Register an server deployment to Satellite 6

#!/bin/bash
#
# Register an server deployment to Satellite 6
# You will need to substitute the appropriate exports
# SAT6_SERVER - the FQDN of your Satellite 6 server
# SAT_ORG - the organisation that you wish the system to join
# SAT_ACT_KEY - the activation key created on the Sat6 System. This will specify the repos that are available.
#    ***NOTE: ensure that the appropiate rh-common-rpms repo is enabled for each SAT_ACT_KEY referenced below
#    ALSO: remember to attach a reasonable buffer of physical keys to this for now. Once registered, change the sub. This will be fixed.
#
# Once this is hooked up to Sat6, we can use puppet to do the rest of the config management.

SAT6_SERVER=satellite.example.com

if cat /etc/redhat-release | grep -i "release 7"
then
    RHEL_VER=7   
    SAT_ORG=example  
    SAT_ACT_KEY=rhel-7-server-x86
    KAT_AGT_REPO=rhel-7-server-rh-common-rpms
    PUPPET_ENV=production

elif cat /etc/redhat-release | grep -i "release 6"
then
    RHEL_VER=6
    SAT_ORG=PTC
    SAT_ACT_KEY=rhel-6-server-x86_ #remember to attach a reasonable buffer of physical keys to this for now. Once register, change the sub.
    KAT_AGT_REPO=rhel-6-server-rh-common-rpms
    PUPPET_ENV=production
else
    echo "Not a supported redhat release for this repo set. Please add the appropriate repos and retry."
    exit
fi

export SAT6_SERVER RHEL_VER SAT_ORG SAT_ACT_KEY KAT_AGT_REPO
echo ""
echo "**************************************************************"
echo "Installing Agents and registering to Satellite $SAT6_SERVER "
echo "for OS RHEL $RHEL_VER"
echo "in organization $SAT_ORG"
echo "with Activation Key $SAT_ACT_KEY"
echo "**************************************************************"
echo ""

rm -f /etc/sysconfig/rhn/systemid
yum -y localinstall http://$SAT6_SERVER/pub/katello-ca-consumer-$SAT6_SERVER-1.0-1.noarch.rpm
subscription-manager register --org=$SAT_ORG --activationkey=$SAT_ACT_KEY
subscription-manager attach --auto
subscription-manager repos --enable  $KAT_AGT_REPO
subscription-manager refresh

echo ""
echo "Cleaning existing repositories"
yum clean all
echo ""
echo "Installing katello and puppet agents"
yum -y install katello-agent puppet

echo ""
echo "Setting up a basic puppet.conf file to match the server"
echo ""
# the certificate will be generated when the client first connects

export PUPPET_CONF=/etc/puppet/puppet.conf

grep -q "server\s*=" $PUPPET_CONF && sed -i "s/server\s*=.*/server    = $SAT6_SERVER/" $PUPPET_CONF || sed -i "$ a\    server    = $SAT6_SERVER" $PUPPET_CONF
grep "server\s*=" $PUPPET_CONF

grep -q "certname\s*=" $PUPPET_CONF && sed -i "s/certname\s*=.*/certname    = $HOSTNAME/" $PUPPET_CONF || sed -i "$ a\    certname    = $HOSTNAME" $PUPPET_CONF
grep "certname\s*=" $PUPPET_CONF

grep -q "environment\s*=" $PUPPET_CONF && sed -i "s/environment\s*=.*/environment    = $PUPPET_ENV/" $PUPPET_CONF || sed -i "$ a\    environment    = $PUPPET_ENV" $PUPPET_CONF
grep "environment\s*=" $PUPPET_CONF

grep -q "report\s*=" $PUPPET_CONF && sed -i 's/report\s*=.*/report    = true/' $PUPPET_CONF || sed -i '$ a\    report    = true' $PUPPET_CONF
grep "report\s*=" $PUPPET_CONF

grep -q "pluginsync\s*=" $PUPPET_CONF && sed -i 's/pluginsync\s*=.*/pluginsync    = true/' $PUPPET_CONF || sed -i '$ a\    pluginsync    = true' $PUPPET_CONF
grep "pluginsync\s*=" $PUPPET_CONF

grep -q "masterport\s*=" $PUPPET_CONF && sed -i 's/masterport\s*=.*/masterport    = 8140/' $PUPPET_CONF || sed -i '$ a\    masterport    = 8140' $PUPPET_CONF
grep "masterport\s*=" $PUPPET_CONF

grep -q "listen\s*=" $PUPPET_CONF && sed -i 's/listen\s*=.*/listen        = false/' $PUPPET_CONF || sed -i '$ a\    listen        = false' $PUPPET_CONF
grep "listen\s*=" $PUPPET_CONF

