> LINE6=&quot;---------------------------------------------------------------------&quot;<br /> SPACE=&quot; &quot;<br /> TITLE1=&quot;\e[4;32m&quot;<br /> TITLE2=&quot;\e[39;0m&quot;<br /> QUESTION1=&quot;\e[31;1m&quot;<br /> QUESTION2=&quot;\e[39;0m&quot;<br /> <br /> if [[ $OS7 = &quot;True&quot; ]]; then<br /> setterm -powersave off -blank 0<br /> DNS1=`nmcli device show | grep DNS | sed 's/\ //g' | cut -d ':' -f 2 | head -1`<br /> DNS2=`nmcli device show | grep DNS | sed 's/\ //g' | cut -d ':' -f 2 | head -2 | tail -1`<br /> DOMAIN1=`nmcli device show | grep DOMAIN | sed 's/\ //g' | cut -d ':' -f 2`<br /> GW1=`nmcli device show | grep GATEWAY | sed 's/\ //g' | cut -d ':' -f 2 | head -1`<br /> DEVICE=`nmcli device | grep ' connected ' | cut -d ' ' -f 1`<br /> NM1=`ifconfig | grep netmask | sed 's/.*\ 255/255/' | head -1 | cut -d ' ' -f 1`<br /> echo $SEP7<br /> echo -e $SPACE $TITLE1 &quot;DISCOVERED VARIABLES&quot; $TITLE2<br /> echo $LINE7<br /> fi<br /> if [[ $OS6 = &quot;True&quot; ]]; then<br /> DNS1=`cat /etc/resolv.conf | grep nameserver | cut -d ' ' -f 2 | head -1`<br /> DNS2=`cat /etc/resolv.conf | grep nameserver | cut -d ' ' -f 2 | head -2 | tail -1`<br /> DOMAIN1=`cat /etc/resolv.conf | grep domain | cut -d ' ' -f 2 | head -1`<br /> GW1=`ip route show | grep default | cut -d ' ' -f 3`<br /> DEVICE=`ip addr show | grep inet | grep brd | cut -d ' ' -f 11`<br /> NM1=`ifconfig | grep Mask | sed 's/.*\ 255\255/' | head -1 | cut -d ':' -f 4`<br /> echo $SEP6<br /> echo -e $SPACE $TITLE1 &quot;DISCOVERED VARIABLES&quot; $TITLE2<br /> echo $LINE6<br /> fi<br /> NICNUM=`ip link show | grep &quot;: &quot; | egrep -v lo | wc -l`<br /> ip link show | grep &quot;: &quot; | egrep -v lo | cut -d ':' -f 2 | cut -d ' ' -f 2 &gt; /tmp/nics.txt<br /> LINKNUM=0<br /> COUNT=1<br /> while read NIC<br /> do <br /> LINK1=`ethtool ${NIC} | grep &quot;Link detected:&quot; | cut -d ':' -f 2 | sed 's/\ //'`<br /> if [[ $LINK1 = &quot;yes&quot; ]]; then<br /> let LINKNUM=LINKNUM+1<br /> LINKCHOICE=$COUNT<br /> fi<br /> let COUNT=COUNT+1<br /> done &lt; /tmp/nics.txt<br /> echo -e ' DNS1 Server:\t\t\t'${DNS1}<br /> echo -e ' DNS2 Server:\t\t\t'${DNS2}<br /> echo -e ' Domain Name:\t\t\t'${DOMAIN1}<br /> echo -e ' Current Network Device:\t'${DEVICE}<br /> echo -e ' Number of Network Devices:\t'${NICNUM}<br /> echo -e ' Gateway:\t\t\t'${GW1}<br /> echo -e ' Netmask:\t\t\t'${NM1}<br /> if [ $NICNUM -ne 1 ]; then<br /> if [ $LINKNUM -ne 1 ]; then<br /> if [[ $OS7 = &quot;True&quot; ]]; then<br /> echo $SEP7<br /> echo -e $QUESTION1 &quot;WHAT NETWORK DEVICE DO YOU WANT THIS SERVER TO USE?&quot; $QUESTION2<br /> echo -e &quot; Note: This kickstart will continue to use the \e[31m&quot;${DEVICE}&quot;\e[39m for the installation.&quot;<br /> echo &quot; Note: If you choose nothing it will default to option 1.&quot;<br /> echo $LINE7<br /> fi<br /> if [[ $OS6 = &quot;True&quot; ]]; then<br /> echo $SEP6<br /> echo -e $QUESTION1 &quot;WHAT NETWORK DEVICE DO YOU WANT THIS SERVER TO USE?&quot; $QUESTION2<br /> echo -e &quot; Note: This kickstart will continue to use the \e[31m&quot;${DEVICE}&quot;\e[39m for the installation.&quot;<br /> echo &quot; Note: If you choose nothing it will default to option 1.&quot;<br /> echo $LINE6<br /> fi<br /> COUNT=1<br /> while read NIC<br /> do<br /> LINK=`ethtool ${NIC} | grep &quot;Link detected:&quot; | cut -d ':' -f 2 | sed 's/\ //'`<br /> echo -e &quot; $COUNT: DEVICE:\t\t$NIC&quot;<br /> DRIVER=`ethtool -i ${NIC} | grep driver | cut -d ':' -f 2 | sed 's/\ //'`<br /> echo -e &quot; DRIVER:\t\t$DRIVER&quot;<br /> TENG=`ethtool -i ${NIC} | grep baseT | grep 10000 | wc -l`<br /> if [ TENG -eq 0 ]; then <br /> ONEG=`ethtool -i ${NIC} | grep baseT | grep 1000 | wc -l`<br /> if [ ONEG -eq 0 ]; then<br /> echo &quot;NOT 1G Networking&quot; &gt; /dev/null<br /> else<br /> echo -e &quot; SPEED:\t\t1G&quot;<br /> fi<br /> else<br /> echo -e &quot; SPEED:\t\t10G&quot;<br /> fi<br /> echo -e &quot; LINK:\t\t$LINK&quot;<br /> if [[ $OS7 = &quot;True&quot; ]]; then<br /> echo $LINE7<br /> fi<br /> if [[ $OS6 = &quot;True&quot; ]]; then<br /> echo $LINE6<br /> fi<br /> let COUNT=COUNT+1<br /> done &lt; /tmp/nics.txt<br /> printf &quot; &quot;<br /> read NICCHOICE<br /> else<br /> NICCHOICE=$LINKCHOICE<br /> fi<br /> if [ -z $NICCHOICE ]; then NICCHOICE=1; fi<br /> fi<br /> CMD='cat /tmp/nics.txt | head -'$NICCHOICE' | tail -1'<br /> DEVICE1=`eval $CMD`<br /> if [[ $OS7 = &quot;True&quot; ]]; then<br /> echo $SEP7<br /> echo -e $QUESTION1 &quot;WHAT HOSTNAME DO YOU WANT THIS SERVER TO USE?&quot; $QUESTION2<br /> echo &quot; Note: If this hostname is already in DNS you will NOT need to enter an IP address.&quot;<br /> echo $LINE7 <br /> fi<br /> if [[ $OS6 = &quot;True&quot; ]]; then<br /> echo $SEP6<br /> echo -e $QUESTION1 &quot;WHAT HOSTNAME DO YOU WANT THIS SERVER TO USE?&quot; $QUESTION2<br /> echo &quot; Note: If this hostname is already in DNS you will NOT need to enter an IP address.&quot;<br /> echo $LINE6<br /> fi<br /> printf &quot; &quot;<br /> if [ -f &quot;/tmp/pre_install_network_config&quot; ]; then<br /> NAME=`cat /tmp/pre_install_network_config | sed 's/.*--hostname=//' | cut -d '.' -f 1`<br /> echo $NAME<br /> else<br /> read NAME<br /> fi<br /> echo &quot;&quot;<br /> NAME1=`nslookup ${NAME} ${DNS1} | grep Name | head -1 | cut -f 2`<br /> if [[ -z ${NAME1} ]]; then<br /> NAME=`echo ${NAME}.${DOMAIN1}`<br /> else<br /> NAME=`echo ${NAME1}`<br /> fi<br /> /bin/hostnamectl set-hostname ${NAME}<br /> ADDR=`cat /etc/hosts | grep -i ${NAME} | egrep -v KVM | awk '{ print $1 }'`<br /> if [[ -z ${ADDR} ]]; then<br /> ADDR=`nslookup ${NAME} ${DNS1} | tail -2 | head -1 | cut -d ' ' -f 2`<br /> fi<br /> if [[ &quot;${ADDR}&quot; == &quot;server&quot; ]]; then<br /> if [[ $OS7 = &quot;True&quot; ]]; then<br /> echo $SEP7<br /> echo -e $QUESTION1 &quot;WHAT IP ADDRESS DO YOU WANT THIS SERVER TO USE?&quot; $QUESTION2<br /> echo $LINE7<br /> fi<br /> if [[ $OS6 = &quot;True&quot; ]]; then<br /> echo $SEP6<br /> echo -e $QUESTION1 &quot;WHAT IP ADDRESS DO YOU WANT THIS SERVER TO USE?&quot; $QUESTION2<br /> echo $LINE6<br /> fi<br /> printf &quot; &quot;<br /> read ADDR<br /> echo &quot;&quot;<br /> fi<br /> if [[ $OS7 = &quot;True&quot; ]]; then<br /> echo $SEP7<br /> echo -e $SPACE $TITLE1 &quot;USER DEFINED VARIABLES&quot; $TITLE2<br /> echo $LINE7<br /> fi<br /> if [[ $OS6 = &quot;True&quot; ]]; then<br /> echo $SEP6<br /> echo -e $SPACE $TITLE1 &quot;USER DEFINED VARIABLES&quot; $TITLE2<br /> echo $LINE6<br /> fi<br /> echo -e &quot; Hostname:\t\t&quot;${NAME}<br /> echo -e &quot; IP Address:\t\t&quot;${ADDR}<br /> echo -e &quot; Network Device:\t&quot;${DEVICE1}<br /> if [[ $OS7 = &quot;True&quot; ]]; then<br /> echo $SEP7<br /> fi<br /> if [[ $OS6 = &quot;True&quot; ]]; then<br /> echo $SEP6<br /> fi<br /> <br /> echo ${NAME} &gt; /tmp/hostname<br /> echo ${DEVICE1} &gt; /tmp/newnic.txt<br /> sed -i '/'$DEVICE1'/d' /tmp/nics.txt<br /> echo &quot;# GENERATED BY GET-HOSTNAME-NETWORK SNIPPET&quot; &gt; /tmp/network<br /> echo &quot;NETWORKING=yes&quot; &gt;&gt; /tmp/network<br /> echo &quot;HOSTNAME=&quot;${NAME} &gt;&gt; /tmp/network<br /> echo &quot;GATEWAY=&quot;${GW1} &gt;&gt; /tmp/network<br /> <br /> echo &quot;# GENERATED BY GET-HOSTNAME-NETWORK SNIPPET&quot; &gt; /tmp/ifcfg-${DEVICE1}<br /> echo &quot;DEVICE=&quot;${DEVICE1} &gt;&gt; /tmp/ifcfg-${DEVICE1}<br /> echo &quot;BOOTPROTO=none&quot; &gt;&gt; /tmp/ifcfg-${DEVICE1}<br /> echo &quot;IPV6INIT=no&quot; &gt;&gt; /tmp/ifcfg-${DEVICE1}<br /> echo &quot;MTU=1500&quot; &gt;&gt; /tmp/ifcfg-${DEVICE1}<br /> echo &quot;NM_CONTROLLED=no&quot; &gt;&gt; /tmp/ifcfg-${DEVICE1}<br /> echo &quot;ONBOOT=yes&quot; &gt;&gt; /tmp/ifcfg-${DEVICE1}<br /> echo &quot;TYPE=Ethernet&quot; &gt;&gt; /tmp/ifcfg-${DEVICE1}<br /> echo &quot;IPADDR=&quot;${ADDR} &gt;&gt; /tmp/ifcfg-${DEVICE1}<br /> echo &quot;NETMASK=&quot;${NM1} &gt;&gt; /tmp/ifcfg-${DEVICE1}<br /> echo &quot;GATEWAY=&quot;${GW1} &gt;&gt; /tmp/ifcfg-${DEVICE1}<br /> echo &quot;DNS1=&quot;${DNS1} &gt;&gt; /tmp/ifcfg-${DEVICE1}<br /> echo &quot;DNS2=&quot;${DNS2} &gt;&gt; /tmp/ifcfg-${DEVICE1}<br /> echo &quot;DOMAIN=&quot;${DOMAIN1} &gt;&gt; /tmp/ifcfg-${DEVICE1}<br /> while read NIC1<br /> do<br /> echo &quot;# GENERATED BY GET-HOSTNAME-NETWORK SNIPPET&quot; &gt; /tmp/ifcfg-${NIC1}<br /> echo &quot;DEVICE=&quot;${NIC1} &gt;&gt; /tmp/ifcfg-${NIC1}<br /> echo &quot;BOOTPROTO=none&quot; &gt;&gt; /tmp/ifcfg-${NIC1}<br /> echo &quot;IPV6INIT=no&quot; &gt;&gt; /tmp/ifcfg-${NIC1}<br /> echo &quot;MTU=1500&quot; &gt;&gt; /tmp/ifcfg-${NIC1}<br /> echo &quot;NM_CONTROLLED=no&quot; &gt;&gt; /tmp/ifcfg-${NIC1}<br /> echo &quot;ONBOOT=no&quot; &gt;&gt; /tmp/ifcfg-${NIC1}<br /> done &lt; /tmp/nics.txt<br /> echo &quot;# GENERATED BY GET-HOSTNAME-NETWORK SNIPPET&quot; &gt; /tmp/resolv.conf<br /> echo &quot;search &quot;${DOMAIN1} &gt;&gt; /tmp/resolv.conf<br /> echo &quot;nameserver &quot;${DNS1} &gt;&gt; /tmp/resolv.conf<br /> echo &quot;nameserver &quot;${DNS2} &gt;&gt; /tmp/resolv.conf<br /> <br /> if [[ $OS7 = &quot;True&quot; ]]; then<br /> echo -e $SPACE $TITLE1 &quot;BEGINNING INSTALLATION&quot; $TITLE2<br /> echo &quot; Note: Press Ctrl+Alt+F1 to See Progress&quot;<br /> echo $SEP7<br /> fi<br /> if [[ $OS6 = &quot;True&quot; ]]; then<br /> echo -e $SPACE $TITLE1 &quot;BEGINNING INSTALLATION&quot; $TITLE2<br /> echo &quot; Note: Press Ctrl+Alt+F1 to See Progress&quot;<br /> echo $SEP6<br /> fi<br /> #end raw<br /> $SNIPPET('spacewalk/1/SwitchToTTY1')<br /> <br /> = RemoveNetworkManager =<br /> #raw<br /> printf &quot; Removing NetworkManager: &quot;<br /> /bin/bash /tmp/status.sh &amp;<br /> <br /> yum -y remove NetworkManager &amp;&gt; /dev/null<br /> yes | cp -f /tmp/ifcfg-* /etc/sysconfig/network-scripts/ &amp;&gt; /dev/null<br /> <br /> STATUSPID=`ps -ef | grep status| egrep -v grep | head -1 | awk '{print $2}'`<br /> kill $STATUSPID<br /> printf &quot;\b\b\b\b\b\b\b\b&quot;<br /> echo -e &quot;[ \e[1;32mOK\e[0;39m ]&quot;<br /> #end raw<br /> <br /> = SetHostname =<br /> #raw<br /> printf &quot; Setting Hostname: &quot;<br /> /bin/bash /tmp/status.sh &amp;<br /> <br /> echo &quot;NAME=`cat /tmp/hostname`&quot; &gt; /root/setHostname.sh<br /> echo &quot;hostname \$NAME&quot; &gt;&gt; /root/setHostname.sh<br /> echo &quot;hostnamectl set-hostname \$NAME&quot; &gt;&gt; /root/setHostname.sh<br /> echo &quot;rhn-profile-sync&quot; &gt;&gt; /root/setHostname.sh<br /> echo &quot;chmod -x /etc/rc.d/rc.local&quot; &gt;&gt; /root/setHostname.sh<br /> #echo &quot;rm -rf /tmp/hostname&quot; &gt;&gt; /root/setHostname.sh<br /> echo &quot;rm -rf /root/setHostname.sh&quot; &gt;&gt; /root/setHostname.sh<br /> echo &quot;sed -i 's/\/bin\/bash\ \/root\/setHostname.sh//g' /etc/rc.d/rc.local&quot; &gt;&gt; /root/setHostname.sh<br /> chmod 777 /root/setHostname.sh<br /> echo &quot;/bin/bash /root/setHostname.sh&quot; &gt;&gt; /etc/rc.d/rc.local<br /> chmod +x /etc/rc.d/rc.local<br /> <br /> STATUSPID=`ps -ef | grep status| egrep -v grep | head -1 | awk '{print $2}'`<br /> kill $STATUSPID<br /> printf &quot;\b\b\b\b\b\b\b\b&quot;<br /> echo -e &quot;[ \e[1;32mOK\e[0;39m ]&quot;<br /> #end raw<br /> <br /> = SetupFiglet =<br /> #raw<br /> printf &quot; Setting up Figlet: &quot;<br /> /bin/bash /tmp/status.sh &amp;<br /> <br /> yum -y install figlet &amp;&gt; /dev/null<br /> mkdir -p /usr/share/figlet/ <br /> wget http://140.32.192.51/pub/kickstart/figlet.tar.gz &amp;&gt; /dev/null<br /> tar xf figlet.tar.gz -C /usr/share/figlet/<br /> rm -rf figlet.tar.gz<br /> find /usr/share/figlet/ -name '*.flf' &gt; /usr/share/figlet/figfonts.txt<br /> rhncfg-client get &amp;&gt; /dev/null<br /> <br /> STATUSPID=`ps -ef | grep status| egrep -v grep | head -1 | awk '{print $2}'`<br /> kill $STATUSPID<br /> printf &quot;\b\b\b\b\b\b\b\b&quot;<br /> echo -e &quot;[ \e[1;32mOK\e[0;39m ]&quot;<br /> #end raw<br /> <br /> = SetupNTP =<br /> $SNIPPET('spacewalk/1/ForceTime')<br /> #raw<br /> printf &quot; Setting up Chrony: &quot;<br /> /bin/bash /tmp/status.sh &amp;<br /> <br /> yum -y install chrony &amp;&gt; /dev/null<br /> rhncfg-client get &amp;&gt; /dev/null<br /> systemctl enable chrony &amp;&gt; /dev/null<br /> systemctl start chrony &amp;&gt; /dev/null<br /> ntpdate -s 140.32.191.249 &amp;&gt; /dev/null<br /> hwclock --systohc &amp;&gt; /dev/null<br /> <br /> STATUSPID=`ps -ef | grep status| egrep -v grep | head -1 | awk '{print $2}'`<br /> kill $STATUSPID<br /> printf &quot;\b\b\b\b\b\b\b\b&quot;<br /> echo -e &quot;[ \e[1;32mOK\e[0;39m ]&quot;<br /> #end raw<br /> = SetupPuppetAgent =<br /> #raw<br /> printf &quot; Setting up Puppet Agent: &quot;<br /> /bin/bash /tmp/status.sh &amp;<br /> <br /> yum -y install puppet-agent &amp;&gt; /dev/null<br /> <br /> STATUSPID=`ps -ef | grep status| egrep -v grep | head -1 | awk '{print $2}'`<br /> kill $STATUSPID<br /> printf &quot;\b\b\b\b\b\b\b\b&quot;<br /> echo -e &quot;[ \e[1;32mOK\e[0;39m ]&quot;<br /> #end raw<br /> <br /> = StatusBarScript =<br /> #raw<br /> echo 'until [ &quot;1&quot; -eq &quot;0&quot; ]; do' &gt; /tmp/status.sh<br /> echo ' printf &quot;[\e[1;32m%-6s\e[0;39m]&quot; &quot;* &quot;' &gt;&gt; /tmp/status.sh<br /> echo ' sleep .25' &gt;&gt; /tmp/status.sh<br /> echo ' printf &quot;\b\b\b\b\b\b\b\b&quot;' &gt;&gt; /tmp/status.sh<br /> echo ' printf &quot;[\e[1;32m%-6s\e[0;39m]&quot; &quot; * &quot;' &gt;&gt; /tmp/status.sh<br /> echo ' sleep .25' &gt;&gt; /tmp/status.sh<br /> echo ' printf &quot;\b\b\b\b\b\b\b\b&quot;' &gt;&gt; /tmp/status.sh<br /> echo ' printf &quot;[\e[1;32m%-6s\e[0;39m]&quot; &quot; * &quot;' &gt;&gt; /tmp/status.sh<br /> echo ' sleep .25' &gt;&gt; /tmp/status.sh<br /> echo ' printf &quot;\b\b\b\b\b\b\b\b&quot;' &gt;&gt; /tmp/status.sh<br /> echo ' printf &quot;[\e[1;32m%-6s\e[0;39m]&quot; &quot; * &quot;' &gt;&gt; /tmp/status.sh<br /> echo ' sleep .25' &gt;&gt; /tmp/status.sh<br /> echo ' printf &quot;\b\b\b\b\b\b\b\b&quot;' &gt;&gt; /tmp/status.sh<br /> echo ' printf &quot;[\e[1;32m%-6s\e[0;39m]&quot; &quot; * &quot;' &gt;&gt; /tmp/status.sh<br /> echo ' sleep .25' &gt;&gt; /tmp/status.sh<br /> echo ' printf &quot;\b\b\b\b\b\b\b\b&quot;' &gt;&gt; /tmp/status.sh<br /> echo ' printf &quot;[\e[1;32m%-6s\e[0;39m]&quot; &quot; *&quot;' &gt;&gt; /tmp/status.sh<br /> echo ' sleep .25' &gt;&gt; /tmp/status.sh<br /> echo ' printf &quot;\b\b\b\b\b\b\b\b&quot;' &gt;&gt; /tmp/status.sh<br /> echo ' printf &quot;[\e[1;32m%-6s\e[0;39m]&quot; &quot; * &quot;' &gt;&gt; /tmp/status.sh<br /> echo ' sleep .25' &gt;&gt; /tmp/status.sh<br /> echo ' printf &quot;\b\b\b\b\b\b\b\b&quot;' &gt;&gt; /tmp/status.sh<br /> echo ' printf &quot;[\e[1;32m%-6s\e[0;39m]&quot; &quot; * &quot;' &gt;&gt; /tmp/status.sh<br /> echo ' sleep .25' &gt;&gt; /tmp/status.sh<br /> echo ' printf &quot;\b\b\b\b\b\b\b\b&quot;' &gt;&gt; /tmp/status.sh<br /> echo ' printf &quot;[\e[1;32m%-6s\e[0;39m]&quot; &quot; * &quot;' &gt;&gt; /tmp/status.sh<br /> echo ' sleep .25' &gt;&gt; /tmp/status.sh<br /> echo ' printf &quot;\b\b\b\b\b\b\b\b&quot;' &gt;&gt; /tmp/status.sh<br /> echo ' printf &quot;[\e[1;32m%-6s\e[0;39m]&quot; &quot; * &quot;' &gt;&gt; /tmp/status.sh<br /> echo ' sleep .25' &gt;&gt; /tmp/status.sh<br /> echo ' printf &quot;\b\b\b\b\b\b\b\b&quot;' &gt;&gt; /tmp/status.sh<br /> echo ' printf &quot;[\e[1;32m%-6s\e[0;39m]&quot; &quot;* &quot;' &gt;&gt; /tmp/status.sh<br /> echo ' sleep .25' &gt;&gt; /tmp/status.sh<br /> echo ' printf &quot;\b\b\b\b\b\b\b\b&quot;' &gt;&gt; /tmp/status.sh<br /> echo 'done' &gt;&gt; /tmp/status.sh<br /> chmod 777 /tmp/status.sh<br /> #end raw<br /> <br /> = SwitchToTTY1 =<br /> #raw<br /> exec &lt;/dev/tty1 &gt; /dev/tty1<br /> chvt 1<br /> #end raw<br /> <br /> = SwitchToTTY7 =<br /> #raw<br /> setterm -powersave off -blank 0<br /> chvt 7 <br /> exec &lt;/dev/tty7 &gt; /dev/tty7<br /> #end raw<br /> <br /> = UpdateAllRPMs =<br /> #raw<br /> printf &quot; Installing the latest RPM's: &quot;<br /> /bin/bash /tmp/status.sh &amp;<br /> <br /> yum --nogpgcheck update -y &amp;&gt; /dev/null<br /> systemctl enable osad<br /> <br /> STATUSPID=`ps -ef | grep status| egrep -v grep | head -1 | awk '{print $2}'`<br /> kill $STATUSPID<br /> printf &quot;\b\b\b\b\b\b\b\b&quot;<br /> echo -e &quot;[ \e[1;32mOK\e[0;39m ]&quot;<br /> #end raw</div> Admin http://wiki.dersllc.com/index.php?title=DREN/Kickstart/snippets&diff=49 DREN/Kickstart/snippets 2023-06-02T19:36:15Z <p>Admin: </p> <hr /> <div>= AddADGroups =<br /> #raw<br /> printf &quot; Adding AD Groups: &quot;<br /> /bin/bash /tmp/status.sh &amp;<br /> <br /> groupadd domain_users -g 1342600513<br /> <br /> STATUSPID=`ps -ef | grep status| egrep -v grep | head -1 | awk '{print $2}'`<br /> kill $STATUSPID<br /> printf &quot;\b\b\b\b\b\b\b\b&quot;<br /> echo -e &quot;[ \e[1;32mOK\e[0;39m ]&quot;<br /> #end raw<br /> <br /> = AddAcasUser =<br /> #raw<br /> printf &quot; Creating ACAS Scan User: &quot;<br /> /bin/bash /tmp/status.sh &amp;<br /> <br /> useradd scan_account -g users<br /> sudo -u scan_account ssh-keygen -b 2048 -t rsa -f /home/scan_account/.ssh/id_rsa -q -N &quot;&quot;<br /> sudo -u scan_account rm -rf /home/scan_account/.ssh/id_rsa <br /> sudo -u scan_account curl --cacert /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT https://rdhpwngmp-01/pub/kickstart/nga_acas.pub &gt; /home/scan_account/.ssh/authorized_keys<br /> <br /> STATUSPID=`ps -ef | grep status| egrep -v grep | head -1 | awk '{print $2}'`<br /> kill $STATUSPID<br /> printf &quot;\b\b\b\b\b\b\b\b&quot;<br /> echo -e &quot;[ \e[1;32mOK\e[0;39m ]&quot;<br /> #end raw<br /> <br /> = AddMounts =<br /> #raw<br /> printf &quot; Adding NFS Mounts: &quot;<br /> /bin/bash /tmp/status.sh &amp;<br /> <br /> mkdir -p /users<br /> chown :domain_users /users<br /> chmod 775 /users<br /> mkdir -p /data<br /> chown :domain_users /data<br /> chmod 775 /data<br /> echo 'users:/users /users nfs noauto,x-systemd.automount,x-systemd.device-timeout=10,timeo=14,relatime 0 0' &gt;&gt; /etc/fstab<br /> echo 'data:/data /data nfs noauto,x-systemd.automount,x-systemd.device-timeout=10,timeo=14,relatime 0 0' &gt;&gt; /etc/fstab<br /> <br /> STATUSPID=`ps -ef | grep status| egrep -v grep | head -1 | awk '{print $2}'`<br /> kill $STATUSPID<br /> printf &quot;\b\b\b\b\b\b\b\b&quot;<br /> echo -e &quot;[ \e[1;32mOK\e[0;39m ]&quot;<br /> #end raw<br /> <br /> = AddScaleUser =<br /> #raw<br /> printf &quot; Creating Scale User: &quot;<br /> /bin/bash /tmp/status.sh &amp;<br /> <br /> useradd scale -u 7498 -g 1342600513 -G users<br /> sed -i 's~scale:!!:~scale:$6$hQ5XU8FI$BFssO833kwMzahuVXMnMO9qReK4VRAXtMKRL/csxtJoFtj7Wgc9twzp6E79jw8y.U/JfSqMhzMafhijnISiyh1:~' /etc/shadow<br /> <br /> STATUSPID=`ps -ef | grep status| egrep -v grep | head -1 | awk '{print $2}'`<br /> kill $STATUSPID<br /> printf &quot;\b\b\b\b\b\b\b\b&quot;<br /> echo -e &quot;[ \e[1;32mOK\e[0;39m ]&quot;<br /> #end raw<br /> <br /> = AddSpacewalkToHosts =<br /> #raw<br /> printf &quot; Adding Spacewalk server to /etc/hosts: &quot;<br /> /bin/bash /tmp/status.sh &amp;<br /> curl http://140.32.192.51/pub/kickstart/hosts &gt; /mnt/sysimage/etc/hosts<br /> curl http://140.32.192.51/pub/kickstart/hosts &gt; /etc/hosts<br /> STATUSPID=`ps -ef | grep status| egrep -v grep | head -1 | awk '{print $2}'`<br /> kill $STATUSPID<br /> printf &quot;\b\b\b\b\b\b\b\b&quot;<br /> echo -e &quot;[ \e[1;32mOK\e[0;39m ]&quot;<br /> #end raw<br /> <br /> = ForceTime =<br /> printf &quot; Forcing Time Synce with NTP Server: &quot;<br /> /bin/bash /tmp/status.sh &amp;<br /> ntpdate -s 140.32.191.249<br /> STATUSPID=`ps -ef | grep status| egrep -v grep | head -1 | awk '{print $2}'`<br /> kill $STATUSPID<br /> printf &quot;\b\b\b\b\b\b\b\b&quot;<br /> echo -e &quot;[ \e[1;32mOK\e[0;39m ]&quot;<br /> <br /> = InstallDCOSMaster =<br /> #raw<br /> printf &quot; Installing DCOS Master: &quot;<br /> /bin/bash /tmp/status.sh &amp;<br /> #end raw<br /> $SNIPPET('spacewalk/1/InstallDCOSPrereqs')<br /> #raw<br /> # This is needed for using the dcos command with jenkins <br /> yum -y install expect &amp;&gt; /dev/null<br /> <br /> # Creating installDCOS.sh script <br /> echo &quot;#CHECK=\`systemctl is-active docker\`&quot; &gt; /root/installDCOS.sh<br /> echo &quot;#while [[ \$CHECK != 'active' ]]; do sleep 5; CHECK=\`systemctl is-active docker\`;done&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;/bin/bash /tmp/dcos/dcos_install.sh master&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;mkdir -p /var/log/mesos/archive&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;echo 'ENABLE_CHECK_TIME=false' &gt;&gt; /opt/mesosphere/environment&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;#sleep 6000&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;#rm -rf /root/installDCOS.sh&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;sed -i 's/\/bin\/bash\ \/root\/installDCOS.sh//g' /etc/rc.d/rc.local&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;sed -i 's~LD_LIBRARY_PATH=/opt/mesosphere/lib~LD_LIBRARY_PATH=/lib64~' /opt/mesosphere/environment.export&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;curl -fLsS --retry 20 -Y 100000 -y 60 https://downloads.dcos.io/binaries/cli/linux/x86-64/dcos-1.8/dcos -o dcos&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;mv dcos /usr/local/bin&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;chmod +x /usr/local/bin/dcos&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;dcos config set core.dcos_url http://172.16.99.200&quot; &gt;&gt; /root/installDCOS.sh<br /> <br /> chmod 777 /root/installDCOS.sh<br /> echo &quot;/bin/bash /root/installDCOS.sh&quot; &gt;&gt; /etc/rc.d/rc.local<br /> chmod +x /etc/rc.d/rc.local<br /> <br /> STATUSPID=`ps -ef | grep status| egrep -v grep | head -1 | awk '{print $2}'`<br /> kill $STATUSPID<br /> printf &quot;\b\b\b\b\b\b\b\b&quot;<br /> echo -e &quot;[ \e[1;32mOK\e[0;39m ]&quot;<br /> #end raw<br /> <br /> = InstallDCOSPrereqs =<br /> echo &quot;proxy=http://192.168.1.73:3128&quot; &gt;&gt; /etc/yum.conf<br /> yum -y install ipset tar xz unzip curl docker docker-selinux &amp;&gt; /dev/null<br /> yum -y upgrade &amp;&gt; /dev/null<br /> <br /> grep -q Restart=on-failure /usr/lib/systemd/system/docker.service &amp;&amp; printf 'Restart function is already set in systemd script' || sed -i '/MountFlags=slave/aRestart=on-failure' /usr/lib/systemd/system/docker.service<br /> rhncfg-client get<br /> systemctl daemon-reload <br /> systemctl enable docker.service<br /> systemctl start docker.service<br /> <br /> # DCOS requires this firewall to be shut off.<br /> ## https://docs.mesosphere.com/1.7/administration/installing/custom/system-requirements/<br /> systemctl disable firewalld<br /> systemctl stop firewalld<br /> <br /> mkdir -p /var/{lib,log}/mesos<br /> chown nobody /var/{lib,log}/mesos<br /> touch /var/marathon.ip<br /> chown /var/marathon.ip<br /> <br /> groupadd nogroup -g 9999<br /> groupadd docker<br /> <br /> yum -y remove dnsmasq &amp;&gt; /dev/null<br /> PIDS=`ps -ef | grep dnsmasq | egrep -v grep | awk '{ print $2 }'`<br /> kill $PIDS<br /> mkdir -p /tmp/dcos &amp;&amp; cd /tmp/dcos<br /> #curl -s http://140.32.192.51/dcos/install/genconf/serve/dcos_install.sh &gt; dcos_install.sh<br /> curl -s http://192.168.1.73:81/dcos/genconf/serve/dcos_install.sh &gt; dcos_install.sh<br /> <br /> = InstallDCOSSlave =<br /> #raw<br /> printf &quot; Installing DCOS Slave: &quot;<br /> /bin/bash /tmp/status.sh &amp;<br /> #end raw<br /> $SNIPPET('spacewalk/1/InstallDCOSPrereqs')<br /> #raw<br /> echo &quot;setenforce 0&quot; &gt; /root/installDCOS.sh<br /> echo &quot;#CHECK=\`systemctl is-active docker\`&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;#while [[ \$CHECK != 'active' ]]; do sleep 5; CHECK=\`systemctl is-active docker\`;done&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;/bin/bash /tmp/dcos/dcos_install.sh slave&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;DCOS_CONFIG=\`grep -ir 'MESOS_HOSTNAME_LOOKUP=false' /opt/mesosphere/packages/dcos-config* | grep mesos-slave-common | cut -d ':' -f 1\`&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;for i in \$DCOS_CONFIG; do sed -i 's~MESOS_HOSTNAME_LOOKUP=.*~MESOS_HOSTNAME_LOOKUP=true~' \$i; done&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;rm -rf /var/lib/mesos/slave/meta/slaves/latest&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;echo 'ENABLE_CHECK_TIME=false' &gt;&gt; /opt/mesosphere/environment&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;#sleep 6000&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;#rm -rf /root/installDCOS.sh&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;sed -i 's/\/bin\/bash\ \/root\/installDCOS.sh//g' /etc/rc.d/rc.local&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;sed -i 's~LD_LIBRARY_PATH=/opt/mesosphere/lib~LD_LIBRARY_PATH=/lib64~' /opt/mesosphere/environment.export&quot; &gt;&gt; /root/installDCOS.sh<br /> <br /> chmod 777 /root/installDCOS.sh<br /> echo &quot;/bin/bash /root/installDCOS.sh&quot; &gt;&gt; /etc/rc.d/rc.local<br /> chmod +x /etc/rc.d/rc.local<br /> <br /> STATUSPID=`ps -ef | grep status| egrep -v grep | head -1 | awk '{print $2}'`<br /> kill $STATUSPID<br /> printf &quot;\b\b\b\b\b\b\b\b&quot;<br /> echo -e &quot;[ \e[1;32mOK\e[0;39m ]&quot;<br /> #end raw<br /> <br /> = InstallDesktopPackages =<br /> #raw<br /> printf &quot; Installing GNOME Desktop Packages: &quot;<br /> /bin/bash /tmp/status.sh &amp;<br /> yum -y --nogpgcheck groupinstall &quot;GNOME Desktop&quot; &amp;&gt; /dev/null<br /> sed -i 's/id:3:/id:5:/' /etc/inittab<br /> systemctl set-default graphical.target<br /> rm -f /etc/xdg/autostart/gnome-initial-setup-first-login.desktop &amp;&gt; /dev/null<br /> rm -f /etc/xdg/autostart/gnome-initial-setup-copy-worker.desktop &amp;&gt; /dev/null<br /> rm -f /etc/xdg/autostart/gnome-welcome-tour.desktop &amp;&gt; /dev/null<br /> sed -i '/daemon/a InitialSetupEnable=False' /etc/gdm/custom.conf<br /> STATUSPID=`ps -ef | grep status| egrep -v grep | head -1 | awk '{print $2}'`<br /> kill $STATUSPID<br /> printf &quot;\b\b\b\b\b\b\b\b&quot;<br /> echo -e &quot;[ \e[1;32mOK\e[0;39m ]&quot;<br /> #end raw<br /> <br /> = InstallVMTools =<br /> #raw<br /> if [[ $(lspci|grep -i vmware) ]]; then<br /> printf &quot; Installing VMware Tools: &quot;<br /> /bin/bash /tmp/status.sh &amp;<br /> yum -y install open-vm-tools<br /> STATUSPID=`ps -ef | grep status| egrep -v grep | head -1 | awk '{print $2}'`<br /> kill $STATUSPID<br /> printf &quot;\b\b\b\b\b\b\b\b&quot;<br /> echo -e &quot;[ \e[1;32mOK\e[0;39m ]&quot;<br /> fi<br /> #end raw<br /> <br /> = JoinAD =<br /> #raw<br /> printf &quot; Creating /root/joinAD.sh: &quot;<br /> /bin/bash /tmp/status.sh &amp;<br /> <br /> yum install -y realmd samba samba-common oddjob oddjob-mkhomedir sssd adcli sssd-tools samba-libs krb5-workstation &amp;&gt; /dev/null<br /> echo 'read -p &quot;Enter Admin Username: &quot; USERNAME' &gt; /root/joinAD.sh<br /> echo 'yum install -y realmd samba samba-common oddjob oddjob-mkhomedir sssd adcli sssd-tools samba-libs krb5-workstation &amp;&gt; /dev/null' &gt;&gt; /root/joinAD.sh<br /> echo 'rhncfg-client get &amp;&gt; /dev/null' &gt;&gt; /root/joinAD.sh<br /> echo 'realm leave' &gt;&gt; /root/joinAD.sh<br /> echo 'sleep 5' &gt;&gt; /root/joinAD.sh<br /> echo 'realm join --user=$USERNAME &quot;711hpw.afrl-wrs.hpc.mil&quot;' &gt;&gt; /root/joinAD.sh<br /> echo 'sleep 15' &gt;&gt; /root/joinAD.sh<br /> echo 'systemctl stop sssd' &gt;&gt; /root/joinAD.sh<br /> echo 'rm -rf /var/lib/sss/db/*' &gt;&gt; /root/joinAD.sh<br /> echo 'rhncfg-client get &amp;&gt; /dev/null' &gt;&gt; /root/joinAD.sh<br /> echo 'systemctl start sssd' &gt;&gt; /root/joinAD.sh<br /> echo 'sleep 10' &gt;&gt; /root/joinAD.sh<br /> echo 'systemctl restart sssd' &gt;&gt; /root/joinAD.sh<br /> chmod 777 /root/joinAD.sh<br /> <br /> STATUSPID=`ps -ef | grep status| egrep -v grep | head -1 | awk '{print $2}'`<br /> kill $STATUSPID<br /> printf &quot;\b\b\b\b\b\b\b\b&quot;<br /> echo -e &quot;[ \e[1;32mOK\e[0;39m ]&quot;<br /> #end raw<br /> <br /> = PostNoChroot-InstallNetworking =<br /> $SNIPPET('spacewalk/1/StatusBarScript')<br /> $SNIPPET('spacewalk/1/SwitchToTTY7')<br /> #raw<br /> # Set-Hostname-Network Snippet<br /> printf &quot; Setting up Networking: &quot;<br /> /bin/bash /tmp/status.sh &amp;<br /> PID=`ps -ef | grep status.sh | egrep -v grep | sed 's/\ \ \ \ /\ /g' | sed 's/\ \ \ /\ /g' | sed 's/\ \ /\ /g' | cut -d ' ' -f 2`<br /> \cp -f /tmp/network /mnt/sysimage/etc/sysconfig/network<br /> \cp -f /tmp/hostname /mnt/sysimage/tmp/hostname<br /> \cp -f /tmp/newnic.txt /mnt/sysimage/tmp/newnic.txt<br /> \cp -f /tmp/nics.txt /mnt/sysimage/tmp/nics.txt<br /> NAME`grep HOSTNAME /tmp/hostname | cut -d &quot;=&quot; -f 2`<br /> /mnt/sysimage/usr/bin/hostname ${NAME} &amp;&gt; /dev/null<br /> /mnt/sysimage/usr/bin/hostnamectl set-hostname ${NAME} &amp;&gt; /dev/null<br /> /bin/hostname ${NAME} &amp;&gt; /dev/null<br /> /bin/hostnamectl set-hostname ${NAME} &amp;&gt; /dev/null<br /> /mnt/sysimage/bin/hostname ${NAME} &amp;&gt; /dev/null<br /> /mnt/sysimage/bin/hostnamectl set-hostname ${NAME} &amp;&gt; /dev/null<br /> DEVICE1=`cat /tmp/newnic.txt`<br /> \cp -f /tmp/ifcfg-${DEVICE1} /mnt/sysimage/etc/sysconfig/network-scripts/ifcfg-${DEVICE1}<br /> \cp -f /tmp/ifcfg-${DEVICE1} /mnt/sysimage/tmp/ifcfg-${DEVICE1}<br /> while read NIC<br /> do<br /> \cp -f /tmp/ifcfg-${NIC} /mnt/sysimage/etc/sysconfig/network-scripts/ifcfg-${NIC}<br /> \cp -f /tmp/ifcfg-${NIC} /mnt/sysimage/tmp/ifcfg-${NIC}<br /> done &lt; /tmp/nics.txt<br /> \cp -f /tmp/newnic.txt /mnt/sysimage/tmp/newnic.txt<br /> \cp -f /tmp/nics.txt /mnt/sysimage/tmp/nics.txt<br /> kill $PID<br /> printf &quot;\b\b\b\b\b\b\b\b&quot;<br /> echo -e &quot;[ \e[1;32mOK\e[0;39m ]&quot;<br /> printf &quot; Setting up DNS: &quot;<br /> /bin/bash /tmp/status.sh &amp;<br /> \cp -f /tmp/resolv.conf /mnt/sysimage/etc/resolv.conf<br /> PID=`ps -ef | grep status.sh | egrep -v grep | sed 's/\ \ \ \ /\ /g' | sed 's/\ \ \ /\ /g' | sed 's/\ \ /\ /g' | cut -d ' ' -f 2`<br /> kill $PID<br /> printf &quot;\b\b\b\b\b\b\b\b&quot;<br /> echo -e &quot;[ \e[1;32mOK\e[0;39m ]&quot;<br /> #end raw<br /> $SNIPPET('spacewalk/1/SwitchToTTY1')<br /> <br /> = PreScript Get-Hostname-Network =<br /> $SNIPPET('spacewalk/1/SwitchToTTY7')<br /> #raw<br /> # Get-Hostname-Network Snippet<br /> uname -r | grep -q el7 &amp;&amp; OS7=True || OS7=False<br /> uname -r | grep -q el6 &amp;&amp; OS6=True || OS6=False<br /> SEP7=&quot;#########################################################################################&quot;<br /> LINE7=&quot;-----------------------------------------------------------------------------------------&quot;<br /> SEP6=&quot;#####################################################################&quot;<br /> LINE6=&quot;---------------------------------------------------------------------&quot;<br /> SPACE=&quot; &quot;<br /> TITLE1=&quot;\e[4;32m&quot;<br /> TITLE2=&quot;\e[39;0m&quot;<br /> QUESTION1=&quot;\e[31;1m&quot;<br /> QUESTION2=&quot;\e[39;0m&quot;<br /> <br /> if [[ $OS7 = &quot;True&quot; ]]; then<br /> setterm -powersave off -blank 0<br /> DNS1=`nmcli device show | grep DNS | sed 's/\ //g' | cut -d ':' -f 2 | head -1`<br /> DNS2=`nmcli device show | grep DNS | sed 's/\ //g' | cut -d ':' -f 2 | head -2 | tail -1`<br /> DOMAIN1=`nmcli device show | grep DOMAIN | sed 's/\ //g' | cut -d ':' -f 2`<br /> GW1=`nmcli device show | grep GATEWAY | sed 's/\ //g' | cut -d ':' -f 2 | head -1`<br /> DEVICE=`nmcli device | grep ' connected ' | cut -d ' ' -f 1`<br /> NM1=`ifconfig | grep netmask | sed 's/.*\ 255/255/' | head -1 | cut -d ' ' -f 1`<br /> echo $SEP7<br /> echo -e $SPACE $TITLE1 &quot;DISCOVERED VARIABLES&quot; $TITLE2<br /> echo $LINE7<br /> fi<br /> if [[ $OS6 = &quot;True&quot; ]]; then<br /> DNS1=`cat /etc/resolv.conf | grep nameserver | cut -d ' ' -f 2 | head -1`<br /> DNS2=`cat /etc/resolv.conf | grep nameserver | cut -d ' ' -f 2 | head -2 | tail -1`<br /> DOMAIN1=`cat /etc/resolv.conf | grep domain | cut -d ' ' -f 2 | head -1`<br /> GW1=`ip route show | grep default | cut -d ' ' -f 3`<br /> DEVICE=`ip addr show | grep inet | grep brd | cut -d ' ' -f 11`<br /> NM1=`ifconfig | grep Mask | sed 's/.*\ 255\255/' | head -1 | cut -d ':' -f 4`<br /> echo $SEP6<br /> echo -e $SPACE $TITLE1 &quot;DISCOVERED VARIABLES&quot; $TITLE2<br /> echo $LINE6<br /> fi<br /> NICNUM=`ip link show | grep &quot;: &quot; | egrep -v lo | wc -l`<br /> ip link show | grep &quot;: &quot; | egrep -v lo | cut -d ':' -f 2 | cut -d ' ' -f 2 &gt; /tmp/nics.txt<br /> LINKNUM=0<br /> COUNT=1<br /> while read NIC<br /> do <br /> LINK1=`ethtool ${NIC} | grep &quot;Link detected:&quot; | cut -d ':' -f 2 | sed 's/\ //'`<br /> if [[ $LINK1 = &quot;yes&quot; ]]; then<br /> let LINKNUM=LINKNUM+1<br /> LINKCHOICE=$COUNT<br /> fi<br /> let COUNT=COUNT+1<br /> done &lt; /tmp/nics.txt<br /> echo -e ' DNS1 Server:\t\t\t'${DNS1}<br /> echo -e ' DNS2 Server:\t\t\t'${DNS2}<br /> echo -e ' Domain Name:\t\t\t'${DOMAIN1}<br /> echo -e ' Current Network Device:\t'${DEVICE}<br /> echo -e ' Number of Network Devices:\t'${NICNUM}<br /> echo -e ' Gateway:\t\t\t'${GW1}<br /> echo -e ' Netmask:\t\t\t'${NM1}<br /> if [ $NICNUM -ne 1 ]; then<br /> if [ $LINKNUM -ne 1 ]; then<br /> if [[ $OS7 = &quot;True&quot; ]]; then<br /> echo $SEP7<br /> echo -e $QUESTION1 &quot;WHAT NETWORK DEVICE DO YOU WANT THIS SERVER TO USE?&quot; $QUESTION2<br /> echo -e &quot; Note: This kickstart will continue to use the \e[31m&quot;${DEVICE}&quot;\e[39m for the installation.&quot;<br /> echo &quot; Note: If you choose nothing it will default to option 1.&quot;<br /> echo $LINE7<br /> fi<br /> if [[ $OS6 = &quot;True&quot; ]]; then<br /> echo $SEP6<br /> echo -e $QUESTION1 &quot;WHAT NETWORK DEVICE DO YOU WANT THIS SERVER TO USE?&quot; $QUESTION2<br /> echo -e &quot; Note: This kickstart will continue to use the \e[31m&quot;${DEVICE}&quot;\e[39m for the installation.&quot;<br /> echo &quot; Note: If you choose nothing it will default to option 1.