grep -q "splay\s*=" $PUPPET_CONF && sed -i 's/splay\s*=.*/splay         = false/' $PUPPET_CONF || sed -i '$ a\    splay         = false' $PUPPET_CONF
grep "splay\s*=" $PUPPET_CONF

grep -q "runinterval\s*=" $PUPPET_CONF && sed -i 's/runinterval\s*=.*/runinterval   = 1800/' $PUPPET_CONF || sed -i '$ a\    runinterval   = 1800' $PUPPET_CONF
grep "runinterval\s*=" $PUPPET_CONF

grep -q "noop\s*=" $PUPPET_CONF && sed -i 's/noop\s*=.*/noop          = false/' $PUPPET_CONF || sed -i '$ a\    noop          = false' $PUPPET_CONF
grep -q "noop\s*=" $PUPPET_CONF

grep -q "configtimeout\s*=" $PUPPET_CONF && sed -i 's/configtimeout\s*=.*/configtimeout = 120/' $PUPPET_CONF || sed -i '$ a\    configtimeout = 120' $PUPPET_CONF
grep "configtimeout\s*=" $PUPPET_CONF

echo ""

if [ "$RHEL_VER" = "7" ]
then
    systemctl enable goferd
    systemctl restart goferd   
    systemctl enable puppet
    systemctl restart puppet
else
    chkconfig goferd on
    service goferd restart
    chkconfig puppet on
    service puppet restart
fi

echo ""
echo "Connecting to Puppet Master"
puppet agent --waitforcert ca --test

echo ""
echo "Registration complete."

# TODO: make a REST call to Satellite to associate the VM
echo "If this is a virtual system, please associate the VM under Infrastructure -> Compute Resources in Satellite."
echo "Done."

Comments

Post a Comment

Popular posts from this blog

How to clean all the foreman task and locked task

1.- First make su to postgres user su -s /bin/bash - postgres  2.-Execute psql psql  3.- connect to the foreman database \c foreman;  4.- Delete all the foreman task and foreman task locks delete from foreman_tasks_tasks;  delete from foreman_tasks_locks;  5.- Quit from postgres and exit \q  exit  6. Restart all the services for s in {qpidd,pulp_celerybeat,pulp_ resource_manager,pulp_workers, httpd}; do sudo service $s restart; done  Update in todays foreman you can clean the task using the following command: foreman-rake foreman_tasks:cleanup
Read more

CentOS 7 Server Hardening Guide

CentOS 7 Server Hardening Guide 1. System Settings – Disk Partitioning and Post installation 1.1 Disk Encryption with Kickstart The easiest way to encrypt a partition is during Kickstart installation. This can be achieved by adding the –encrypted and –passphrase= options to the definition of a physical LVM volume. Our Kickstart template is provided below. Note that the template requires a 32GB disk. #version=CentOS7.5 # System authorisation information auth --enableshadow --passalgo=sha512 # Use CDROM installation media cdrom ignoredisk --only-use=sda # Keyboard layouts keyboard --vckeymap=gb --xlayouts='gb' # System language lang en_GB.UTF-8 # SELinux selinux --enforcing # Network information network --bootproto=dhcp --device=eth0 --onboot=on --activate network --hostname=ks-c7.example.com # Plaintext root password: PleaseChangeMe rootpw --iscrypted $6$nS0mBJyS$q/QgCof5unWrT9W3qngTISueSDhDHVNntDqd8sOcgmHp2lq4f/niUbjCmoEzaf3EWQ2x3z/k0eIZa
Read more

How to restrict users to send only mail to the local domain in Zimbra

How to restrict users to send only mail to the local domain in Zimbra 1. Open file /opt/zimbra/conf/zmconfigd/smtpd_recipient_restrictions.cf and add this line below reject_non_fqdn_recipient. This is example on my system permit_sasl_authenticated check_sender_access lmdb:/opt/zimbra/postfix/conf/restricted_senders permit_mynetworks 2. Open file /opt/zimbra/conf/zmconfigd.cf and add those lines before RESTART mta. This is example on my system POSTCONF smtpd_restriction_classes local_only POSTCONF local_only FILE postfix_check_recipient_access.cf RESTART mta 3. Create a file /opt/zimbra/conf/postfix_check_recipient_access.cf and add the following line.  check_recipient_access lmdb:/opt/zimbra/postfix/conf/local_domains, reject 4. Create a file "/opt/zimbra/postfix/conf/restricted_senders" and list all the users, whom you want to restrict. Follow this syntax: user@yourdomain.com local_only 5. Create a file "/opt/zimbra/postfix/con
Read more