&quot;<br /> echo $LINE6<br /> fi<br /> COUNT=1<br /> while read NIC<br /> do<br /> LINK=`ethtool ${NIC} | grep &quot;Link detected:&quot; | cut -d ':' -f 2 | sed 's/\ //'`<br /> echo -e &quot; $COUNT: DEVICE:\t\t$NIC&quot;<br /> DRIVER=`ethtool -i ${NIC} | grep driver | cut -d ':' -f 2 | sed 's/\ //'`<br /> echo -e &quot; DRIVER:\t\t$DRIVER&quot;<br /> TENG=`ethtool -i ${NIC} | grep baseT | grep 10000 | wc -l`<br /> if [ TENG -eq 0 ]; then <br /> ONEG=`ethtool -i ${NIC} | grep baseT | grep 1000 | wc -l`<br /> if [ ONEG -eq 0 ]; then<br /> echo &quot;NOT 1G Networking&quot; &gt; /dev/null<br /> else<br /> echo -e &quot; SPEED:\t\t1G&quot;<br /> fi<br /> else<br /> echo -e &quot; SPEED:\t\t10G&quot;<br /> fi<br /> echo -e &quot; LINK:\t\t$LINK&quot;<br /> if [[ $OS7 = &quot;True&quot; ]]; then<br /> echo $LINE7<br /> fi<br /> if [[ $OS6 = &quot;True&quot; ]]; then<br /> echo $LINE6<br /> fi<br /> let COUNT=COUNT+1<br /> done &lt; /tmp/nics.txt<br /> printf &quot; &quot;<br /> read NICCHOICE<br /> else<br /> NICCHOICE=$LINKCHOICE<br /> fi<br /> if [ -z $NICCHOICE ]; then NICCHOICE=1; fi<br /> fi<br /> CMD='cat /tmp/nics.txt | head -'$NICCHOICE' | tail -1'<br /> DEVICE1=`eval $CMD`<br /> if [[ $OS7 = &quot;True&quot; ]]; then<br /> echo $SEP7<br /> echo -e $QUESTION1 &quot;WHAT HOSTNAME DO YOU WANT THIS SERVER TO USE?&quot; $QUESTION2<br /> echo &quot; Note: If this hostname is already in DNS you will NOT need to enter an IP address.&quot;<br /> echo $LINE7 <br /> fi<br /> if [[ $OS6 = &quot;True&quot; ]]; then<br /> echo $SEP6<br /> echo -e $QUESTION1 &quot;WHAT HOSTNAME DO YOU WANT THIS SERVER TO USE?&quot; $QUESTION2<br /> echo &quot; Note: If this hostname is already in DNS you will NOT need to enter an IP address.&quot;<br /> echo $LINE6<br /> fi<br /> printf &quot; &quot;<br /> if [ -f &quot;/tmp/pre_install_network_config&quot; ]; then<br /> NAME=`cat /tmp/pre_install_network_config | sed 's/.*--hostname=//' | cut -d '.' -f 1`<br /> echo $NAME<br /> else<br /> read NAME<br /> fi<br /> echo &quot;&quot;<br /> NAME1=`nslookup ${NAME} ${DNS1} | grep Name | head -1 | cut -f 2`<br /> if [[ -z ${NAME1} ]]; then<br /> NAME=`echo ${NAME}.${DOMAIN1}`<br /> else<br /> NAME=`echo ${NAME1}`<br /> fi<br /> /bin/hostnamectl set-hostname ${NAME}<br /> ADDR=`cat /etc/hosts | grep -i ${NAME} | egrep -v KVM | awk '{ print $1 }'`<br /> if [[ -z ${ADDR} ]]; then<br /> ADDR=`nslookup ${NAME} ${DNS1} | tail -2 | head -1 | cut -d ' ' -f 2`<br /> fi<br /> if [[ &quot;${ADDR}&quot; == &quot;server&quot; ]]; then<br /> if [[ $OS7 = &quot;True&quot; ]]; then<br /> echo $SEP7<br /> echo -e $QUESTION1 &quot;WHAT IP ADDRESS DO YOU WANT THIS SERVER TO USE?&quot; $QUESTION2<br /> echo $LINE7<br /> fi<br /> if [[ $OS6 = &quot;True&quot; ]]; then<br /> echo $SEP6<br /> echo -e $QUESTION1 &quot;WHAT IP ADDRESS DO YOU WANT THIS SERVER TO USE?&quot; $QUESTION2<br /> echo $LINE6<br /> fi<br /> printf &quot; &quot;<br /> read ADDR<br /> echo &quot;&quot;<br /> fi<br /> if [[ $OS7 = &quot;True&quot; ]]; then<br /> echo $SEP7<br /> echo -e $SPACE $TITLE1 &quot;USER DEFINED VARIABLES&quot; $TITLE2<br /> echo $LINE7<br /> fi<br /> if [[ $OS6 = &quot;True&quot; ]]; then<br /> echo $SEP6<br /> echo -e $SPACE $TITLE1 &quot;USER DEFINED VARIABLES&quot; $TITLE2<br /> echo $LINE6<br /> fi<br /> echo -e &quot; Hostname:\t\t&quot;${NAME}<br /> echo -e &quot; IP Address:\t\t&quot;${ADDR}<br /> echo -e &quot; Network Device:\t&quot;${DEVICE1}<br /> if [[ $OS7 = &quot;True&quot; ]]; then<br /> echo $SEP7<br /> fi<br /> if [[ $OS6 = &quot;True&quot; ]]; then<br /> echo $SEP6<br /> fi<br /> <br /> echo ${NAME} &gt; /tmp/hostname<br /> echo ${DEVICE1} &gt; /tmp/newnic.txt<br /> sed -i '/'$DEVICE1'/d' /tmp/nics.txt<br /> echo &quot;# GENERATED BY GET-HOSTNAME-NETWORK SNIPPET&quot; &gt; /tmp/network<br /> echo &quot;NETWORKING=yes&quot; &gt;&gt; /tmp/network<br /> echo &quot;HOSTNAME=&quot;${NAME} &gt;&gt; /tmp/network<br /> echo &quot;GATEWAY=&quot;${GW1} &gt;&gt; /tmp/network<br /> <br /> echo &quot;# GENERATED BY GET-HOSTNAME-NETWORK SNIPPET&quot; &gt; /tmp/ifcfg-${DEVICE1}<br /> echo &quot;DEVICE=&quot;${DEVICE1} &gt;&gt; /tmp/ifcfg-${DEVICE1}<br /> echo &quot;BOOTPROTO=none&quot; &gt;&gt; /tmp/ifcfg-${DEVICE1}<br /> echo &quot;IPV6INIT=no&quot; &gt;&gt; /tmp/ifcfg-${DEVICE1}<br /> echo &quot;MTU=1500&quot; &gt;&gt; /tmp/ifcfg-${DEVICE1}<br /> echo &quot;NM_CONTROLLED=no&quot; &gt;&gt; /tmp/ifcfg-${DEVICE1}<br /> echo &quot;ONBOOT=yes&quot; &gt;&gt; /tmp/ifcfg-${DEVICE1}<br /> echo &quot;TYPE=Ethernet&quot; &gt;&gt; /tmp/ifcfg-${DEVICE1}<br /> echo &quot;IPADDR=&quot;${ADDR} &gt;&gt; /tmp/ifcfg-${DEVICE1}<br /> echo &quot;NETMASK=&quot;${NM1} &gt;&gt; /tmp/ifcfg-${DEVICE1}<br /> echo &quot;GATEWAY=&quot;${GW1} &gt;&gt; /tmp/ifcfg-${DEVICE1}<br /> echo &quot;DNS1=&quot;${DNS1} &gt;&gt; /tmp/ifcfg-${DEVICE1}<br /> echo &quot;DNS2=&quot;${DNS2} &gt;&gt; /tmp/ifcfg-${DEVICE1}<br /> echo &quot;DOMAIN=&quot;${DOMAIN1} &gt;&gt; /tmp/ifcfg-${DEVICE1}<br /> while read NIC1<br /> do<br /> echo &quot;# GENERATED BY GET-HOSTNAME-NETWORK SNIPPET&quot; &gt; /tmp/ifcfg-${NIC1}<br /> echo &quot;DEVICE=&quot;${NIC1} &gt;&gt; /tmp/ifcfg-${NIC1}<br /> echo &quot;BOOTPROTO=none&quot; &gt;&gt; /tmp/ifcfg-${NIC1}<br /> echo &quot;IPV6INIT=no&quot; &gt;&gt; /tmp/ifcfg-${NIC1}<br /> echo &quot;MTU=1500&quot; &gt;&gt; /tmp/ifcfg-${NIC1}<br /> echo &quot;NM_CONTROLLED=no&quot; &gt;&gt; /tmp/ifcfg-${NIC1}<br /> echo &quot;ONBOOT=no&quot; &gt;&gt; /tmp/ifcfg-${NIC1}<br /> done &lt; /tmp/nics.txt<br /> echo &quot;# GENERATED BY GET-HOSTNAME-NETWORK SNIPPET&quot; &gt; /tmp/resolv.conf<br /> echo &quot;search &quot;${DOMAIN1} &gt;&gt; /tmp/resolv.conf<br /> echo &quot;nameserver &quot;${DNS1} &gt;&gt; /tmp/resolv.conf<br /> echo &quot;nameserver &quot;${DNS2} &gt;&gt; /tmp/resolv.conf<br /> <br /> if [[ $OS7 = &quot;True&quot; ]]; then<br /> echo -e $SPACE $TITLE1 &quot;BEGINNING INSTALLATION&quot; $TITLE2<br /> echo &quot; Note: Press Ctrl+Alt+F1 to See Progress&quot;<br /> echo $SEP7<br /> fi<br /> if [[ $OS6 = &quot;True&quot; ]]; then<br /> echo -e $SPACE $TITLE1 &quot;BEGINNING INSTALLATION&quot; $TITLE2<br /> echo &quot; Note: Press Ctrl+Alt+F1 to See Progress&quot;<br /> echo $SEP6<br /> fi<br /> #end raw<br /> $SNIPPET('spacewalk/1/SwitchToTTY1')<br /> <br /> = RemoveNetworkManager =<br /> #raw<br /> printf &quot; Removing NetworkManager: &quot;<br /> /bin/bash /tmp/status.sh &amp;<br /> <br /> yum -y remove NetworkManager &amp;&gt; /dev/null<br /> yes | cp -f /tmp/ifcfg-* /etc/sysconfig/network-scripts/ &amp;&gt; /dev/null<br /> <br /> STATUSPID=`ps -ef | grep status| egrep -v grep | head -1 | awk '{print $2}'`<br /> kill $STATUSPID<br /> printf &quot;\b\b\b\b\b\b\b\b&quot;<br /> echo -e &quot;[ \e[1;32mOK\e[0;39m ]&quot;<br /> #end raw<br /> <br /> = SetHostname =<br /> #raw<br /> printf &quot; Setting Hostname: &quot;<br /> /bin/bash /tmp/status.sh &amp;<br /> <br /> echo &quot;NAME=`cat /tmp/hostname`&quot; &gt; /root/setHostname.sh<br /> echo &quot;hostname \$NAME&quot; &gt;&gt; /root/setHostname.sh<br /> echo &quot;hostnamectl set-hostname \$NAME&quot; &gt;&gt; /root/setHostname.sh<br /> echo &quot;rhn-profile-sync&quot; &gt;&gt; /root/setHostname.sh<br /> echo &quot;chmod -x /etc/rc.d/rc.local&quot; &gt;&gt; /root/setHostname.sh<br /> #echo &quot;rm -rf /tmp/hostname&quot; &gt;&gt; /root/setHostname.sh<br /> echo &quot;rm -rf /root/setHostname.sh&quot; &gt;&gt; /root/setHostname.sh<br /> echo &quot;sed -i 's/\/bin\/bash\ \/root\/setHostname.sh//g' /etc/rc.d/rc.local&quot; &gt;&gt; /root/setHostname.sh<br /> chmod 777 /root/setHostname.sh<br /> echo &quot;/bin/bash /root/setHostname.sh&quot; &gt;&gt; /etc/rc.d/rc.local<br /> chmod +x /etc/rc.d/rc.local<br /> <br /> STATUSPID=`ps -ef | grep status| egrep -v grep | head -1 | awk '{print $2}'`<br /> kill $STATUSPID<br /> printf &quot;\b\b\b\b\b\b\b\b&quot;<br /> echo -e &quot;[ \e[1;32mOK\e[0;39m ]&quot;<br /> #end raw<br /> <br /> = SetupFiglet =<br /> #raw<br /> printf &quot; Setting up Figlet: &quot;<br /> /bin/bash /tmp/status.sh &amp;<br /> <br /> yum -y install figlet &amp;&gt; /dev/null<br /> mkdir -p /usr/share/figlet/ <br /> wget http://140.32.192.51/pub/kickstart/figlet.tar.gz &amp;&gt; /dev/null<br /> tar xf figlet.tar.gz -C /usr/share/figlet/<br /> rm -rf figlet.tar.gz<br /> find /usr/share/figlet/ -name '*.flf' &gt; /usr/share/figlet/figfonts.txt<br /> rhncfg-client get &amp;&gt; /dev/null<br /> <br /> STATUSPID=`ps -ef | grep status| egrep -v grep | head -1 | awk '{print $2}'`<br /> kill $STATUSPID<br /> printf &quot;\b\b\b\b\b\b\b\b&quot;<br /> echo -e &quot;[ \e[1;32mOK\e[0;39m ]&quot;<br /> #end raw<br /> <br /> = SetupNTP =<br /> $SNIPPET('spacewalk/1/ForceTime')<br /> #raw<br /> printf &quot; Setting up Chrony: &quot;<br /> /bin/bash /tmp/status.sh &amp;<br /> <br /> yum -y install chrony &amp;&gt; /dev/null<br /> rhncfg-client get &amp;&gt; /dev/null<br /> systemctl enable chrony &amp;&gt; /dev/null<br /> systemctl start chrony &amp;&gt; /dev/null<br /> ntpdate -s 140.32.191.249 &amp;&gt; /dev/null<br /> hwclock --systohc &amp;&gt; /dev/null<br /> <br /> STATUSPID=`ps -ef | grep status| egrep -v grep | head -1 | awk '{print $2}'`<br /> kill $STATUSPID<br /> printf &quot;\b\b\b\b\b\b\b\b&quot;<br /> echo -e &quot;[ \e[1;32mOK\e[0;39m ]&quot;<br /> #end raw<br /> = SetupPuppetAgent =<br /> #raw<br /> printf &quot; Setting up Puppet Agent: &quot;<br /> /bin/bash /tmp/status.sh &amp;<br /> <br /> yum -y install puppet-agent &amp;&gt; /dev/null<br /> <br /> STATUSPID=`ps -ef | grep status| egrep -v grep | head -1 | awk '{print $2}'`<br /> kill $STATUSPID<br /> printf &quot;\b\b\b\b\b\b\b\b&quot;<br /> echo -e &quot;[ \e[1;32mOK\e[0;39m ]&quot;<br /> #end raw<br /> <br /> = | StatusBarScript =<br /> #raw<br /> echo 'until [ &quot;1&quot; -eq &quot;0&quot; ]; do' &gt; /tmp/status.sh<br /> echo ' printf &quot;[\e[1;32m%-6s\e[0;39m]&quot; &quot;* &quot;' &gt;&gt; /tmp/status.sh<br /> echo ' sleep .25' &gt;&gt; /tmp/status.sh<br /> echo ' printf &quot;\b\b\b\b\b\b\b\b&quot;' &gt;&gt; /tmp/status.sh<br /> echo ' printf &quot;[\e[1;32m%-6s\e[0;39m]&quot; &quot; * &quot;' &gt;&gt; /tmp/status.sh<br /> echo ' sleep .25' &gt;&gt; /tmp/status.sh<br /> echo ' printf &quot;\b\b\b\b\b\b\b\b&quot;' &gt;&gt; /tmp/status.sh<br /> echo ' printf &quot;[\e[1;32m%-6s\e[0;39m]&quot; &quot; * &quot;' &gt;&gt; /tmp/status.sh<br /> echo ' sleep .25' &gt;&gt; /tmp/status.sh<br /> echo ' printf &quot;\b\b\b\b\b\b\b\b&quot;' &gt;&gt; /tmp/status.sh<br /> echo ' printf &quot;[\e[1;32m%-6s\e[0;39m]&quot; &quot; * &quot;' &gt;&gt; /tmp/status.sh<br /> echo ' sleep .25' &gt;&gt; /tmp/status.sh<br /> echo ' printf &quot;\b\b\b\b\b\b\b\b&quot;' &gt;&gt; /tmp/status.sh<br /> echo ' printf &quot;[\e[1;32m%-6s\e[0;39m]&quot; &quot; * &quot;' &gt;&gt; /tmp/status.sh<br /> echo ' sleep .25' &gt;&gt; /tmp/status.sh<br /> echo ' printf &quot;\b\b\b\b\b\b\b\b&quot;' &gt;&gt; /tmp/status.sh<br /> echo ' printf &quot;[\e[1;32m%-6s\e[0;39m]&quot; &quot; *&quot;' &gt;&gt; /tmp/status.sh<br /> echo ' sleep .25' &gt;&gt; /tmp/status.sh<br /> echo ' printf &quot;\b\b\b\b\b\b\b\b&quot;' &gt;&gt; /tmp/status.sh<br /> echo ' printf &quot;[\e[1;32m%-6s\e[0;39m]&quot; &quot; * &quot;' &gt;&gt; /tmp/status.sh<br /> echo ' sleep .25' &gt;&gt; /tmp/status.sh<br /> echo ' printf &quot;\b\b\b\b\b\b\b\b&quot;' &gt;&gt; /tmp/status.sh<br /> echo ' printf &quot;[\e[1;32m%-6s\e[0;39m]&quot; &quot; * &quot;' &gt;&gt; /tmp/status.sh<br /> echo ' sleep .25' &gt;&gt; /tmp/status.sh<br /> echo ' printf &quot;\b\b\b\b\b\b\b\b&quot;' &gt;&gt; /tmp/status.sh<br /> echo ' printf &quot;[\e[1;32m%-6s\e[0;39m]&quot; &quot; * &quot;' &gt;&gt; /tmp/status.sh<br /> echo ' sleep .25' &gt;&gt; /tmp/status.sh<br /> echo ' printf &quot;\b\b\b\b\b\b\b\b&quot;' &gt;&gt; /tmp/status.sh<br /> echo ' printf &quot;[\e[1;32m%-6s\e[0;39m]&quot; &quot; * &quot;' &gt;&gt; /tmp/status.sh<br /> echo ' sleep .25' &gt;&gt; /tmp/status.sh<br /> echo ' printf &quot;\b\b\b\b\b\b\b\b&quot;' &gt;&gt; /tmp/status.sh<br /> echo ' printf &quot;[\e[1;32m%-6s\e[0;39m]&quot; &quot;* &quot;' &gt;&gt; /tmp/status.sh<br /> echo ' sleep .25' &gt;&gt; /tmp/status.sh<br /> echo ' printf &quot;\b\b\b\b\b\b\b\b&quot;' &gt;&gt; /tmp/status.sh<br /> echo 'done' &gt;&gt; /tmp/status.sh<br /> chmod 777 /tmp/status.sh<br /> #end raw<br /> <br /> = SwitchToTTY1 =<br /> #raw<br /> exec &lt;/dev/tty1 &gt; /dev/tty1<br /> chvt 1<br /> #end raw<br /> <br /> = SwitchToTTY7 =<br /> #raw<br /> setterm -powersave off -blank 0<br /> chvt 7 <br /> exec &lt;/dev/tty7 &gt; /dev/tty7<br /> #end raw<br /> <br /> = UpdateAllRPMs =<br /> #raw<br /> printf &quot; Installing the latest RPM's: &quot;<br /> /bin/bash /tmp/status.sh &amp;<br /> <br /> yum --nogpgcheck update -y &amp;&gt; /dev/null<br /> systemctl enable osad<br /> <br /> STATUSPID=`ps -ef | grep status| egrep -v grep | head -1 | awk '{print $2}'`<br /> kill $STATUSPID<br /> printf &quot;\b\b\b\b\b\b\b\b&quot;<br /> echo -e &quot;[ \e[1;32mOK\e[0;39m ]&quot;<br /> #end raw</div> Admin http://wiki.dersllc.com/index.php?title=DREN/Kickstart/snippets&diff=48 DREN/Kickstart/snippets 2023-06-02T19:30:56Z <p>Admin: </p> <hr /> <div>= AddADGroups =<br /> #raw<br /> printf &quot; Adding AD Groups: &quot;<br /> /bin/bash /tmp/status.sh &amp;<br /> <br /> groupadd domain_users -g 1342600513<br /> <br /> STATUSPID=`ps -ef | grep status| egrep -v grep | head -1 | awk '{print $2}'`<br /> kill $STATUSPID<br /> printf &quot;\b\b\b\b\b\b\b\b&quot;<br /> echo -e &quot;[ \e[1;32mOK\e[0;39m ]&quot;<br /> #end raw<br /> <br /> = AddAcasUser =<br /> #raw<br /> printf &quot; Creating ACAS Scan User: &quot;<br /> /bin/bash /tmp/status.sh &amp;<br /> <br /> useradd scan_account -g users<br /> sudo -u scan_account ssh-keygen -b 2048 -t rsa -f /home/scan_account/.ssh/id_rsa -q -N &quot;&quot;<br /> sudo -u scan_account rm -rf /home/scan_account/.ssh/id_rsa <br /> sudo -u scan_account curl --cacert /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT https://rdhpwngmp-01/pub/kickstart/nga_acas.pub &gt; /home/scan_account/.ssh/authorized_keys<br /> <br /> STATUSPID=`ps -ef | grep status| egrep -v grep | head -1 | awk '{print $2}'`<br /> kill $STATUSPID<br /> printf &quot;\b\b\b\b\b\b\b\b&quot;<br /> echo -e &quot;[ \e[1;32mOK\e[0;39m ]&quot;<br /> #end raw<br /> <br /> = AddMounts =<br /> #raw<br /> printf &quot; Adding NFS Mounts: &quot;<br /> /bin/bash /tmp/status.sh &amp;<br /> <br /> mkdir -p /users<br /> chown :domain_users /users<br /> chmod 775 /users<br /> mkdir -p /data<br /> chown :domain_users /data<br /> chmod 775 /data<br /> echo 'users:/users /users nfs noauto,x-systemd.automount,x-systemd.device-timeout=10,timeo=14,relatime 0 0' &gt;&gt; /etc/fstab<br /> echo 'data:/data /data nfs noauto,x-systemd.automount,x-systemd.device-timeout=10,timeo=14,relatime 0 0' &gt;&gt; /etc/fstab<br /> <br /> STATUSPID=`ps -ef | grep status| egrep -v grep | head -1 | awk '{print $2}'`<br /> kill $STATUSPID<br /> printf &quot;\b\b\b\b\b\b\b\b&quot;<br /> echo -e &quot;[ \e[1;32mOK\e[0;39m ]&quot;<br /> #end raw<br /> <br /> = AddScaleUser =<br /> #raw<br /> printf &quot; Creating Scale User: &quot;<br /> /bin/bash /tmp/status.sh &amp;<br /> <br /> useradd scale -u 7498 -g 1342600513 -G users<br /> sed -i 's~scale:!!:~scale:$6$hQ5XU8FI$BFssO833kwMzahuVXMnMO9qReK4VRAXtMKRL/csxtJoFtj7Wgc9twzp6E79jw8y.U/JfSqMhzMafhijnISiyh1:~' /etc/shadow<br /> <br /> STATUSPID=`ps -ef | grep status| egrep -v grep | head -1 | awk '{print $2}'`<br /> kill $STATUSPID<br /> printf &quot;\b\b\b\b\b\b\b\b&quot;<br /> echo -e &quot;[ \e[1;32mOK\e[0;39m ]&quot;<br /> #end raw<br /> <br /> = AddSpacewalkToHosts =<br /> #raw<br /> printf &quot; Adding Spacewalk server to /etc/hosts: &quot;<br /> /bin/bash /tmp/status.sh &amp;<br /> curl http://140.32.192.51/pub/kickstart/hosts &gt; /mnt/sysimage/etc/hosts<br /> curl http://140.32.192.51/pub/kickstart/hosts &gt; /etc/hosts<br /> STATUSPID=`ps -ef | grep status| egrep -v grep | head -1 | awk '{print $2}'`<br /> kill $STATUSPID<br /> printf &quot;\b\b\b\b\b\b\b\b&quot;<br /> echo -e &quot;[ \e[1;32mOK\e[0;39m ]&quot;<br /> #end raw<br /> <br /> = ForceTime =<br /> printf &quot; Forcing Time Synce with NTP Server: &quot;<br /> /bin/bash /tmp/status.sh &amp;<br /> ntpdate -s 140.32.191.249<br /> STATUSPID=`ps -ef | grep status| egrep -v grep | head -1 | awk '{print $2}'`<br /> kill $STATUSPID<br /> printf &quot;\b\b\b\b\b\b\b\b&quot;<br /> echo -e &quot;[ \e[1;32mOK\e[0;39m ]&quot;<br /> <br /> = InstallDCOSMaster =<br /> #raw<br /> printf &quot; Installing DCOS Master: &quot;<br /> /bin/bash /tmp/status.sh &amp;<br /> #end raw<br /> $SNIPPET('spacewalk/1/InstallDCOSPrereqs')<br /> #raw<br /> # This is needed for using the dcos command with jenkins <br /> yum -y install expect &amp;&gt; /dev/null<br /> <br /> # Creating installDCOS.sh script <br /> echo &quot;#CHECK=\`systemctl is-active docker\`&quot; &gt; /root/installDCOS.sh<br /> echo &quot;#while [[ \$CHECK != 'active' ]]; do sleep 5; CHECK=\`systemctl is-active docker\`;done&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;/bin/bash /tmp/dcos/dcos_install.sh master&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;mkdir -p /var/log/mesos/archive&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;echo 'ENABLE_CHECK_TIME=false' &gt;&gt; /opt/mesosphere/environment&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;#sleep 6000&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;#rm -rf /root/installDCOS.sh&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;sed -i 's/\/bin\/bash\ \/root\/installDCOS.sh//g' /etc/rc.d/rc.local&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;sed -i 's~LD_LIBRARY_PATH=/opt/mesosphere/lib~LD_LIBRARY_PATH=/lib64~' /opt/mesosphere/environment.export&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;curl -fLsS --retry 20 -Y 100000 -y 60 https://downloads.dcos.io/binaries/cli/linux/x86-64/dcos-1.8/dcos -o dcos&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;mv dcos /usr/local/bin&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;chmod +x /usr/local/bin/dcos&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;dcos config set core.dcos_url http://172.16.99.200&quot; &gt;&gt; /root/installDCOS.sh<br /> <br /> chmod 777 /root/installDCOS.sh<br /> echo &quot;/bin/bash /root/installDCOS.sh&quot; &gt;&gt; /etc/rc.d/rc.local<br /> chmod +x /etc/rc.d/rc.local<br /> <br /> STATUSPID=`ps -ef | grep status| egrep -v grep | head -1 | awk '{print $2}'`<br /> kill $STATUSPID<br /> printf &quot;\b\b\b\b\b\b\b\b&quot;<br /> echo -e &quot;[ \e[1;32mOK\e[0;39m ]&quot;<br /> #end raw<br /> <br /> = InstallDCOSPrereqs =<br /> echo &quot;proxy=http://192.168.1.73:3128&quot; &gt;&gt; /etc/yum.conf<br /> yum -y install ipset tar xz unzip curl docker docker-selinux &amp;&gt; /dev/null<br /> yum -y upgrade &amp;&gt; /dev/null<br /> <br /> grep -q Restart=on-failure /usr/lib/systemd/system/docker.service &amp;&amp; printf 'Restart function is already set in systemd script' || sed -i '/MountFlags=slave/aRestart=on-failure' /usr/lib/systemd/system/docker.service<br /> rhncfg-client get<br /> systemctl daemon-reload <br /> systemctl enable docker.service<br /> systemctl start docker.service<br /> <br /> # DCOS requires this firewall to be shut off.<br /> ## https://docs.mesosphere.com/1.7/administration/installing/custom/system-requirements/<br /> systemctl disable firewalld<br /> systemctl stop firewalld<br /> <br /> mkdir -p /var/{lib,log}/mesos<br /> chown nobody /var/{lib,log}/mesos<br /> touch /var/marathon.ip<br /> chown /var/marathon.ip<br /> <br /> groupadd nogroup -g 9999<br /> groupadd docker<br /> <br /> yum -y remove dnsmasq &amp;&gt; /dev/null<br /> PIDS=`ps -ef | grep dnsmasq | egrep -v grep | awk '{ print $2 }'`<br /> kill $PIDS<br /> mkdir -p /tmp/dcos &amp;&amp; cd /tmp/dcos<br /> #curl -s http://140.32.192.51/dcos/install/genconf/serve/dcos_install.sh &gt; dcos_install.sh<br /> curl -s http://192.168.1.73:81/dcos/genconf/serve/dcos_install.sh &gt; dcos_install.sh<br /> <br /> = InstallDCOSSlave =<br /> = InstallDesktopPackages =<br /> = InstallVMTools =<br /> = JoinAD =<br /> = PostNoChroot-InstallNetworking =<br /> = PreScript Get-Hostname-Network =<br /> = RemoveNetworkManager =<br /> = SetHostname =<br /> = SetupFiglet =<br /> = SetupNTP =<br /> = | SetupPuppetAgent =<br /> = | StatusBarScript =<br /> = | SwitchToTTY1 =<br /> = | SwitchToTTY7 =<br /> = | UpdateAllRPMs =</div> Admin http://wiki.dersllc.com/index.php?title=DREN/Kickstart/snippets&diff=47 DREN/Kickstart/snippets 2023-06-02T19:28:19Z <p>Admin: Created page with &quot;= AddADGroups = = AddAcasUser = = AddMounts = = AddScaleUser = = AddSpacewalkToHosts = = ForceTime = = InstallDCOSMaster = = InstallDCOSPrereqs = = InstallDCOSSlave = = InstallDesktopPackages = = InstallVMTools = = JoinAD = = PostNoChroot-InstallNetworking = = PreScript Get-Hostname-Network = = RemoveNetworkManager = = SetHostname = = SetupFiglet = = SetupNTP = = | SetupPuppetAgent = = | StatusBarScript = = | SwitchToTTY1 = = | SwitchToTTY7 = = | UpdateAllRPMs =&quot;</p> <hr /> <div>= AddADGroups =<br /> = AddAcasUser =<br /> = AddMounts =<br /> = AddScaleUser =<br /> = AddSpacewalkToHosts =<br /> = ForceTime =<br /> = InstallDCOSMaster =<br /> = InstallDCOSPrereqs =<br /> = InstallDCOSSlave =<br /> = InstallDesktopPackages =<br /> = InstallVMTools =<br /> = JoinAD =<br /> = PostNoChroot-InstallNetworking =<br /> = PreScript Get-Hostname-Network =<br /> = RemoveNetworkManager =<br /> = SetHostname =<br /> = SetupFiglet =<br /> = SetupNTP =<br /> = | SetupPuppetAgent =<br /> = | StatusBarScript =<br /> = | SwitchToTTY1 =<br /> = | SwitchToTTY7 =<br /> = | UpdateAllRPMs =</div> Admin http://wiki.dersllc.com/index.php?title=DREN/Kickstart/pxe&diff=46 DREN/Kickstart/pxe 2023-06-02T19:24:16Z <p>Admin: Created page with &quot;=cobbler= = /etc/cobbler/pxe/pxedefault.template = DEFAULT vesamenu.c32 PROMPT 0 menu clear menu background splash.png MENU TITLE Choose from the following kickstart Profiles: menu vshift 8 menu hshift 15 menu width 60 MENU MARGIN 1 MENU ROWS 15 MENU MASTER PASSWD $6$/GULqBhPJsrxxiC3$iJiWYlMyZNfwwOKsKeyLiNNcfwd7yUjYErzh4WtGMozDcmRubesMeQGeKE956qhhlmGia/1jsdth7vVaMOOP60 TIMEOUT 80 TOTALTIMEOUT 6000 ONTIMEOUT $pxe_timeout_profile LABEL local MEN...&quot;</p> <hr /> <div>=cobbler=<br /> = /etc/cobbler/pxe/pxedefault.template =<br /> <br /> DEFAULT vesamenu.c32<br /> PROMPT 0<br /> menu clear<br /> menu background splash.png<br /> MENU TITLE Choose from the following kickstart Profiles:<br /> menu vshift 8<br /> menu hshift 15<br /> menu width 60<br /> MENU MARGIN 1<br /> MENU ROWS 15<br /> MENU MASTER PASSWD $6$/GULqBhPJsrxxiC3$iJiWYlMyZNfwwOKsKeyLiNNcfwd7yUjYErzh4WtGMozDcmRubesMeQGeKE956qhhlmGia/1jsdth7vVaMOOP60<br /> TIMEOUT 80<br /> TOTALTIMEOUT 6000<br /> ONTIMEOUT $pxe_timeout_profile <br /> <br /> LABEL local<br /> MENU LABEL (Boot to Local OS)<br /> MENU DEFAULT<br /> LOCALBOOT 0<br /> <br /> $pxe_menu_items<br /> <br /> MENU end<br /> <br /> = /etc/cobbler/pxe/pxeprofile.template =<br /> #set $new_name = $profile_name.replace(':1:NGAResearchLabEnvironmentRLE', ' ')<br /> #set $new_menu_label = $menu_label.replace(':1:NGAResearchLabEnvironmentRLE', ' ')<br /> LABEL $new_name<br /> MENU PASSWD<br /> kernel $kernel_path<br /> $new_menu_label<br /> $append_line<br /> ipappend 2</div> Admin http://wiki.dersllc.com/index.php?title=DREN/Kickstart/scripts&diff=45 DREN/Kickstart/scripts 2023-06-02T19:23:27Z <p>Admin: Created page with &quot;==initiateKickstart== #!/usr/bin/python import xmlrpclib import subprocess import sys SATELLITE_URL = &quot;http://localhost/rpc/api&quot; SATELLITE_LOGIN = &quot;daniel.roessner.adm&quot; SATELLITE_PASSWORD = SYSTEM = &quot;rdhpwngmp-09.711hpw.afrl-wrs.hpc.mil&quot; PROFILE_NAME = &quot;DCOS-Slave&quot; def kickstart(key, SYSTEM, PROFILE_NAME): list = client.system.listSystems(key) for sys in list: if sys[&#039;name&#039;] == SYSTEM: system_id = sys[&#039;id&#039;] #print client.kickstart.lis...&quot;</p> <hr /> <div>==initiateKickstart==<br /> #!/usr/bin/python<br /> import xmlrpclib<br /> import subprocess<br /> import sys<br /> <br /> SATELLITE_URL = &quot;http://localhost/rpc/api&quot;<br /> SATELLITE_LOGIN = &quot;daniel.roessner.adm&quot;<br /> SATELLITE_PASSWORD = <br /> SYSTEM = &quot;rdhpwngmp-09.711hpw.afrl-wrs.hpc.mil&quot;<br /> PROFILE_NAME = &quot;DCOS-Slave&quot;<br /> <br /> def kickstart(key, SYSTEM, PROFILE_NAME):<br /> list = client.system.listSystems(key)<br /> for sys in list:<br /> if sys['name'] == SYSTEM:<br /> system_id = sys['id']<br /> #print client.kickstart.listKickstarts(key)<br /> print client.system.provisionSystem(key, system_id, PROFILE_NAME)<br /> <br /> def rhn_check(SYSTEM):<br /> COMMAND=&quot;rhn_check&quot;<br /> SYSTEM = SYSTEM.split('.')[0]<br /> <br /> ssh = subprocess.Popen([&quot;ssh&quot;, &quot;-oStrictHostKeyChecking=no&quot;, &quot;%s&quot; % SYSTEM, COMMAND],<br /> shell=False,<br /> stdout=subprocess.PIPE,<br /> stderr=subprocess.PIPE)<br /> result = ssh.stdout.readlines()<br /> if result == []:<br /> error = ssh.stderr.readlines()<br /> print &gt;&gt;sys.stderr, &quot;ERROR: %s&quot; % error<br /> else:<br /> print result <br /> <br /> def login(SATELLITE_URL, SATELLITE_LOGIN, SATELLITE_PASSWORD):<br /> client = xmlrpclib.Server(SATELLITE_URL, verbose=0)<br /> key = client.auth.login(SATELLITE_LOGIN, SATELLITE_PASSWORD)<br /> return key, client<br /> <br /> def logout(key):<br /> client.auth.logout(key)<br /> <br /> ###################################################################### <br /> <br /> key, client = login(SATELLITE_URL, SATELLITE_LOGIN, SATELLITE_PASSWORD)<br /> <br /> #kickstart(key, SYSTEM, PROFILE_NAME)<br /> rhn_check(SYSTEM) <br /> <br /> logout(key)<br /> <br /> ==reposync==<br /> mkdir -p /var/log/scripts/<br /> date &gt; /var/log/scripts/spacewalk-repo-sync.log<br /> echo ##################################################### &gt;&gt; /var/log/scripts/spacewalk-repo-sync.log<br /> CENT7LATEST=`curl --silent http://mirror.centos.org/centos/ | grep folder | grep &quot;&gt;7\.&quot; | cut -d '&quot;' -f 8 | cut -d '/' -f 1 | sort -g | tail -1`<br /> #CENT6LATEST=`curl --silent http://mirror.centos.org/centos/ | grep folder | grep &quot;&gt;6\.&quot; | cut -d '&quot;' -f 8 | cut -d '/' -f 1 | sort -g | tail -1`<br /> <br /> spacewalk-repo-sync -u http://mirror.centos.org/centos/$CENT7LATEST/os/x86_64/ -c centos7 &gt;&gt; /var/log/scripts/spacewalk-repo-sync.log<br /> spacewalk-repo-sync -u http://mirror.centos.org/centos/$CENT7LATEST/extras/x86_64/ -c centos7 &gt;&gt; /var/log/scripts/spacewalk-repo-sync.log<br /> spacewalk-repo-sync -u http://mirror.centos.org/centos/$CENT7LATEST/updates/x86_64/ -c centos7 &gt;&gt; /var/log/scripts/spacewalk-repo-sync.log<br /> spacewalk-repo-sync -u http://dl.fedoraproject.org/pub/epel/7/x86_64/ -c centos7-latest-epel &gt;&gt; /var/log/scripts/spacewalk-repo-sync.log<br /> spacewalk-repo-sync -u https://yum.dockerproject.org/repo/main/centos/7/ -c centos7-latest-docker &gt;&gt; /var/log/scripts/spacewalk-repo-sync.log<br /> spacewalk-repo-sync -u https://yum.puppetlabs.com/el/7/PC1/x86_64/ -c centos7-latest-puppet &gt;&gt; /var/log/scripts/spacewalk-repo-sync.log<br /> spacewalk-repo-sync -u http://download.zfsonlinux.org/epel/7/x86_64/ -c centos-latest-zfs &gt;&gt; /var/log/scripts/spacewalk-repo-sync.log<br /> spacewalk-repo-sync -u http://download.zfsonlinux.org/epel/7/kmod/x86_64/ -c centos-latest-zfs &gt;&gt; /var/log/scripts/spacewalk-repo-sync.log<br /> spacewalk-repo-sync -u http://yum.spacewalkproject.org/latest/RHEL/7/x86_64/ -c centos7-latest-spacewalk-server &gt;&gt; /var/log/scripts/spacewalk-repo-sync.log<br /> spacewalk-repo-sync -u http://yum.spacewalkproject.org/latest-client/RHEL/7/x86_64/ -c centos7-latest-spacewalk-server &gt;&gt; /var/log/scripts/spacewalk-repo-sync.log<br /> <br /> #spacewalk-repo-sync -u http://yum.postgresql.org/9.4/redhat/rhel-7-x86_64/ -c 7-postgres94 &gt;&gt; /var/log/scripts/spacewalk-repo-sync.log<br /> #spacewalk-repo-sync -u http://yum.postgresql.org/9.5/redhat/rhel-7-x86_64/ -c 7-postgres95 &gt;&gt; /var/log/scripts/spacewalk-repo-sync.log<br /> #spacewalk-repo-sync -u http://download.ceph.com/rpm/el7/x86_64/ -c ceph-centos7 &gt;&gt; /var/log/scripts/spacewalk-repo-sync.log<br /> <br /> chmod -R 777 /var/satellite/redhat/1/<br /> echo #################################################### &gt;&gt; /var/log/scripts/spacewalk-repo-sync.log<br /> date &gt;&gt; /var/log/scripts/spacewalk-repo-sync.log</div> Admin http://wiki.dersllc.com/index.php?title=Main_Page&diff=44 Main Page 2023-06-02T19:21:34Z <p>Admin: </p> <hr /> <div><br /> [[VMware|VMware Documentation]] &lt;BR&gt;<br /> &lt;BR&gt;<br /> &lt;HR&gt;<br /> &lt;BR&gt;<br /> [[DERs|DER's Documentation]] &lt;BR&gt;<br /> &lt;BR&gt;<br /> &lt;HR&gt;<br /> &lt;BR&gt;<br /> [[DCOS/Install|DCOS LAB Installation Documentation]] &lt;BR&gt;</div> Admin http://wiki.dersllc.com/index.php?title=DCOS/Install&diff=43 DCOS/Install 2023-06-02T19:20:52Z <p>Admin: </p> <hr /> <div>= DCOS Installation Instructions = <br /> <br /> == LAB Setup ==<br /> * Virtual Machine (2 CPU, 4G Memory, 50G HDD)<br /> * CentOS 7 Minimal <br /> * IP Address Assigned<br /> * Hostname Assigned<br /> * DNS Assigned<br /> <br /> Master-01:<br /> hostnamectl set-hostname Master-01.dersllc.com<br /> sed -i 's/172.16.99.150/172.16.99.160/' /etc/sysconfig/network-scripts/ifcfg-ens192<br /> yum -y install open-vm-tools<br /> yum update -y<br /> <br /> Slave-01:<br /> hostnamectl set-hostname Slave-01.dersllc.com<br /> sed -i 's/172.16.99.150/172.16.99.161/' /etc/sysconfig/network-scripts/ifcfg-ens192 <br /> yum -y install open-vm-tools<br /> yum update -y<br /> <br /> Web-01:<br /> hostnamectl set-hostname Web-01.dersllc.com<br /> sed -i 's/172.16.99.150/172.16.99.170/' /etc/sysconfig/network-scripts/ifcfg-ens192<br /> yum update -y<br /> yum install -y httpd open-vm-tools<br /> systemctl enable httpd<br /> systemctl start httpd<br /> <br /> == Configuration Creation ==<br /> * SSH to &lt;b&gt;Web-01&lt;/b&gt;<br /> Install and configure Docker:<br /> yum install -y docker wget<br /> mkdir -p /etc/systemd/system/docker.service.d<br /> cat &gt; /etc/systemd/system/docker.service.d/http-proxy.conf &lt;&lt; &quot;EOF&quot;<br /> [Service]<br /> Environment=&quot;HTTPS_PROXY=https://192.168.1.73:3128/&quot;<br /> Environment=&quot;HTTP_PROXY=http://192.168.1.73:3128/&quot;<br /> Environment=&quot;FTP_PROXY=ftp://192.168.1.73:3128/&quot;<br /> Environment=&quot;NO_PROXY=localhost,127.0.0.0/8,dersllc.com&quot;<br /> EOF<br /> <br /> cat &lt;&lt;EOF | sudo tee -a /etc/sysconfig/docker<br /> http_proxy=&quot;http://192.168.1.73:3128/&quot;<br /> https_proxy=&quot;https://192.168.1.73:3128/&quot;<br /> ftp_proxy=&quot;ftp://192.168.1.73:3128/&quot;<br /> no_proxy=&quot;localhost,127.0.0.0/8,dersllc.com&quot;<br /> EOF<br /> <br /> sudo sed -i '/\[Service\]/a EnvironmentFile=/etc/sysconfig/docker' /usr/lib/systemd/system/docker.service<br /> systemctl daemon-reload<br /> systemctl restart docker<br /> <br /> Create GENCONF directory in Apache Directory:<br /> cd /var/www/html<br /> mkdir -p genconf<br /> <br /> Download dcos_generate_config.sh file from DCOS.io:<br /> wget https://downloads.dcos.io/dcos/stable/dcos_generate_config.sh<br /> <br /> Create admin password hash:<br /> ./dcos_generate_config.sh --hash-password &lt;PASSWORD&gt;<br /> <br /> Create Configuration File and copy in superuser password:<br /> cat &gt; genconf/config.yaml &lt;&lt; &quot;EOF&quot;<br /> bootstrap_url: http://web-01.dersllc.com/genconf/serve<br /> cluster_name: LAB<br /> superuser_username: admin<br /> superuser_password_hash: $6$rounds=656000$dOTsAHKtm/yBuOCF$iC9m16rE38eZ/iaDLoIgeFSPS9cb1NoBJGmEkHxghAvVkreyq9/Tl.CvYwUQDzot8iO6v6fVIWx7Nx0.yZjOA.<br /> exhibitor_storage_backend: static<br /> master_discovery: static<br /> ip_detect_public_filename: genconf/ip-detect<br /> master_list:<br /> - 172.16.99.160<br /> resolvers:<br /> - 172.16.87.5<br /> - 172.16.87.1<br /> security: 'disabled'<br /> use_proxy: 'true'<br /> http_proxy: http://192.168.1.73:3128<br /> https_proxy: https://192.168.1.73:3128<br /> no_proxy:<br /> - 'dersllc.com'<br /> enable_ipv6: 'false'<br /> EOF<br /> <br /> Create IP detection script:<br /> cat &gt; genconf/ip-detect &lt;&lt; &quot;EOF&quot;<br /> #!/usr/bin/env bash<br /> set -o nounset -o errexit<br /> export PATH=/usr/sbin:/usr/bin:$PATH<br /> echo $(ip addr show ens192 | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | head -1)<br /> EOF<br /> <br /> Run Configuration Generator:<br /> ./dcos_generate_config.sh<br /> systemctl restart httpd<br /> <br /> == Master / Slave Prerequisites ==<br /> echo &quot;proxy=http://192.168.1.73:3128&quot; &gt;&gt; /etc/yum.conf &lt;b&gt;# ONLY REQUIRED FOR DERSLLC ENVIRONMENT&lt;/b&gt;<br /> yum -y install ipset tar xz unzip curl docker docker-selinux chrony&amp;&gt; /dev/null<br /> yum -y upgrade &amp;&gt; /dev/null<br /> systemctl start chronyd<br /> systemctl enable chronyd <br /> cat &gt; /etc/chrony.conf &lt;&lt; &quot;EOF&quot;<br /> server 192.168.1.73<br /> server 0.vmware.pool.ntp.org<br /> server 1.vmware.pool.ntp.org<br /> server 2.vmware.pool.ntp.org<br /> server 3.vmware.pool.ntp.org<br /> allow 192.168.1.0/24<br /> EOF<br /> <br /> systemctl restart chronyd<br /> mkdir -p /etc/systemd/system/docker.service.d<br /> cat &gt; /etc/systemd/system/docker.service.d/http-proxy.conf &lt;&lt; &quot;EOF&quot;<br /> [Service]<br /> Environment=&quot;HTTPS_PROXY=https://192.168.1.73:3128/&quot;<br /> Environment=&quot;HTTP_PROXY=http://192.168.1.73:3128/&quot;<br /> Environment=&quot;FTP_PROXY=ftp://192.168.1.73:3128/&quot;<br /> Environment=&quot;NO_PROXY=localhost,127.0.0.0/8,dersllc.com&quot;<br /> EOF<br /> <br /> cat &lt;&lt;EOF | sudo tee -a /etc/sysconfig/docker<br /> http_proxy=&quot;http://192.168.1.73:3128/&quot;<br /> https_proxy=&quot;https://192.168.1.73:3128/&quot;<br /> ftp_proxy=&quot;ftp://192.168.1.73:3128/&quot;<br /> no_proxy=&quot;localhost,127.0.0.0/8,dersllc.com&quot;<br /> EOF<br /> <br /> sudo sed -i '/\[Service\]/a EnvironmentFile=/etc/sysconfig/docker' /usr/lib/systemd/system/docker.service<br /> systemctl daemon-reload<br /> systemctl restart docker<br /> grep -q Restart=on-failure /usr/lib/systemd/system/docker.service &amp;&amp; printf 'Restart function is already set in systemd script' || sed -i '/MountFlags=slave/aRestart=on-failure' /usr/lib/systemd/system/docker.service<br /> systemctl daemon-reload <br /> systemctl enable docker.service<br /> systemctl start docker.service<br /> systemctl disable firewalld &lt;b&gt;# DCOS requires this firewall to be shut off. https://docs.mesosphere.com/1.7/administration/installing/custom/system-requirements/&lt;/b&gt;<br /> systemctl stop firewalld<br /> mkdir -p /var/{lib,log}/mesos<br /> chown nobody /var/{lib,log}/mesos<br /> touch /var/marathon.ip<br /> chown /var/marathon.ip<br /> groupadd nogroup -g 9999<br /> groupadd docker<br /> <br /> mkdir -p /tmp/dcos &amp;&amp; cd /tmp/dcos<br /> curl -s http://web-01.dersllc.com/genconf/serve/dcos_install.sh &gt; dcos_install.sh &lt;b&gt; # Change this to the Web Server hosting the Configuration&lt;/b&gt;<br /> <br /> == Master Installation ==<br /> * SSH to &lt;b&gt;Master-01&lt;/b&gt;<br /> # Creating installDCOS.sh script<br /> echo &quot;setenforce 0&quot; &gt; /root/installDCOS.sh<br /> echo &quot;sed -i 's/SELINUX=enforcing/SELINUX=permissive/' /etc/sysconfig/selinux&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;/bin/bash /tmp/dcos/dcos_install.sh master&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;mkdir -p /var/log/mesos/archive&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;echo 'ENABLE_CHECK_TIME=false' &gt;&gt; /opt/mesosphere/environment&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;curl -fLsS --retry 20 -Y 100000 -y 60 https://downloads.dcos.io/binaries/cli/linux/x86-64/dcos-1.12/dcos -o dcos&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;mv dcos /usr/local/bin&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;chmod +x /usr/local/bin/dcos&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;dcos config set core.dcos_url http://Master-01.dersllc.com&quot; &gt;&gt; /root/installDCOS.sh &lt;b&gt; # Replace the IP with the IP or DNS name of your Master host &lt;/b&gt;<br /> echo &quot;sed -i 's/&quot;clock_sync&quot;\:/&quot;clock_sync1&quot;\:/' /opt/mesosphere/etc/dcos-diagnostics-runner-config.json&quot; &gt;&gt; /root/installDCOS.sh <br /> echo &quot;sed -i '/&quot;clock_sync&quot;/d' /opt/mesosphere/etc/dcos-diagnostics-runner-config.json&quot; &gt;&gt; /root/installDCOS.sh <br /> echo &quot;sed -i 's/&quot;journald_dir_permissions&quot;,/&quot;journald_dir_permissions&quot;/' /opt/mesosphere/etc/dcos-diagnostics-runner-config.json&quot; &gt;&gt; /root/installDCOS.sh <br /> echo &quot;sed -i 's/&quot;clock_sync1&quot;\:/&quot;clock_sync&quot;\:/' /opt/mesosphere/etc/dcos-diagnostics-runner-config.json&quot; &gt;&gt; /root/installDCOS.sh <br /> chmod 777 /root/installDCOS.sh<br /> <br /> # Running the DCOS Installation Script (AS ROOT) <br /> /root/installDCOS.sh<br /> <br /> == Slave Installation ==<br /> * SSH to &lt;b&gt;Slave-01&lt;/b&gt;<br /> # Creating the Install Script<br /> echo &quot;setenforce 0&quot; &gt; /root/installDCOS.sh<br /> echo &quot;sed -i 's/SELINUX=enforcing/SELINUX=permissive/' /etc/sysconfig/selinux&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;/bin/bash /tmp/dcos/dcos_install.sh slave&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;DCOS_CONFIG=\`grep -ir 'MESOS_HOSTNAME_LOOKUP=false' /opt/mesosphere/packages/dcos-config* | grep mesos-slave-common | cut -d ':' -f 1\`&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;for i in \$DCOS_CONFIG; do sed -i 's~MESOS_HOSTNAME_LOOKUP=.*~MESOS_HOSTNAME_LOOKUP=true~' \$i; done&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;rm -rf /var/lib/mesos/slave/meta/slaves/latest&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;echo 'ENABLE_CHECK_TIME=false' &gt;&gt; /opt/mesosphere/environment&quot; &gt;&gt; /root/installDCOS.sh<br /> echo &quot;sed -i 's/&quot;clock_sync&quot;\:/&quot;clock_sync1&quot;\:/' /opt/mesosphere/etc/dcos-diagnostics-runner-config.json&quot; &gt;&gt; /root/installDCOS.sh <br /> echo &quot;sed -i '/&quot;clock_sync&quot;/d' /opt/mesosphere/etc/dcos-diagnostics-runner-config.json&quot; &gt;&gt; /root/installDCOS.sh <br /> echo &quot;sed -i 's/&quot;journald_dir_permissions&quot;,/&quot;journald_dir_permissions&quot;/' /opt/mesosphere/etc/dcos-diagnostics-runner-config.json&quot; &gt;&gt; /root/installDCOS.sh <br /> echo &quot;sed -i 's/&quot;clock_sync1&quot;\:/&quot;clock_sync&quot;\:/' /opt/mesosphere/etc/dcos-diagnostics-runner-config.json&quot; &gt;&gt; /root/installDCOS.sh <br /> chmod 777 /root/installDCOS.sh<br /> <br /> # Running the DCOS Installation Script (AS ROOT) <br /> /root/installDCOS.sh</div> Admin http://wiki.dersllc.com/index.php?title=DERs&diff=42 DERs 2023-06-02T19:20:17Z <p>Admin: Created page with &quot;==DER&#039;s Documentation== DER&#039;s HomeLab Documentation&lt;br&gt; DER&#039;s Docker Repository Setup &lt;br&gt; DER&#039;s MongoDB Documentation&lt;br&gt; DER&#039;s MySQL DB Documentation&lt;br&gt; DER&#039;s PhotonOS Documentation&lt;br&gt; DER&#039;s Docker Documentation&lt;br&gt; DER&#039;s DCOS Documentation&lt;br&gt; DER&#039;s 3D Printer Documentation&lt;br&gt; DER&#039;s MAC Documentation&lt;br&gt; DERs/Horizon|DER&#039;s...&quot;</p> <hr /> <div>==DER's Documentation==<br /> [[DERs/HomeLab|DER's HomeLab Documentation]]&lt;br&gt;<br /> <br /> <br /> [[DERs/Harbor|DER's Docker Repository Setup]] &lt;br&gt;<br /> [[DERs/DERS-DB|DER's MongoDB Documentation]]&lt;br&gt;<br /> [[DERs/DERS-DB1|DER's MySQL DB Documentation]]&lt;br&gt;<br /> [[DERs/PhotonOS|DER's PhotonOS Documentation]]&lt;br&gt;<br /> [[DERs/Docker|DER's Docker Documentation]]&lt;br&gt;<br /> [[DERs/DCOS|DER's DCOS Documentation]]&lt;br&gt;<br /> [[DERs/3D|DER's 3D Printer Documentation]]&lt;br&gt;<br /> [[DERs/MAC|DER's MAC Documentation]]&lt;br&gt;<br /> [[DERs/Horizon|DER's Horizon Documentation]]&lt;br&gt;<br /> [[DERs/Templates|DER's Template Documentation]]&lt;br&gt;<br /> [[DERs/vRA|DER's vRA 8 Documentation]]&lt;br&gt;<br /> [[DERs/K8s|DER's Kubernetes Documentation]]&lt;br&gt;<br /> <br /> <br /> <br /> <br /> <br /> &lt;HR&gt;<br /> <br /> ==DREN Documentation ==<br /> [[DREN|DREN Documentation]] &lt;BR&gt;<br /> &lt;HR&gt;<br /> ==DevNet Documentation ==<br /> [[DevNet| DevNet Documentation]] &lt;BR&gt;<br /> &lt;HR&gt;<br /> <br /> ==TDKC Documentation ==<br /> [[TDKC|TDKC Documentation]] &lt;BR&gt;<br /> &lt;HR&gt;<br /> ==VMware Documentation==<br /> [[VMware|VMware Documentation]] &lt;BR&gt;</div> Admin http://wiki.dersllc.com/index.php?title=DREN/Kickstart/configFiles&diff=41 DREN/Kickstart/configFiles 2023-06-02T19:18:50Z <p>Admin: </p> <hr /> <div>==Docker.conf==<br /> /etc/systemd/system/docker.service.d/docker.conf<br /> <br /> [Service]<br /> ExecStart=<br /> ExecStart=/usr/bin/dockerd --storage-driver=overlay<br /> <br /> ==Figlet.sh==<br /> /etc/profile.d/figlet.sh<br /> <br /> #!/bin/bash <br /> <br /> fontlist=( `cat /usr/share/figlet/figfonts.txt` )<br /> <br /> num=$((($RANDOM%${#fontlist[@]})))<br /> red='\e[0;31m'<br /> reset='\e[0m'<br /> <br /> if [ $EUID -ne 0 ]; then<br /> echo 'now connected to...'<br /> figlet -t -c -f ${fontlist[$num]} `hostname|cut -d '.' -f 1`<br /> echo &quot; &quot;<br /> else<br /> echo -e &quot;you are now...$red&quot;<br /> figlet -t -c -f ${fontlist[$num]} root<br /> echo -e &quot; $reset&quot;<br /> fi<br /> <br /> ==Sudoers.d.conf==<br /> /etc/sudoers.d/nga-sudoers<br /> <br /> Cmnd_Alias DOMAIN_USERS_CMD = /usr/bin/docker,\<br /> /usr/local/bin/dcos<br /> %domain_users ALL=(ALL) NOPASSWD: DOMAIN_USERS_CMD<br /> james.ricker ALL=(ALL) NOPASSWD: ALL<br /> james.ricker.adm ALL=(ALL) NOPASSWD: ALL<br /> daniel.roessner ALL=(ALL) NOPASSWD: ALL<br /> daniel.roessner.adm ALL=(ALL) NOPASSWD: ALL<br /> scan_account ALL=(ALL) NOPASSWD: ALL<br /> <br /> ==Resolv.conf==<br /> /etc/resolv.conf<br /> <br /> ####################################################<br /> # This File is managed by SpaceWalk (RDHPWNGMP-01)<br /> # Please Contact the following Administrators:<br /> # Daniel Roessner <br /> # Email: daniel.roessner.ctr@us.af.mil<br /> # Phone: 937-522-6094<br /> # VOIP: 570-2483<br /> # James Ricker <br /> # Email: james.ricker.2.ctr@us.af.mil<br /> # Phone: 937-522-6092<br /> # VOIP: 570-2682<br /> ####################################################<br /> search 711hpw.afrl-wrs.hpc.mil<br /> nameserver 140.32.191.249<br /> nameserver 140.32.191.248<br /> nameserver 140.32.191.247<br /> nameserver 140.32.187.129<br /> <br /> ==SSSD.conf==<br /> /etc/sssd/sssd.conf<br /> <br /> [sssd]<br /> domains = 711HPW.afrl-wrs.hpc.mil<br /> config_file_version = 2<br /> services = nss, pam<br /> <br /> [domain/711HPW.afrl-wrs.hpc.mil]<br /> enumerate = true<br /> ad_domain = 711HPW.afrl-wrs.hpc.mil<br /> krb5_realm = 711HPW.AFRL-WRS.HPC.MIL<br /> realmd_tags = manages-system joined-with-samba<br /> cache_credentials = False<br /> krb5_store_password_if_offline = True<br /> default_shell = /bin/bash<br /> ldap_id_mapping = True<br /> ldap_schema = ad<br /> use_fully_qualified_names = False<br /> fallback_homedir = /users/%u<br /> id_provider = ad<br /> access_provider = ad</div> Admin http://wiki.dersllc.com/index.php?title=DREN/Kickstart/configFiles&diff=40 DREN/Kickstart/configFiles 2023-06-02T19:17:35Z <p>Admin: </p> <hr /> <div>==Docker.conf==<br /> /etc/systemd/system/docker.service.d/docker.conf<br /> <br /> [Service]<br /> ExecStart=<br /> ExecStart=/usr/bin/dockerd --storage-driver=overlay<br /> <br /> ==Figlet.sh==<br /> ==Sudoers.d.conf==<br /> ==Resolv.conf==<br /> ==SSSD.conf==</div> Admin http://wiki.dersllc.com/index.php?title=DREN/Kickstart/configFiles&diff=39 DREN/Kickstart/configFiles 2023-06-02T19:16:17Z <p>Admin: Created page with &quot; Docker.conf &lt;BR&gt; Figlet.sh &lt;BR&gt; Sudoers.d.conf &lt;BR&gt; Resolv.conf &lt;BR&gt; SSSD.conf &lt;BR&gt;&quot;</p> <hr /> <div>[[DREN/Kickstart/configFiles/docker.conf | Docker.conf]] &lt;BR&gt;<br /> [[DREN/Kickstart/configFiles/figlet.sh | Figlet.sh]] &lt;BR&gt;<br /> [[DREN/Kickstart/configFiles/nga-sudoers.conf | Sudoers.d.conf]] &lt;BR&gt;<br /> [[DREN/Kickstart/configFiles/resolv.conf | Resolv.conf]] &lt;BR&gt;<br /> [[DREN/Kickstart/configFiles/sssd.conf | SSSD.conf]] &lt;BR&gt;</div> Admin http://wiki.dersllc.com/index.php?title=DREN&diff=38 DREN 2023-06-02T19:15:58Z <p>Admin: Created page with &quot; Spacewalk Kickstart Configuration Files &lt;BR&gt; Spacewalk Kickstart SNIPPET Scripts &lt;BR&gt; Spacewalk Scripts &lt;BR&gt; Spacewalk PXE Scripts &lt;BR&gt;&quot;</p> <hr /> <div>[[DREN/Kickstart/configFiles| Spacewalk Kickstart Configuration Files]] &lt;BR&gt;<br /> [[DREN/Kickstart/snippets| Spacewalk Kickstart SNIPPET Scripts]] &lt;BR&gt;<br /> [[DREN/Kickstart/scripts| Spacewalk Scripts]] &lt;BR&gt;<br /> [[DREN/Kickstart/pxe| Spacewalk PXE Scripts]] &lt;BR&gt;</div> Admin http://wiki.dersllc.com/index.php?title=DERs/K8s&diff=37 DERs/K8s 2023-06-02T19:15:31Z <p>Admin: Created page with &quot;= Kubernetes Documentation = == Force Delete Persistent Volume Claim == kubectl get pvc kubectl patch pvc &lt;PVC_NAME&gt; -p &#039;{&quot;metadata&quot;:{&quot;finalizers&quot;: []}}&#039; --type=merge kubectl delete pvc &lt;PVC_NAME&gt; == Force StorageClass to Default == kubectl patch storageclass &lt;vk8s-storage&gt; -p &#039;{&quot;metadata&quot;: {&quot;annotations&quot;:{&quot;storageclass.kubernetes.io/is-default-class&quot;:&quot;true&quot;}}}&#039; === Force StorageClass in vSphere 7 === https://www.pramodrane.com/vsphere-7-with-kubernetes-part-4-clo...&quot;</p> <hr /> <div>= Kubernetes Documentation =<br /> == Force Delete Persistent Volume Claim ==<br /> kubectl get pvc<br /> kubectl patch pvc &lt;PVC_NAME&gt; -p '{&quot;metadata&quot;:{&quot;finalizers&quot;: []}}' --type=merge<br /> kubectl delete pvc &lt;PVC_NAME&gt;<br /> <br /> <br /> == Force StorageClass to Default ==<br /> kubectl patch storageclass &lt;vk8s-storage&gt; -p '{&quot;metadata&quot;: {&quot;annotations&quot;:{&quot;storageclass.kubernetes.io/is-default-class&quot;:&quot;true&quot;}}}'<br /> === Force StorageClass in vSphere 7 ===<br /> https://www.pramodrane.com/vsphere-7-with-kubernetes-part-4-cloud-native-storage-with-vsphere-csi-for-persistent-volumes/<br /> <br /> #ssh to the vCenter<br /> <br /> #RUN THIS SCRIPT TO GET THE IP AND PWD<br /> /usr/lib/vmware-wcp/decryptK8Pwd.py<br /> <br /> ssh &lt;IP from CMD above&gt;<br /> <br /> kubectl patch storageclass &lt;vk8s-storage&gt; -p '{&quot;metadata&quot;: {&quot;annotations&quot;:{&quot;storageclass.kubernetes.io/is-default-class&quot;:&quot;true&quot;}}}'</div> Admin http://wiki.dersllc.com/index.php?title=DERs/vRA&diff=36 DERs/vRA 2023-06-02T19:15:12Z <p>Admin: Created page with &quot;===vRA 8=== https://garyflynn.com/technology/vmware/vrealize-automation-8x-troubleshooting/&quot;</p> <hr /> <div>===vRA 8===<br /> https://garyflynn.com/technology/vmware/vrealize-automation-8x-troubleshooting/</div> Admin http://wiki.dersllc.com/index.php?title=DERs/Templates&diff=35 DERs/Templates 2023-06-02T19:14:52Z <p>Admin: Created page with &quot;===Centos Template w/ Cloud-Init=== yum -y update yum -y install perl cloud-init cat &gt; /etc/cloud/cloud.cfg.d/99-custom-networking.cfg &lt;&lt; &quot;EOF&quot; network: {config: disabled} EOF systemctl disable firewalld cloud-init clean init 0&quot;</p> <hr /> <div>===Centos Template w/ Cloud-Init===<br /> yum -y update<br /> yum -y install perl cloud-init<br /> cat &gt; /etc/cloud/cloud.cfg.d/99-custom-networking.cfg &lt;&lt; &quot;EOF&quot;<br /> network: {config: disabled}<br /> EOF<br /> systemctl disable firewalld<br /> cloud-init clean<br /> init 0</div> Admin http://wiki.dersllc.com/index.php?title=DERs/Horizon&diff=34 DERs/Horizon 2023-06-02T19:14:27Z <p>Admin: Created page with &quot;= DER&#039;s Horizon Documentation = === Adding a new STAR Cert to Connection Server === FROM MAC or LINUX openssl pkcs12 -export -out /Users/droessner/ownCloud/DER\&#039;s\ Drive/DERs/SSL/31Jul2021/star.dersllc.com.pfx -inkey /Users/droessner/ownCloud/DER\&#039;s\ Drive/DERs/SSL/31Jul2021/dersllc-new.key -in /Users/droessner/ownCloud/DER\&#039;s\ Drive/DERs/SSL/31Jul2021/star.dersllc.com.crt Open MMC on Connection Server -&gt; Add Certiicates Snap-In (Local Machine) -&gt; Personal -&gt; Import...&quot;</p> <hr /> <div>= DER's Horizon Documentation =<br /> <br /> === Adding a new STAR Cert to Connection Server ===<br /> FROM MAC or LINUX <br /> openssl pkcs12 -export -out /Users/droessner/ownCloud/DER\'s\ Drive/DERs/SSL/31Jul2021/star.dersllc.com.pfx -inkey /Users/droessner/ownCloud/DER\'s\ Drive/DERs/SSL/31Jul2021/dersllc-new.key -in /Users/droessner/ownCloud/DER\'s\ Drive/DERs/SSL/31Jul2021/star.dersllc.com.crt<br /> <br /> Open MMC on Connection Server -&gt; Add Certiicates Snap-In (Local Machine) -&gt; Personal -&gt; Import the PFX file. <br /> After Imported change the cert friendly name to &quot;vdm&quot; and modify the old vdm cert.<br /> <br /> '''MAKE SURE YOU UPDATE THE THUMBPRINT IN THE UAG!!!'''<br /> <br /> <br /> Note: This PFX file works for the UAG as well.</div> Admin http://wiki.dersllc.com/index.php?title=DERs/MAC&diff=33 DERs/MAC 2023-06-02T19:14:05Z <p>Admin: Created page with &quot;=MAC Documentation= ===Enter Restore Menu === During boot press: Command + R ===Get to Terminal from Restore Menu=== *Click the Utilities Tab *Terminal ===Manually set ip address from Terminal=== ipconfig set en5 DHCP ifconfig ===Keep Recovery mode from sleeping === pmset -a sleep 0 pmset -a disksleep 0 pmset -a displaysleep 0 ===Mount NFS from MacOS === mount -t nfs -o resvport 192.168.3.1:/mp3 /private/nfs === Allow Untrusted Applications === #Disable Ap...&quot;</p> <hr /> <div>=MAC Documentation=<br /> <br /> ===Enter Restore Menu ===<br /> During boot press:<br /> Command + R<br /> <br /> ===Get to Terminal from Restore Menu===<br /> *Click the Utilities Tab<br /> *Terminal<br /> <br /> ===Manually set ip address from Terminal===<br /> ipconfig set en5 DHCP<br /> ifconfig<br /> <br /> ===Keep Recovery mode from sleeping ===<br /> pmset -a sleep 0<br /> pmset -a disksleep 0<br /> pmset -a displaysleep 0<br /> <br /> ===Mount NFS from MacOS ===<br /> mount -t nfs -o resvport 192.168.3.1:/mp3 /private/nfs<br /> <br /> === Allow Untrusted Applications ===<br /> #Disable Application Checking:<br /> #:sudo spctl --master-disable<br /> #Install Application as usual!<br /> #Enable Application Checking<br /> #:sudo spctl --master-enable</div> Admin http://wiki.dersllc.com/index.php?title=DERs/3D&diff=32 DERs/3D 2023-06-02T19:13:44Z <p>Admin: Created page with &quot;= DER&#039;s 3D Printer Documentation = == Current Printer Version == * ORIGINAL PRUSA I3 &quot;MK2.5&quot; w/ RAMBo13a ** https://www.prusa3d.com/drivers/&quot;</p> <hr /> <div>= DER's 3D Printer Documentation = <br /> == Current Printer Version == <br /> * ORIGINAL PRUSA I3 &quot;MK2.5&quot; w/ RAMBo13a<br /> ** https://www.prusa3d.com/drivers/</div> Admin http://wiki.dersllc.com/index.php?title=DERs/DCOS&diff=31 DERs/DCOS 2023-06-02T19:13:21Z <p>Admin: Created page with &quot;= DCOS Documentation = === Disable clock-sync check on dcos-checks-poststart.service === sed -i &#039;s/&quot;clock_sync&quot;\:/&quot;clock_sync1&quot;\:/&#039; /opt/mesosphere/etc/dcos-diagnostics-runner-config.json sed -i &#039;/&quot;clock_sync&quot;/d&#039; /opt/mesosphere/etc/dcos-diagnostics-runner-config.json sed -i &#039;s/&quot;journald_dir_permissions&quot;,/&quot;journald_dir_permissions&quot;/&#039; /opt/mesosphere/etc/dcos-diagnostics-runner-config.json sed -i &#039;s/&quot;clock_sync1&quot;\:/&quot;clock_sync&quot;\:/&#039; /opt/mesosphere/etc/dcos-diagnostic...&quot;</p> <hr /> <div>= DCOS Documentation =<br /> <br /> === Disable clock-sync check on dcos-checks-poststart.service ===<br /> sed -i 's/&quot;clock_sync&quot;\:/&quot;clock_sync1&quot;\:/' /opt/mesosphere/etc/dcos-diagnostics-runner-config.json<br /> sed -i '/&quot;clock_sync&quot;/d' /opt/mesosphere/etc/dcos-diagnostics-runner-config.json<br /> sed -i 's/&quot;journald_dir_permissions&quot;,/&quot;journald_dir_permissions&quot;/' /opt/mesosphere/etc/dcos-diagnostics-runner-config.json<br /> sed -i 's/&quot;clock_sync1&quot;\:/&quot;clock_sync&quot;\:/' /opt/mesosphere/etc/dcos-diagnostics-runner-config.json<br /> <br /> === Enable Chrony NTP service ===<br /> yum install -y chrony<br /> systemctl start chronyd<br /> systemctl enable chronyd<br /> cat &gt; /etc/chrony.conf &lt;&lt; &quot;EOF&quot;<br /> server 192.168.1.73 iburst<br /> EOF<br /> <br /> systemctl restart chronyd<br /> chronyc tracking<br /> chronyc sources<br /> chronyc sourcestats<br /> <br /> === Setup Proxy Server for Docker ===<br /> mkdir -p /etc/systemd/system/docker.service.d<br /> cat &gt; /etc/systemd/system/docker.service.d/http-proxy.conf &lt;&lt; &quot;EOF&quot;<br /> [Service]<br /> Environment=&quot;HTTPS_PROXY=https://192.168.1.73:3128/&quot;<br /> Environment=&quot;HTTP_PROXY=http://192.168.1.73:3128/&quot;<br /> Environment=&quot;FTP_PROXY=ftp://192.168.1.73:3128/&quot;<br /> Environment=&quot;NO_PROXY=localhost,127.0.0.0/8,dersllc.com&quot;<br /> EOF<br /> <br /> systemctl daemon-reload<br /> systemctl restart docker<br /> <br /> === Setup Proxy Server for Docker Containers ===<br /> cat &lt;&lt;EOF | sudo tee -a /etc/sysconfig/docker<br /> http_proxy=&quot;http://192.168.1.73:3128/&quot;<br /> https_proxy=&quot;https://192.168.1.73:3128/&quot;<br /> ftp_proxy=&quot;ftp://192.168.1.73:3128/&quot;<br /> no_proxy=&lt;REGISTRY_IP&gt;<br /> EOF<br /> <br /> sudo sed -i '/\[Service\]/a EnvironmentFile=/etc/sysconfig/docker' /usr/lib/systemd/system/docker.service<br /> sudo systemctl daemon-reload<br /> sudo service docker restart</div> Admin http://wiki.dersllc.com/index.php?title=DERs/Docker&diff=30 DERs/Docker 2023-06-02T19:12:56Z <p>Admin: Created page with &quot;== Configure Proxy Server in Docker == mkdir -p /etc/systemd/system/docker.service.d cat &gt; /etc/systemd/system/docker.service.d/http-proxy.conf &lt;&lt; &quot;EOF&quot; [Service] Environment=&quot;HTTPS_PROXY=https://192.168.1.73:3128/&quot; Environment=&quot;HTTP_PROXY=http://192.168.1.73:3128/&quot; Environment=&quot;FTP_PROXY=ftp://192.168.1.73:3128/&quot; Environment=&quot;NO_PROXY=localhost,127.0.0.0/8,dersllc.com&quot; EOF sudo systemctl daemon-reload #sudo systemctl show --property Environment docker sudo...&quot;</p> <hr /> <div>== Configure Proxy Server in Docker ==<br /> mkdir -p /etc/systemd/system/docker.service.d<br /> cat &gt; /etc/systemd/system/docker.service.d/http-proxy.conf &lt;&lt; &quot;EOF&quot;<br /> [Service]<br /> Environment=&quot;HTTPS_PROXY=https://192.168.1.73:3128/&quot;<br /> Environment=&quot;HTTP_PROXY=http://192.168.1.73:3128/&quot;<br /> Environment=&quot;FTP_PROXY=ftp://192.168.1.73:3128/&quot;<br /> Environment=&quot;NO_PROXY=localhost,127.0.0.0/8,dersllc.com&quot;<br /> EOF<br /> <br /> sudo systemctl daemon-reload<br /> #sudo systemctl show --property Environment docker<br /> sudo systemctl restart docker<br /> <br /> == cloud.dersllc.com (NextCloud) ==<br /> [[ DERs/Docker/OwnCloud_Changes | Change Log ]]<br /> docker stop DERS-NextCloud<br /> docker rm DERS-NextCloud<br /> <br /> echo &quot;Starting DERS-NextCloud Container!&quot;<br /> docker run -d \<br /> --restart always \<br /> --name DERS-NextCloud \<br /> -v /nfs/Apps/NextCloud/html:/var/www/html \<br /> -v /nfs/Apps/NextCloud/custom_apps:/var/www/html/custom_apps \<br /> -v /nfs/Apps/NextCloud/config:/var/www/html/config \<br /> -v /nfs/Apps/NextCloud/data:/var/www/html/data \<br /> -v /nfs/Apps/NextCloud/ders_theme:/var/www/html/themes/ders_theme \<br /> -p &quot;10115:80&quot; \<br /> --privileged \<br /> nextcloud:latest<br /> <br /> <br /> docker exec -u www-data DERS-NextCloud php occ upgrade<br /> <br /> Exit Maintenance Mode<br /> go to your nextcloud folder and then open config/config.php.<br /> search for 'maintenance' =&gt; true,<br /> change true to false.<br /> save your changes.<br /> reload your web page.<br /> <br /> == jenkins.dersllc.com (Jenkins) ==<br /> [[ DERs/Docker/Jenkins_Changes | Change Log ]]<br /> docker run -d \<br /> --restart always \<br /> --name DERS-Jenkins \<br /> -p 8080:8080 \<br /> -p 50000:50000 \<br /> -v /data/DERS-Jenkins:/var/jenkins_home \<br /> jenkins/jenkins<br /> <br /> == gitlab.dersllc.com (Gitlab) ==<br /> [[ DERs/Docker/Gitlab_Changes | Change Log ]]<br /> docker run -d \<br /> --restart always \<br /> --name DERS-Gitlab \<br /> -v &quot;/data3/DERS-GitLab/config:/etc/gitlab&quot; \<br /> -v &quot;/data3/DERS-GitLab/logs:/var/log/gitlab&quot; \<br /> -v &quot;/data3/DERS-GitLab/data:/var/opt/gitlab&quot; \<br /> -p &quot;8880:80&quot; \<br /> -p &quot;8443:443&quot; \<br /> -p &quot;8822:22&quot; \<br /> gitlab/gitlab-ce:latest<br /> <br /> == rig.dersllc.com (ETN Miners) ==<br /> [[ DERs/Docker/Rig_Changes | Change Log ]]<br /> docker run -d \<br /> --name DERS-RIG \<br /> --restart always \<br /> -p 85:80 \<br /> harbor.dersllc.com/ders/ders-rig</div> Admin http://wiki.dersllc.com/index.php?title=DERs/PhotonOS&diff=29 DERs/PhotonOS 2023-06-02T19:12:35Z <p>Admin: Created page with &quot;= PhotonOS = == DEFAULT PASSWORD == changeme == MANUALLY SET IP ADDRESS == cat &gt; /etc/systemd/network/10-eth-static.network &lt;&lt; &quot;EOF&quot; [Match] Name=eth0 [Network] Address=172.16.87.40/24 Gateway=172.16.87.1 DNS1=172.16.87.5 DNS2=172.16.87.1 Domains=dersllc.com EOF == RESTART NETWORK SERVICE == systemctl restart systemd-networkd == ADD MANUAL ROUTE == cat &gt;&gt; /etc/systemd/network/10-eth-static.network &lt;&lt; &quot;EOF&quot; [Route] Gateway=172.16.87.2 Destination=19...&quot;</p> <hr /> <div>= PhotonOS =<br /> == DEFAULT PASSWORD ==<br /> changeme<br /> <br /> == MANUALLY SET IP ADDRESS ==<br /> cat &gt; /etc/systemd/network/10-eth-static.network &lt;&lt; &quot;EOF&quot;<br /> [Match]<br /> Name=eth0<br /> <br /> [Network]<br /> Address=172.16.87.40/24<br /> Gateway=172.16.87.1<br /> DNS1=172.16.87.5<br /> DNS2=172.16.87.1<br /> Domains=dersllc.com<br /> EOF<br /> <br /> == RESTART NETWORK SERVICE ==<br /> systemctl restart systemd-networkd<br /> <br /> == ADD MANUAL ROUTE ==<br /> cat &gt;&gt; /etc/systemd/network/10-eth-static.network &lt;&lt; &quot;EOF&quot;<br /> <br /> [Route]<br /> Gateway=172.16.87.2<br /> Destination=192.168.1.0/24<br /> EOF<br /> <br /> == MANUALLY SET DNS SERVERS ==<br /> cat &gt; /etc/resolv.conf &lt;&lt; &quot;EOF&quot;<br /> # Begin /etc/resolv.conf<br /> <br /> domain dersllc.com<br /> nameserver 172.16.87.5<br /> nameserver 172.16.87.1<br /> <br /> # End /etc/resolv.conf<br /> EOF<br /> <br /> == ALLOW DOCKER REMOTELY ==<br /> sed -i '/ExecStart/c\ExecStart=/usr/bin/dockerd -H unix:///var/run/docker.sock -H tcp://0.0.0.0:2375' /lib/systemd/system/docker.service<br /> systemctl enable docker<br /> systemctl restart docker<br /> <br /> == JOIN TO ACTIVE DIRECTORY ==<br /> tdnf install likewise-open --refresh &lt;b&gt;#(NEEDS TO BE version 6.2.11.4-4.ph2 or highier)&lt;/b&gt;<br /> tdnf install openldap --refresh &lt;b&gt;#(NEEDS TO BE version 2.4.44-4.ph2 or highier)&lt;/b&gt;<br /> <br /> vi /etc/hosts <br /> 127.0.0.1 photon.dersllc.com photon<br /> <br /> /opt/likewise/bin/lwregshell<br /> cd HKEY_THIS_MACHINE\Services\lwio\Parameters\Drivers\rdr\<br /> set_value Smb2Enabled 1<br /> quit<br /> <br /> /opt/likewise/bin/lwsm restart lwio<br /> /opt/likewise/bin/domainjoin-cli join dersllc.com daniel.roessner <br /> <br /> /opt/likewise/bin/domainjoin-cli query<br /> /opt/likewise/bin/lw-find-user-by-name daniel.roessner@dersllc.com<br /> <br /> /opt/likewise/bin/domainjoin-cli configure nsswitch<br /> /opt/likewise/bin/domainjoin-cli configure pam<br /> <br /> tdnf install sudo<br /> vi /etc/sudoers<br /> %DERSLLC\\vra_admins ALL=(ALL) ALL<br /> <br /> == ALLOW PINGS ==<br /> iptables -A OUTPUT -p icmp -j ACCEPT<br /> iptables -A INPUT -p icmp -j ACCEPT</div> Admin http://wiki.dersllc.com/index.php?title=DERs/DERS-DB1&diff=28 DERs/DERS-DB1 2023-06-02T19:12:17Z <p>Admin: Created page with &quot;== USERS TABLE == CREATE TABLE IF NOT EXISTS `users` ( `ID` int(11) NOT NULL AUTO_INCREMENT, `user` varchar(30), `level` varchar(2), PRIMARY KEY (`ID`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=12 ; INSERT INTO users (user, level) VALUES(&#039;admin&#039;, &#039;CL&#039;); INSERT INTO users (user, level) VALUES(&#039;pbuser&#039;, &#039;CL&#039;);&quot;</p> <hr /> <div>== USERS TABLE ==<br /> CREATE TABLE IF NOT EXISTS `users` (<br /> `ID` int(11) NOT NULL AUTO_INCREMENT,<br /> `user` varchar(30),<br /> `level` varchar(2),<br /> PRIMARY KEY (`ID`)<br /> ) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=12 ;<br /> INSERT INTO users (user, level) VALUES('admin', 'CL');<br /> INSERT INTO users (user, level) VALUES('pbuser', 'CL');</div> Admin http://wiki.dersllc.com/index.php?title=DERs/DERS-DB&diff=27 DERs/DERS-DB 2023-06-02T19:11:53Z <p>Admin: Created page with &quot;== Database Setup == cat &lt;&lt;EOF&gt; /etc/yum.repos.d/mongodb.repo [mongodb] name=MongoDB Repository baseurl=http://downloads-distro.mongodb.org/repo/redhat/os/x86_64/ gpgcheck=0 enabled=1 EOF yum -y install mongodb-org mongodb-org-server firewall-cmd --add-port 27017/tcp firewall-cmd --add-port 27017/tcp --permanent sed -i &#039;s~bind_ip=127.0.0.1~#bind_ip=127.0.0.1~&#039; /etc/mongod.conf systemctl enable mongod systemctl start mongod systemctl restart mongod == Creat...&quot;</p> <hr /> <div>== Database Setup ==<br /> cat &lt;&lt;EOF&gt; /etc/yum.repos.d/mongodb.repo<br /> [mongodb]<br /> name=MongoDB Repository<br /> baseurl=http://downloads-distro.mongodb.org/repo/redhat/os/x86_64/<br /> gpgcheck=0<br /> enabled=1<br /> EOF<br /> yum -y install mongodb-org mongodb-org-server<br /> firewall-cmd --add-port 27017/tcp<br /> firewall-cmd --add-port 27017/tcp --permanent<br /> sed -i 's~bind_ip=127.0.0.1~#bind_ip=127.0.0.1~' /etc/mongod.conf<br /> systemctl enable mongod<br /> systemctl start mongod<br /> systemctl restart mongod<br /> <br /> == Create Multiple new PB Users ==<br /> sed -i 's~auth=true~#auth=true~' /etc/mongod.conf<br /> systemctl restart mongod<br /> mongo<br /> db.createUser( { &quot;user&quot;: &quot;admin&quot;, &quot;pwd&quot;: &quot;****&quot;, &quot;roles&quot;: [ &quot;readWrite&quot;, &quot;dbAdmin&quot; ] } )<br /> use dersworkout<br /> db.createUser( { &quot;user&quot;: &quot;p1user&quot;, &quot;pwd&quot;: &quot;****&quot;, &quot;customData&quot;: { &quot;level&quot;: &quot;P1&quot; }, &quot;roles&quot;: [ &quot;read&quot; ] } )<br /> db.createUser( { &quot;user&quot;: &quot;p2user&quot;, &quot;pwd&quot;: &quot;****&quot;, &quot;customData&quot;: { &quot;level&quot;: &quot;P2&quot; }, &quot;roles&quot;: [ &quot;read&quot; ] } )<br /> db.createUser( { &quot;user&quot;: &quot;p3user&quot;, &quot;pwd&quot;: &quot;****&quot;, &quot;customData&quot;: { &quot;level&quot;: &quot;P3&quot; }, &quot;roles&quot;: [ &quot;read&quot; ] } )<br /> db.createUser( { &quot;user&quot;: &quot;p4user&quot;, &quot;pwd&quot;: &quot;****&quot;, &quot;customData&quot;: { &quot;level&quot;: &quot;P4&quot; }, &quot;roles&quot;: [ &quot;read&quot; ] } )<br /> db.createUser( { &quot;user&quot;: &quot;admin&quot;, &quot;pwd&quot;: &quot;****&quot;, &quot;roles&quot;: [ &quot;readWrite&quot; ] } )<br /> var users = [ {user: &quot;p1user&quot;, level: &quot;P1&quot;},{user: &quot;p2user&quot;, level: &quot;P2&quot;},{user: &quot;p3user&quot;, level: &quot;P3&quot;},{user: &quot;p4user&quot;, level: &quot;P4&quot;},{user: &quot;admin&quot;, level: &quot;P4&quot;}];<br /> db.users.insert(users)<br /> quit()<br /> sed -i 's~#auth=true~auth=true~' /etc/mongod.conf<br /> systemctl restart mongod<br /> <br /> == Create new PB Users ==<br /> sed -i 's~auth=true~#auth=true~' /etc/mongod.conf<br /> systemctl restart mongod<br /> mongo<br /> use dersworkout<br /> db.createUser( { &quot;user&quot;: &quot;pbuser&quot;, &quot;pwd&quot;: &quot;****&quot;, &quot;customData&quot;: { &quot;level&quot;: &quot;CL&quot; }, &quot;roles&quot;: [ &quot;read&quot; ] } )<br /> db.users.insert({user: &quot;pbuser&quot;, level: &quot;CL&quot;})<br /> quit()<br /> sed -i 's~#auth=true~auth=true~' /etc/mongod.conf<br /> systemctl restart mongod<br /> <br /> == Show list of Collections ==<br /> mongo<br /> use dersworkout<br /> db.auth('admin', '*****')<br /> show collections<br /> quit()<br /> <br /> == Display a Collection ==<br /> mongo<br /> use dersworkout<br /> db.auth('admin', '*****')<br /> db.users.find()<br /> db.PB2017Q3.find()<br /> quit()<br /> <br /> == Change Users Passwords ==<br /> mongo<br /> use dersworkout<br /> db.auth('admin', '*****')<br /> db.changeUserPassword(&quot;p1user&quot;, &quot;*****&quot;)<br /> quit()<br /> <br /> == Drop a Collection ==<br /> sed -i 's~auth=true~#auth=true~' /etc/mongod.conf<br /> systemctl restart mongod<br /> mongo<br /> use dersworkout<br /> db.PB2015Q2.drop()<br /> quit()<br /> sed -i 's~#auth=true~auth=true~' /etc/mongod.conf<br /> systemctl restart mongod</div> Admin http://wiki.dersllc.com/index.php?title=DERs/Harbor&diff=26 DERs/Harbor 2023-06-02T19:11:26Z <p>Admin: Created page with &quot;= VIC.DERSLLC.COM = == Setup Repo Certs == # Download ca.crt from https://vic.dersllc.com:8282/#/administration/configuration # Post it to cloud.dersllc.com and share it publicly yum -y install ca-certificates update-ca-trust force-enable wget http://cloud.dersllc.com/index.php/s/YrqISnQvIHqZCwz/download -O /etc/pki/ca-trust/source/anchors/vic-ca.crt update-ca-trust extract update-ca-trust mkdir -p /root/.docker wget http://cloud.dersllc.com/index.php/s/lepRsqY...&quot;</p> <hr /> <div>= VIC.DERSLLC.COM =<br /> == Setup Repo Certs ==<br /> # Download ca.crt from https://vic.dersllc.com:8282/#/administration/configuration<br /> # Post it to cloud.dersllc.com and share it publicly<br /> <br /> yum -y install ca-certificates<br /> update-ca-trust force-enable<br /> wget http://cloud.dersllc.com/index.php/s/YrqISnQvIHqZCwz/download -O /etc/pki/ca-trust/source/anchors/vic-ca.crt<br /> update-ca-trust extract<br /> update-ca-trust<br /> <br /> mkdir -p /root/.docker<br /> wget http://cloud.dersllc.com/index.php/s/lepRsqYTS86yTIc/download -O /root/.docker/config.json<br /> systemctl restart docker<br /> <br /> docker login vic.dersllc.com<br /> #<br /> #Username: administrator@vsphere.local<br /> #Password: &lt;vsphere password&gt;<br /> <br /> = DER's Harbor Install =<br /> cd ~<br /> wget https://storage.googleapis.com/harbor-releases/harbor-online-installer-v1.3.0-rc4.tgz<br /> tar -xzvf harbor-online-installer-v1.3.0-rc4.tgz<br /> <br /> cd harbor<br /> wget https://github.com/docker/compose/releases/download/1.18.0/docker-compose-Linux-x86_64<br /> ln -s /harbor/docker-compose-Linux-x86_64 /bin/docker-compose<br /> mkdir -p /data/cert<br /> wget http://time.dersllc.com/ders-star.crt -O /data/cert/server.crt<br /> wget http://time.dersllc.com/ders-star.key -O /data/cert/server.key<br /> <br /> vi harbor.cfg <br /> <br /> ./install.sh<br /> <br /> = DER's Docker Repo Setup =<br /> wget --no-check-certificate https://time.dersllc.com/ca.crt -O /etc/pki/ca-trust/source/anchors/cacert.cer<br /> update-ca-trust<br /> systemctl restart docker<br /> docker login https://vic.dersllc.com<br /> <br /> echo 'DOCKER_OPTS=&quot;--insecure-registry vic.dersllc.com&quot;' &gt; /etc/default/docker<br /> wget --no-check-certificate https://time.dersllc.com/ca.crt -O /etc/docker/certs.d/vic.dersllc.com/ca.crt<br /> systemctl restart docker<br /> docker login vic.dersllc.com<br /> <br /> tdnf -y install wget<br /> mkdir -p /etc/docker/certs.d/docker.dersllc.com/<br /> wget --no-check-certificate https://time.dersllc.com/ders-ca.crt -O /etc/docker/certs.d/docker.dersllc.com/ders-ca.crt<br /> systemctl restart docker<br /> docker login docker.dersllc.com<br /> <br /> mkdir -p /etc/docker/certs.d/harbor.dersllc.com/<br /> wget --no-check-certificate https://time.dersllc.com/ders-ca.crt -O /etc/docker/certs.d/harbor.dersllc.com/ders-ca.crt<br /> systemctl restart docker<br /> docker login harbor.dersllc.com<br /> <br /> = VCH Deploy =<br /> <br /> ==Get Thumbprint==<br /> ssh vcsa.dersllc.com<br /> openssl x509 -in /etc/vmware-vpx/ssl/rui.crt -fingerprint -sha1 -noout<br /> <br /> ./vic/vic-machine-linux create --no-tlsverify --target 192.168.87.85 --user administrator@vsphere.local --password ****** --name ders-vch1 --public-network /Beavercreek/network/Public --bridge-network /Beavercreek/network/Bridge --compute-resource /Beavercreek/host/HP/Resources --image-store DERS-FILE --insecure-registry 192.168.87.90:443 --thumbprint 8B:0C:4B:59:C6:E2:82:2E:1C:A5:7F:CE:E2:87:D8:A1:14:43:81:95 --volume-store 'DERS-FILE'/volumes:default --registry-ca=&quot;./ca.crt&quot;</div> Admin http://wiki.dersllc.com/index.php?title=DERs/HomeLab&diff=25 DERs/HomeLab 2023-06-02T19:11:02Z <p>Admin: Created page with &quot;= DER&#039;s Home Lab Documentation = == harbor-aws.dersllc.com == === SSH to Harbor-AWS === #On Plex ssh -i ~/.ssh/aws-keypair.pem ec2-user@ec2-54-91-52-46.compute-1.amazonaws.com === Install Harbor-AWS === mkdir /data cd /data curl https://ders-gitlab.dersllc.com/ders/ders-proxy/-/raw/master/STAR_dersllc_com.crt &gt; /data/ders-star-chain.crt curl https://ders-gitlab.dersllc.com/ders/ders-proxy/-/raw/master/AddTrustExternalCARoot.crt &gt;&gt; /data/ders-star-chain.crt cp /da...&quot;</p> <hr /> <div>= DER's Home Lab Documentation =<br /> == harbor-aws.dersllc.com ==<br /> === SSH to Harbor-AWS ===<br /> #On Plex<br /> ssh -i ~/.ssh/aws-keypair.pem ec2-user@ec2-54-91-52-46.compute-1.amazonaws.com<br /> <br /> === Install Harbor-AWS ===<br /> mkdir /data<br /> cd /data<br /> curl https://ders-gitlab.dersllc.com/ders/ders-proxy/-/raw/master/STAR_dersllc_com.crt &gt; /data/ders-star-chain.crt<br /> curl https://ders-gitlab.dersllc.com/ders/ders-proxy/-/raw/master/AddTrustExternalCARoot.crt &gt;&gt; /data/ders-star-chain.crt<br /> cp /data/ders-star-chain.crt /data/ders-star-chain.pem<br /> curl https://ders-gitlab.dersllc.com/ders/ders-proxy/-/raw/master/AddTrustExternalCARoot.crt &gt; /data/ders-ca.crt<br /> cat /data/ders-ca.crt &gt;&gt; /etc/pki/tls/certs/ca-bundle.crt<br /> curl https://ders-gitlab.dersllc.com/ders/ders-proxy/-/raw/master/dersllc-new.key &gt; /data/ders-star.key<br /> <br /> yum -y install docker<br /> service docker start<br /> systemctl enable docker<br /> <br /> wget https://github.com/docker/compose/releases/download/v2.18.1/docker-compose-linux-x86_64 -O /usr/local/bin/docker-compose<br /> chmod +x /usr/local/bin/docker-compose<br /> wget https://github.com/goharbor/harbor/releases/download/v2.8.1/harbor-offline-installer-v2.8.1.tgz<br /> tar -zxvf harbor-offline-installer-v2.8.1.tgz<br /> cd harbor<br /> cp harbor.yml.tmpl harbor.yml<br /> vi harbor.yml<br /> # add Hostname and certs and location<br /> #### harbor-aws.dersllc.com<br /> #### /data/ders-star-chain.crt<br /> #### /data/ders-star.key<br /> #### /data/harbor-data<br /> <br /> ./install.sh --with-trivy --with-notary</div> Admin http://wiki.dersllc.com/index.php?title=DCOS/Install&diff=24 DCOS/Install 2023-06-02T19:10:39Z <p>Admin: Created page with &quot;==DER&#039;s Documentation== DER&#039;s HomeLab Documentation&lt;br&gt; DER&#039;s Docker Repository Setup &lt;br&gt; DER&#039;s MongoDB Documentation&lt;br&gt; DER&#039;s MySQL DB Documentation&lt;br&gt; DER&#039;s PhotonOS Documentation&lt;br&gt; DER&#039;s Docker Documentation&lt;br&gt; DER&#039;s DCOS Documentation&lt;br&gt; DER&#039;s 3D Printer Documentation&lt;br&gt; DER&#039;s MAC Documentation&lt;br&gt; DERs/Horizon|DER&#039;s...&quot;</p> <hr /> <div>==DER's Documentation==<br /> [[DERs/HomeLab|DER's HomeLab Documentation]]&lt;br&gt;<br /> <br /> <br /> [[DERs/Harbor|DER's Docker Repository Setup]] &lt;br&gt;<br /> [[DERs/DERS-DB|DER's MongoDB Documentation]]&lt;br&gt;<br /> [[DERs/DERS-DB1|DER's MySQL DB Documentation]]&lt;br&gt;<br /> [[DERs/PhotonOS|DER's PhotonOS Documentation]]&lt;br&gt;<br /> [[DERs/Docker|DER's Docker Documentation]]&lt;br&gt;<br /> [[DERs/DCOS|DER's DCOS Documentation]]&lt;br&gt;<br /> [[DERs/3D|DER's 3D Printer Documentation]]&lt;br&gt;<br /> [[DERs/MAC|DER's MAC Documentation]]&lt;br&gt;<br /> [[DERs/Horizon|DER's Horizon Documentation]]&lt;br&gt;<br /> [[DERs/Templates|DER's Template Documentation]]&lt;br&gt;<br /> [[DERs/vRA|DER's vRA 8 Documentation]]&lt;br&gt;<br /> [[DERs/K8s|DER's Kubernetes Documentation]]&lt;br&gt;<br /> <br /> <br /> <br /> <br /> <br /> &lt;HR&gt;<br /> <br /> ==DREN Documentation ==<br /> [[DREN|DREN Documentation]] &lt;BR&gt;<br /> &lt;HR&gt;<br /> ==DevNet Documentation ==<br /> [[DevNet| DevNet Documentation]] &lt;BR&gt;<br /> &lt;HR&gt;<br /> <br /> ==TDKC Documentation ==<br /> [[TDKC|TDKC Documentation]] &lt;BR&gt;<br /> &lt;HR&gt;<br /> ==VMware Documentation==<br /> [[VMware|VMware Documentation]] &lt;BR&gt;</div> Admin http://wiki.dersllc.com/index.php?title=VMware/VHA&diff=23 VMware/VHA 2023-06-02T19:10:04Z <p>Admin: Created page with &quot;= Health Analyzer = ===Vault Link=== https://vault.vmware.com/group/vault-main-library/healthanalyzer ===Registration Link=== https://pstoolhub.vmware.com/ === Registration Code for 5.4 === Registration Key: WG88IS9LJFA1KNYWUV Registration E-mail: droessner@vmware.com ===Support Information=== services-software-support@vmware.com = Issues and Fixes = ==Fails to collect Data from vCenter== ===Issue=== Unable to get progress information. See application logs for mor...&quot;</p> <hr /> <div>= Health Analyzer =<br /> ===Vault Link===<br /> https://vault.vmware.com/group/vault-main-library/healthanalyzer<br /> ===Registration Link===<br /> https://pstoolhub.vmware.com/<br /> === Registration Code for 5.4 ===<br /> Registration Key: WG88IS9LJFA1KNYWUV<br /> Registration E-mail: droessner@vmware.com<br /> ===Support Information===<br /> services-software-support@vmware.com<br /> <br /> = Issues and Fixes =<br /> ==Fails to collect Data from vCenter==<br /> ===Issue===<br /> Unable to get progress information. See application logs for more information. (Version 5.4)<br /> ===Fix===<br /> In general vHA tool is very memory hungry when analyzing big projects. You will need to increase the amount of RAM for the tool (if this is possible)<br /> <br /> Please follow this guide:<br /> <br /> If you use java version - <br /> <br /> For java app 64-bit JRE is recommended for large environments<br /> To change the amount of memory using the Java application<br /> 1. Stop the VMware HealthAnalyzer Java application.<br /> 2. Go to the directory where the VMware HealthAnalyzer Java application was unzipped.<br /> 3. Open &lt;vhalocation&gt;/resources/applicationContext.xml using a Text Editor (Notepad++ like app)<br /> 4. App Server: Locate vha-start section and change the value of Xmx1024m to Xmx2048m, and XX:MaxPermSize=256M to XX:MaxPermSize=512M<br /> &lt;util:map id=&quot;vha-start&quot; map-class=&quot;java.util.LinkedHashMap&quot;&gt;<br /> &lt;entry key=&quot;java&quot; value=&quot;&quot; /&gt;<br /> &lt;entry key=&quot;-Xmx2048m&quot; value=&quot;&quot; /&gt;<br /> &lt;entry key=&quot;-XX:MaxPermSize=512M&quot; value=&quot;&quot; /&gt;<br /> <br /> 5. DB Server: Locate basex-start section and change the value of Xmx1280m to Xmx2048m. Notice there is a new line added as well.<br /> <br /> &lt;util:map id=&quot;basex-start&quot; map-class=&quot;java.util.LinkedHashMap&quot;&gt;<br /> &lt;entry key=&quot;java&quot; value=&quot;&quot; /&gt;<br /> &lt;entry key=&quot;-Xmx2048m&quot; value=&quot;&quot; /&gt;<br /> &lt;entry key=&quot;-XX:MaxPermSize=512M&quot; value=&quot;&quot; /&gt; #new line<br /> <br /> 6. Start the VMware HealthAnalyzer Java application.<br /> <br /> -----------------------------------------<br /> <br /> To change the amount of Tomcat memory with a virtual appliance<br /> 1. Log in to the virtual appliance using the user root and password vmware.<br /> 2. Open the configuration file using vi or another text editor:<br /> vi /usr/share/vha/tomcat/conf/vha-tomcat-memory<br /> 3. Locate the default value of 2048 and change it to your desired value. This is the amount of memory allocated to Tomcat in megabytes.<br /> 4. To change the amount of database memory with a virtual appliance You have to edit basexserver configuration file<br /> /usr/share/vha/basex/bin/basexserver<br /> # Options for virtual machine<br /> VM=-Xmx2048m - change this to amount memory you have and want <br /> 5. Restart the appliance with the following command:<br /> shutdown –r now<br /> 6. You can confirm that the memory value changed by issuing the following command and reviewing the argument –Xmx .<br /> ps –ef | grep catalina and ps -ef | grep -i basex<br /> Default virtual appliance memory size is 1.5GB so it must be increased as well.<br /> <br /> If this did not work I have deployed one vHA instance in our vCenter with 8G for tomcat and 8G for database. You can access it on the following URL:<br /> <br /> http://10.26.226.213/vha/HealthAnalyzer.html#!explore<br /> (you must be in VMware VPN/network)<br /> You can use it as long as needed. Please let me know when You finish. Thank You<br /> <br /> Best regards,<br /> Anton Sabev<br /> Support Engineer, Field Tools<br /> sabeva@vmware.com</div> Admin http://wiki.dersllc.com/index.php?title=VMware/Horizon&diff=22 VMware/Horizon 2023-06-02T19:09:47Z <p>Admin: Created page with &quot;= Horizon = = Issues and Fixes = == Lotus Notes causes a Busy Cursor and not going away == ===Issue=== Lotus notes inside of the app stack or installed directly on the parent causes a busy cursor that does not go away. This may also only happen on the Blast client on high resolution clients. ===Fix=== Modify the pool and enable &quot;3D Rendering&quot; and set it to &quot;Auto&quot;. Then set the Video RAM (ex. 128). In the blast client set the preference to &quot;Low Resolution Mode&quot;.&quot;</p> <hr /> <div>= Horizon =<br /> = Issues and Fixes =<br /> <br /> == Lotus Notes causes a Busy Cursor and not going away ==<br /> ===Issue===<br /> Lotus notes inside of the app stack or installed directly on the parent causes a busy cursor that does not go away. This may also only happen on the Blast client on high resolution clients. <br /> ===Fix===<br /> Modify the pool and enable &quot;3D Rendering&quot; and set it to &quot;Auto&quot;. Then set the Video RAM (ex. 128). In the blast client set the preference to &quot;Low Resolution Mode&quot;.</div> Admin http://wiki.dersllc.com/index.php?title=VMware/ESXi&diff=21 VMware/ESXi 2023-06-02T19:09:25Z <p>Admin: Created page with &quot;= ESXi = = Issues and Fixes = ==HPE Proliant G7 Servers and vSphere 6.5 Purple Screen of Death== ===Issue=== PSOD: PF Exception 14 in world 67667:sfcb-smx IP 0x0 addr 0x0 ===Fix=== https://www.virtualmvp.com/hpe-proliant-g7-servers-and-vsphere-6-5-purple-screen-of-death/ == NSX-T Filling up Scratch space == ===Fix=== * SSH as root to ESXi Server and run the following commands: chmod +t /etc/rc.local echo &quot;&quot; &gt;&gt; /etc/rc.local echo &quot;chmod +t /etc/vmware/nsx-ops...&quot;</p> <hr /> <div>= ESXi =<br /> = Issues and Fixes =<br /> ==HPE Proliant G7 Servers and vSphere 6.5 Purple Screen of Death==<br /> ===Issue===<br /> PSOD: PF Exception 14 in world 67667:sfcb-smx IP 0x0 addr 0x0<br /> <br /> ===Fix===<br /> https://www.virtualmvp.com/hpe-proliant-g7-servers-and-vsphere-6-5-purple-screen-of-death/<br /> <br /> <br /> == NSX-T Filling up Scratch space ==<br /> ===Fix===<br /> * SSH as root to ESXi Server and run the following commands:<br /> <br /> chmod +t /etc/rc.local<br /> <br /> echo &quot;&quot; &gt;&gt; /etc/rc.local<br /> <br /> echo &quot;chmod +t /etc/vmware/nsx-opsagent/nsx-opsAgent.xml&quot; &gt;&gt; /etc/rc.local<br /> <br /> echo &quot;sed -i 's/&lt;max_size&gt;40 MiB&lt;\/max_size&gt;/&lt;max_size&gt;40 MiB&lt;\/max_size&gt;/' /etc/vmware/nsx-opsagent/nsx-opsAgent.xml&quot; &gt;&gt; /etc/rc.local<br /> <br /> echo &quot;sed -i 's/&lt;max_files&gt;2&lt;\/max_files&gt;/&lt;max_files&gt;2&lt;\/max_files&gt;/' /etc/vmware/nsx-opsagent/nsx-opsAgent.xml&quot; &gt;&gt; /etc/rc.local<br /> <br /> echo &quot;sed -i 's/&lt;max_size&gt;20 MiB&lt;\/max_size&gt;/&lt;max_size&gt;40 MiB&lt;\/max_size&gt;/' /etc/vmware/nsx-opsagent/nsx-opsAgent.xml&quot; &gt;&gt; /etc/rc.local<br /> <br /> echo &quot;chmod -t /etc/vmware/nsx-opsagent/nsx-opsAgent.xml&quot; &gt;&gt; /etc/rc.local<br /> <br /> echo &quot;/etc/init.d/nsx-opsagent restart&quot; &gt;&gt; /etc/rc.local<br /> <br /> chmod -t /etc/rc.local<br /> <br /> /etc/rc.local</div> Admin http://wiki.dersllc.com/index.php?title=VMware/GITLAB&diff=20 VMware/GITLAB 2023-06-02T19:09:03Z <p>Admin: Created page with &quot;= Setting up GITLAB with SSO = 1. vi /etc/gitlab/gitlab.rb gitlab_rails[&#039;omniauth_enabled&#039;] = true gitlab_rails[&#039;omniauth_allow_single_sign_on&#039;] = [&#039;saml&#039;] gitlab_rails[&#039;omniauth_sync_email_from_provider&#039;] = &#039;saml&#039; gitlab_rails[&#039;omniauth_sync_profile_from_provider&#039;] = [&#039;saml&#039;] gitlab_rails[&#039;omniauth_sync_profile_attributes&#039;] = [&#039;email&#039;] gitlab_rails[&#039;omniauth_auto_sign_in_with_provider&#039;] = &#039;saml&#039; gitlab_rails[&#039;omniauth_block_auto_created_users&#039;] = false #gitlab_r...&quot;</p> <hr /> <div>= Setting up GITLAB with SSO =<br /> 1. vi /etc/gitlab/gitlab.rb<br /> gitlab_rails['omniauth_enabled'] = true<br /> gitlab_rails['omniauth_allow_single_sign_on'] = ['saml']<br /> gitlab_rails['omniauth_sync_email_from_provider'] = 'saml'<br /> gitlab_rails['omniauth_sync_profile_from_provider'] = ['saml']<br /> gitlab_rails['omniauth_sync_profile_attributes'] = ['email']<br /> gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'saml'<br /> gitlab_rails['omniauth_block_auto_created_users'] = false<br /> #gitlab_rails['omniauth_auto_link_ldap_user'] = true <br /> gitlab_rails['omniauth_auto_link_saml_user'] = true<br /> #gitlab_rails['omniauth_external_providers'] = ['twitter', 'google_oauth2']<br /> #gitlab_rails['omniauth_allow_bypass_two_factor'] = ['google_oauth2']<br /> gitlab_rails['omniauth_providers'] = [<br /> {<br /> &quot;name&quot; =&gt; &quot;saml&quot;,<br /> &quot;args&quot; =&gt; {<br /> assertion_consumer_service_url: 'https://gitlab.dersllc.com/users/auth/saml/callback',<br /> idp_cert: '-----BEGIN CERTIFICATE-----<br /> MIIEDTCCAnWgAwIBAgIFX8pgs88wDQYJKoZIhvcNAQELBQAwPzEgMB4GA1UEAwwX<br /> Vk13YXJlIElkZW50aXR5IE1hbmFnZXIxDjAMBgNVBAoMBUxPR0lOMQswCQYDVQQG<br /> EwJVUzAeFw0yMDA3MDgwMDMzMDBaFw0zMDA3MDYwMDMzMDBaMD8xIDAeBgNVBAMM<br /> F1ZNd2FyZSBJZGVudGl0eSBNYW5hZ2VyMQ4wDAYDVQQKDAVMT0dJTjELMAkGA1UE<br /> BhMCVVMwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCu3PrucCHvTQhQ<br /> +g/dd3t6rNwnCsq7EEZQLgj+kv3yVaBTUvlnmxALR0jR+oHKtg3/ZRvX2R82zUyW<br /> LSe3rtxyg9iQx/0oFXjIaK65/f1KsQWrHW4knXfwf/81k1sx14DVFoF953w7jKOf<br /> N9lcOMEnWD6Oi9tF1hQ/5imW1359uL0DzOVD+OOd94fkhU+yNmH6Ag+D+YTcKUt8<br /> pdkiYLw0vMqVAU6Qh47SJrd5p2HogcibxLPm4SCJ5efui1lEWjZ3MhrKrikc5ghv<br /> 4AuCbt16QADHXIo+xWgpULM1LR6uDYPkELSJXqL9ME16B640u5V82U8co1JdBxe7<br /> 80pXCRky5gIP7iefefqaY5UpZUmr9AhCzMzZ0H17h1F52mIyOD83ZbonNqnCcSWB<br /> fWL/cHt7siCMvuj9OVgzHDoDrHVOCoyMJrI6jBYvTmx4kMYaycRdNdFUlcle87L6<br /> KCGqi4Nj/NOnkJ3hnSiJdbqZhGpbBRDUqsPexWoZtrUBTtybDe8CAwEAAaMQMA4w<br /> DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAYEAdDeWzbXO7TAtOi42HAZK<br /> MW02hzqH1DbIghb0rmRQPpQmAEb5lxVW/Ly9M+HJEjiSqW8NZKdBBEtQYb5Uzuy0<br /> StNIrRTDZ5u1z0B8PbY4Jh7JVaxHWOLF3PU9r26NkRIV6ze4J+J1PuPbriZ+iWyM<br /> fU68tLee8E2Nru0FJ58ArZ+9OsREJ6ym9ic2URDqFedNncJlXhDbteiAIcxZU+JO<br /> C5zWOGsXUvIz76azxjC1rT1R+zkB7JwoTDHYIczQu2tHjiXmNyIdw98Ykc0B4o03<br /> 2in+EqQwNli23A3MtMz2SCCoqGVyJB+kQb/DYxKqq3JEizOJ9nitxuneHoHaf/EL<br /> wnXW6KagH+Ag60E1XKnf/T3qURmL4/gJTfHln9h68X/cYrGS/+1tjson1GFpzDGe<br /> dBVmEA4UiiOObeKUywIWitaNazwpvjhg+2QZX3lCW8cm0d2FN5QxVBFscc7wsbim<br /> 3x6WNVCqYPZgcWzo1WDw9uhNnI5nTXIgdSwo9PyGvAVC<br /> -----END CERTIFICATE-----',<br /> idp_sso_target_url: 'https://login.dersllc.com/SAAS/auth/federation/sso',<br /> issuer: 'ders-gitlab',<br /> name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent'<br /> },<br /> label: 'DERs Login'<br /> }<br /> ]<br /> <br /> * Go to vIDM administrative Console<br /> * Go to Catalog Tab -&gt; Web Apps<br /> * Click the Settings Button.<br /> * Go to the SAML Metadata Tab.<br /> * Copy the Signing Certificate and paste it in the idp_cert section of the gitlab.rb file.<br /> * Click the Identity Provider (IdP) metadata Link.<br /> * Find the following location in the metadata<br /> &lt;md:SingleSignOnService Binding=&quot;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect&quot; <br /> Location=&quot;https://login.dersllc.com/SAAS/auth/federation/sso&quot;/&gt;<br /> * Copy the Location URL: https://login.dersllc.com/SAAS/auth/federation/sso and paste it in the idp_sso_target_url section of the gitlab.rb file.<br /> * Set the Issuer as a friendly name for your gitlab sevrer.<br /> * set the assertion_consumer_service_url to 'https://&lt;gitlab_URL&gt;/users/auth/saml/callback'<br /> * Set the label as a friendly name for the button on the sign-on page.<br /> * Save and Exit the gitlab.rb file. <br /> * Run the reconfigure command.<br /> gitlab-ctl reconfigure<br /> * After this is complete. Go back to the vIDM Administrative Console.<br /> * Go to Catalog Tab -&gt; Web Apps<br /> * Click the New button.<br /> * Create a name for the App and click next.<br /> * make sure the Authentication Type is set to SAML 2.0<br /> * On the gitlab server run the following to get the metadata xml for the gitlab server.<br /> curl --insecure https://gitlab.dersllc.com/users/auth/saml/metadata<br /> * Copy the output and paste it into the URL/XML: section of the new app form.<br /> * Click Next and Save &amp; Assign. <br /> * Assign users to the App and attempt to login!</div> Admin http://wiki.dersllc.com/index.php?title=VMware/Converter&diff=19 VMware/Converter 2023-06-02T19:08:39Z <p>Admin: Created page with &quot;= vCenter Converter Standalone = == Installing vCenter Converter Standalone == == Troubleshooting Errors == === After the Conversion === &#039;&#039;&#039;Error:&#039;&#039;&#039; error: can&#039;t find command &#039;:&#039; &#039;&#039;&#039;Solution:&#039;&#039;&#039; 1. Boot the server 2. Login as Root 3. run the following command: sed -i &#039;s/:\ #/#/g&#039; /boot/grub2/grub.cfg &#039;&#039;&#039;Reference:&#039;&#039;&#039; https://communities.vmware.com/thread/590670 === Before the Conversion === &#039;&#039;&#039;Error:&#039;&#039;&#039; unable to query the live source machine &#039;&#039;&#039;Solution...&quot;</p> <hr /> <div>= vCenter Converter Standalone =<br /> == Installing vCenter Converter Standalone ==<br /> == Troubleshooting Errors ==<br /> === After the Conversion === <br /> '''Error:'''<br /> error: can't find command ':'<br /> '''Solution:'''<br /> 1. Boot the server<br /> 2. Login as Root<br /> 3. run the following command:<br /> sed -i 's/:\ #/#/g' /boot/grub2/grub.cfg<br /> '''Reference:'''<br /> https://communities.vmware.com/thread/590670<br /> <br /> === Before the Conversion === <br /> '''Error:'''<br /> unable to query the live source machine<br /> '''Solution:'''<br /> 1. Make sure you do not have any drives double mounted. <br /> 2. Also Turn off Docker.<br /> systemctl stop docker<br /> '''Reference:'''<br /> https://community.spiceworks.com/topic/2209325-unable-to-query-the-live-source-machine-in-p2v-convert<br /> https://communities.vmware.com/thread/597168<br /> <br /> ------------------------------------------------------------------------------------------------------<br /> '''Error:'''<br /> Unable to find supported boot loader<br /> '''Solution:'''<br /> <br /> '''Reference:'''<br /> https://communities.vmware.com/thread/520440<br /> https://www.rit.edu/researchcomputing/instructions/Clearing-the-known_hosts-SSH-File<br /> ---------------------------------------------------<br /> == Reference Documentation ==<br /> https://kb.vmware.com/s/article/1010056<br /> <br /> https://kb.vmware.com/s/article/1004588<br /> <br /> https://kb.vmware.com/s/article/1010633</div> Admin http://wiki.dersllc.com/index.php?title=VMware/FedContacts&diff=18 VMware/FedContacts 2023-06-02T19:08:19Z <p>Admin: Created page with &quot;= Federal Contacts = == Education == Richard Covel&quot;</p> <hr /> <div>= Federal Contacts =<br /> == Education ==<br /> Richard Covel</div> Admin http://wiki.dersllc.com/index.php?title=VMware/vIDM&diff=17 VMware/vIDM 2023-06-02T19:07:51Z <p>Admin: Created page with &quot;===Configure ADFS and vIDM === https://jadijkstra.nl/2017/12/12/vmware-idm-3-0-with-adfs-3-0-single-sign-on-to-portal-configuration/&quot;</p> <hr /> <div>===Configure ADFS and vIDM ===<br /> https://jadijkstra.nl/2017/12/12/vmware-idm-3-0-with-adfs-3-0-single-sign-on-to-portal-configuration/</div> Admin http://wiki.dersllc.com/index.php?title=VMware/PowerCLI_Scripts&diff=16 VMware/PowerCLI Scripts 2023-06-02T19:07:28Z <p>Admin: Created page with &quot;=PowerCLI Scripts= ===PowerCLI on MAC=== *Install Docker engine https://docs.docker.com/docker-for-mac/install/ https://docs.docker.com/engine/installation/linux/docker-ce/centos/ *Pull the powerclicore container docker pull vmware/powerclicore *Run the powerclicore container docker run --rm -it vmware/powerclicore ===Find the Total number of Virtual CPU&#039;s per vCenter Server=== Connect-VIServer -Server &lt;VCENTER_SERVER&gt; -Protocol https -User &lt;ADMIN_USER&gt; -Password...&quot;</p> <hr /> <div>=PowerCLI Scripts=<br /> <br /> ===PowerCLI on MAC===<br /> *Install Docker engine<br /> https://docs.docker.com/docker-for-mac/install/<br /> https://docs.docker.com/engine/installation/linux/docker-ce/centos/<br /> *Pull the powerclicore container<br /> docker pull vmware/powerclicore<br /> *Run the powerclicore container<br /> docker run --rm -it vmware/powerclicore<br /> <br /> ===Find the Total number of Virtual CPU's per vCenter Server===<br /> Connect-VIServer -Server &lt;VCENTER_SERVER&gt; -Protocol https -User &lt;ADMIN_USER&gt; -Password &lt;PASS&gt;<br /> $Total_vCPU = 0 <br /> ForEach ($VM in (Get-VM)){<br /> If (($VM).PowerState -eq &quot;PoweredOn&quot;){<br /> $Total_vCPU += ($VM).NumCpu<br /> }<br /> } <br /> Write-Host “Total number of Virtual CPU’s: “$Total_vCPU<br /> <br /> ===Find the Total number of Physical CPU's per vCenter Server===<br /> Connect-VIServer -Server &lt;VCENTER_SERVER&gt; -Protocol https -User &lt;ADMIN_USER&gt; -Password &lt;PASS&gt;<br /> $Total_pCPU = 0<br /> ForEach ($VMHOST in (Get-VMHOST)){<br /> If (($VMHOST).PowerState -eq &quot;PoweredOn&quot;){<br /> $Total_pCPU += ($VMHOST).NumCpu<br /> }<br /> }<br /> Write-Host “Total number of Physical CPU’s: “$Total_pCPU</div> Admin http://wiki.dersllc.com/index.php?title=VMware/Product_Contacts&diff=15 VMware/Product Contacts 2023-06-02T19:07:02Z <p>Admin: Created page with &quot;= App Defense = Not Urgent: * appdefense-help@vmware.com * https://vmware-com.socialcast.com/groups/310417-appdefense Urgent: * Chris Corde, Sr. Director Product Management, ccorde@vmware.com * Vijay Ganti, Director Product Management, vganti@vmware.com = Wavefront = Not Urgent: * wavefront@vmware.com * https://vmware-com.socialcast.com/groups/187508-wavefrontgroup Urgent: * Bill Roth, Director, Demand Gen Marketing, broth@vmware.com, (650) 427-5756&quot;</p> <hr /> <div>= App Defense =<br /> Not Urgent: <br /> * appdefense-help@vmware.com<br /> * https://vmware-com.socialcast.com/groups/310417-appdefense<br /> Urgent:<br /> * Chris Corde, Sr. Director Product Management, ccorde@vmware.com<br /> * Vijay Ganti, Director Product Management, vganti@vmware.com<br /> <br /> = Wavefront =<br /> Not Urgent: <br /> * wavefront@vmware.com<br /> * https://vmware-com.socialcast.com/groups/187508-wavefrontgroup<br /> Urgent: <br /> * Bill Roth, Director, Demand Gen Marketing, broth@vmware.com, (650) 427-5756</div> Admin http://wiki.dersllc.com/index.php?title=VMware/Contacts&diff=14 VMware/Contacts 2023-06-02T19:06:35Z <p>Admin: Created page with &quot;= Product Specialists = ==== vSphere Certificates ==== * Sujish Suresh Kumar (GSS)(India) === vRealize Automation=== * Chris Kuum (Broomfield TSE) * Arash Rakeen (Broomfield TSE Premier Services) Helpful!!! * Adnan Bhatti (Cork TSE) * Sean Jones * David Stockland ==== Licensing ==== *Krista Squires (IB Services)(Austin, TX) *Ameena Sultana (GSS)(India) *Jose Garcia Rojas License Escalations Rep *EPP (Tokens) Manager jdangi@vmware.com Goes by JD *EPP (Tokens) Worker Be...&quot;</p> <hr /> <div>= Product Specialists =<br /> ==== vSphere Certificates ====<br /> * Sujish Suresh Kumar (GSS)(India)<br /> === vRealize Automation===<br /> * Chris Kuum (Broomfield TSE)<br /> * Arash Rakeen (Broomfield TSE Premier Services) Helpful!!!<br /> * Adnan Bhatti (Cork TSE)<br /> * Sean Jones<br /> * David Stockland<br /> <br /> <br /> ==== Licensing ====<br /> *Krista Squires (IB Services)(Austin, TX)<br /> *Ameena Sultana (GSS)(India)<br /> *Jose Garcia Rojas License Escalations Rep<br /> *EPP (Tokens) Manager jdangi@vmware.com Goes by JD<br /> *EPP (Tokens) Worker Bee shandigund@vmware.com<br /> <br /> *SPP@vmware.com, HPP@vmware.com, EPP@vmware.com are aliases for anything license related. Just like there is a support-escalations alias for hot SR's I just found out we have a similar alias for licensing issues. licensing-escalations@vmware.com<br /> <br /> ====vRealize Business for Cloud Advanced====<br /> *Jay Weber (TSE Broomfield)<br /> *Mandip Gill (TSE Broomfield)<br /> ====vCloud Director====<br /> *Dave Achten (Todd Hansz equivalent for vCD)<br /> *Zach Brown (Good Dude)<br /> *Tommy Lightfoot<br /> <br /> ====vRealize Life Cycle Manager====<br /> *Jimmy Alvarez (Worthless but Tech Marketing POC)<br /> *Jay Weber (TSE Broomfield)<br /> ====Networking====<br /> *Kiwi Ssennyonjo (TSE Home Office Canada)<br /> *Daniel Backhaus<br /> ====NSX====<br /> *Todd Hansz (Broomfield EE) (NSX God)<br /> *Daryl Marcus (Broomfield Staff EE)<br /> *Jeff Wholey (Broomfield EE)<br /> *Andrew George (Broomfield TSE)<br /> ====HCX====<br /> *Brian McGhie (Broomfield TSE)<br /> *Daryl Allen (Broomfield TSE)<br /> *Jamey Holbrook (Atlanta HCX SE)<br /> <br /> ====Network Insight====<br /> *Trey Tyler<br /> ==== vRealize Operations ====<br /> *Neeraj Gandhi (PSO)(Maryland)<br /> *Kyle Pittman<br /> *Kelly Bryan<br /> *Kyle Jett<br /> <br /> ==== EUC ====<br /> *Jason Misleh (TAM)(Michigan)<br /> *Bob Johnston (TAM)(Michigan)<br /> *Scott McDermott (TSE Broomfield)<br /> ====Orchestrator====<br /> *Justin Dowe (TSE Broomfield)<br /> *Galina Kostova (Product Manager)<br /> *Adam Frost (Really knows his shit)<br /> <br /> ====Site Recovery Manager-vSphere Replication====<br /> *Corey Cogan (TSE Broomfield)<br /> *Stephen Van Siclen<br /> *Thomas Simpson<br /> <br /> ====vSphere Integrated Containers====<br /> *Jonathan Wilk (Cork Senior TSE)<br /> *Melissa O-Sullivan (Cork Senior TSE)<br /> *Daniel Cerne (Cork Senior TSE)<br /> <br /> <br /> <br /> ====Update Manager====<br /> *Don Bessee (TSE Broomfield)<br /> *Andrew Stiff (TSE Broomfield)<br /> ====vSAN====<br /> *Jesse Horne (TSE Broomfield) Rock Star<br /> ====Sys-Ops====<br /> *Chris Griffis<br /> *Matt Griffin<br /> *Keenan Matheny (TSE Broomfield) Rock Star<br /> <br /> *From Global Connect use gss.vmware.com as search engine for problems....better than ikb.vmware.com.<br /> ====SDK Support====<br /> *Duncan Upton<br /> <br /> ====GS Lightning-SalesForce Administration Support=====<br /> *Ramesh Anthati<br /> <br /> ====WS1 Support====<br /> *Aimee Goncalves<br /> <br /> = GSS Managers =<br /> * Bambie Ransdell (Broomfield)<br /> * Sudipta Chakraborty (India)<br /> * Timothy Reimer (Broomfield Weekend Duty Manager) Solid Dude <br /> * Megan Coppin (Leads America Premier Support)<br /> * Victor Perez (Director....Leads Escalations with Engineering-Broomfield)<br /> * Paul Walsh (EMEA REM)<br /> * Kalidas Chakravarthy G (APJ REM)<br /> * Solomon Fadese (AMER REM)<br /> * Paul Clark (REM and over Seal Team 6 SA's)<br /> * Seena Rehman (REM)</div> Admin http://wiki.dersllc.com/index.php?title=VMware/ovftool&diff=13 VMware/ovftool 2023-06-02T19:06:15Z <p>Admin: Created page with &quot;= Build OVFTOOL Docker = == 1. Download OVFTOOL from My VMware == == 2. Create Dockerfile == FROM ubuntu:20.04 LABEL MAINTAINER &quot;Daniel Roessner&quot; # Suppress warning about UTF-8 ENV LC_CTYPE=POSIX ENV OVFTOOL_FILENAME=VMware-ovftool-4.4.2-17901668-lin.x86_64.bundle ADD $OVFTOOL_FILENAME /tmp/ WORKDIR /root RUN /bin/sh /tmp/$OVFTOOL_FILENAME --console --required --eulas-agreed &amp;&amp; \ rm -f /tmp/$OVFTOOL_FILENAME ENTRYPOINT [&quot;ovftool&quot;] == 3. Build t...&quot;</p> <hr /> <div>= Build OVFTOOL Docker =<br /> <br /> == 1. Download OVFTOOL from My VMware ==<br /> <br /> == 2. Create Dockerfile ==<br /> FROM ubuntu:20.04<br /> LABEL MAINTAINER &quot;Daniel Roessner&quot;<br /> <br /> # Suppress warning about UTF-8<br /> ENV LC_CTYPE=POSIX<br /> ENV OVFTOOL_FILENAME=VMware-ovftool-4.4.2-17901668-lin.x86_64.bundle<br /> <br /> ADD $OVFTOOL_FILENAME /tmp/<br /> <br /> WORKDIR /root<br /> <br /> RUN /bin/sh /tmp/$OVFTOOL_FILENAME --console --required --eulas-agreed &amp;&amp; \<br /> rm -f /tmp/$OVFTOOL_FILENAME<br /> <br /> ENTRYPOINT [&quot;ovftool&quot;]<br /> <br /> == 3. Build the Container ==<br /> <br /> #ON PLEX SERVER<br /> cd /nfs/Download<br /> mkdir ovftool<br /> cd ovftool <br /> mv ../VMware-ovftool-4.4.2-17901668-lin.x86_64.bundle .<br /> vi Dockerfile<br /> docker build -t harbor.dersllc.com/ders/ovftool:4.4.2 -t harbor.dersllc.com/ders/ovftool:latest .<br /> docker push harbor.dersllc.com/ders/ovftool:4.4.2<br /> docker push harbor.dersllc.com/ders/ovftool:latest<br /> <br /> == 4. Run Container ==<br /> cd /nfs/DERs_Drive/Scripts/nested_vsphere_8/<br /> docker run --rm -it -v $(pwd):/tmp harbor.dersllc.com/ders/ovftool:latest --schemaValidate /tmp/Nested_ESXi8.0a_Appliance_Template_v1.ova</div> Admin http://wiki.dersllc.com/index.php?title=VMware/vSphereNested&diff=12 VMware/vSphereNested 2023-06-02T19:05:38Z <p>Admin: Created page with &quot;https://williamlam.com/nested-virtualization/nested-esxi-virtual-appliance&quot;</p> <hr /> <div>https://williamlam.com/nested-virtualization/nested-esxi-virtual-appliance</div> Admin http://wiki.dersllc.com/index.php?title=VMware/k8s&diff=11 VMware/k8s 2023-06-02T19:05:15Z <p>Admin: Created page with &quot;= General Kubernetes Documentation = == Setup Artifactory Proxy to GCR == https://jfrog.com/knowledge-base/artifactory-how-to-proxy-a-google-container-registry-gcr/#:~:text=ARTIFACTORY%3A%20How%20to%20proxy%20a%20Google%20Container%20Registry%20(GCR)%3F,-Elina%20Floim&amp;text=Google%20offers%20the%20https%3A%2F%2F,according%20to%20the%20needed%20endpoint.&amp;text=Click%20on%20%E2%80%9CADD%20KEY%E2%80%9D%2C,file%20in%20an%20accessible%20location. == Setup GCR.IO Registry == 1...&quot;</p> <hr /> <div>= General Kubernetes Documentation =<br /> == Setup Artifactory Proxy to GCR ==<br /> https://jfrog.com/knowledge-base/artifactory-how-to-proxy-a-google-container-registry-gcr/#:~:text=ARTIFACTORY%3A%20How%20to%20proxy%20a%20Google%20Container%20Registry%20(GCR)%3F,-Elina%20Floim&amp;text=Google%20offers%20the%20https%3A%2F%2F,according%20to%20the%20needed%20endpoint.&amp;text=Click%20on%20%E2%80%9CADD%20KEY%E2%80%9D%2C,file%20in%20an%20accessible%20location.<br /> <br /> == Setup GCR.IO Registry ==<br /> 1. Enable Google Container Registry<br /> <br /> 2. Setup Service Account via IAM Console. https://console.cloud.google.com/iam-admin/serviceaccounts &lt;br&gt;<br /> 3. Create a Key for the Service Account (JSON) and download the JSON file. &lt;br&gt;<br /> 4. Transfer the JSON file to the JUMPBOX. &lt;br&gt;<br /> 5. Log into GCR via docker.<br /> docker login -u _json_key --password-stdin https://gcr.io &lt; {{highlight|keyfile.json}}<br /> 6. Push image to GCR.IO <br /> docker pull gcr.io/kuar-demo/kuard-amd64:blue<br /> docker tag gcr.io/kuar-demo/kuard-amd64:blue gcr.io/{{highlight|&lt;GCR PROJECT&gt;}}/kuard:latest<br /> docker push gcr.io/{{highlight|&lt;GCR PROJECT&gt;}}/kuard:latest<br /> 7. Create docker Registry Secret<br /> kubectl create secret docker-registry gcr-json-key \<br /> --docker-server=gcr.io \<br /> --docker-username=_json_key \<br /> --docker-password=&quot;$(cat ~/{{highlight|keyfile.json}})&quot; \<br /> --docker-email={{highlight|&lt;valid-email&gt;}}<br /> 8. Set Default K8s Service Account to use the registry secret<br /> kubectl patch serviceaccount default \<br /> -p '{&quot;imagePullSecrets&quot;: [{&quot;name&quot;: &quot;gcr-json-key&quot;}]}'<br /> 9. Create the KUARD deployment YAML<br /> cat &lt;&lt;EOF &gt; kuard-deployment-gcr.yaml<br /> apiVersion: apps/v1<br /> kind: Deployment<br /> metadata:<br /> name: kuard-deployment<br /> labels:<br /> app: kuard<br /> spec:<br /> replicas: 3<br /> selector:<br /> matchLabels:<br /> app: kuard<br /> template:<br /> metadata:<br /> labels:<br /> app: kuard<br /> spec:<br /> imagePullSecrets:<br /> - name: regcred<br /> containers:<br /> - image: gcr.io/{{highlight|&lt;GCR PROJECT&gt;}}/kuard:latest<br /> name: kuard<br /> ports:<br /> - containerPort: 8080<br /> name: http<br /> ---<br /> apiVersion: v1<br /> kind: Service<br /> metadata:<br /> name: kuard-service<br /> spec:<br /> type: LoadBalancer<br /> selector:<br /> app: kuard<br /> ports:<br /> - port: 80<br /> targetPort: 8080<br /> EOF<br /> 10. Deploy the KUARD Deployment.<br /> kubectl apply -f kuard-deployment-gcr.yaml<br /> 11. Check that the containers are up and running.<br /> kubectl get pods<br /> 12. Get the External Service IP that will be hosting KUARD.<br /> kubectl get service kuard-service<br /> 13. Test that you can access the KUARD URL from a Web Browser<br /> http://{{highlight|&lt;EXTERNAL-IP&gt;}}</div> Admin