/
aws-nwo-lam2-Amazon-Linux-2023-CloudInit-Arm.txt
328 lines (322 loc) · 13.9 KB
/
aws-nwo-lam2-Amazon-Linux-2023-CloudInit-Arm.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
#cloud-config
# Tell cloud-init to log the output to a log file
output : { all : '| tee -a /var/log/cloud-init-output.log' }
# /var/www/aws/aws-nwo-lam2-Amazon-Linux-2023-CloudInit-Arm.txt
# Initialize lam2.duckdns.org
bootcmd:
- echo
- echo 'AWS LAM Report HOST information'
- uname -a
- echo
- echo 'AWS LAM Report Release version'
- head /etc/*release
- echo
- echo 'AWS LAM cloud-config YAML bootcmd complete'
- date
# Set timezone
timezone: US/Alaska
# Upgrade repo database on first boot
repo_update: true
# Upgrade the instance on first boot
repo_upgrade: all
runcmd:
- keyName="lam2-AL2023-ARM"
- echo
- echo 'AWS LAM Add a swapfile'
- dd if=/dev/zero of=/swapfile bs=32M count=24
- chmod 600 /swapfile
- mkswap /swapfile
- swapon /swapfile
- echo "/swapfile swap swap defaults 0 0" >> /etc/fstab
- free -h
- cat /proc/swaps
- echo
- echo 'AWS LAM Get EFS for REGION'
- wget --quiet https://lamurakami.github.io/aws-efs/REGION.bash
- chmod a+x REGION.bash
- export REGION=$(./REGION.bash)
- rm REGION.bash
- EFS=$(curl -s https://lamurakami.github.io/aws-efs/${REGION})
- echo
- echo 'AWS LAM setup root to aws ssh config'
- wget --quiet https://lamurakami.github.io/aws-efs/root-ssh-config
- mv root-ssh-config /root/.ssh/config
- wget --quiet https://lamurakami.github.io/aws-efs/root-ssh-known_hosts
- mv root-ssh-known_hosts /root/.ssh/known_hosts
- echo
- echo 'AWS LAM Install LAMipedia packages'
- dnf -y install httpd httpd-manual mod_ssl whois lynx perl-CGI perl-libwww-perl xauth php-fpm php-mysqli php-json php php-devel php-gd php-mbstring php-intl php-mysqlnd php-xml mariadb105-server gitweb xorg-x11-utils mod_perl gtk3 perl-DBD-MySQL mlocate texlive libxkbfile xorg-x11-xbitmaps
- echo
- echo 'AWS LAM Allow any to read /var/log/cloud-init-output.log'
- chmod a+r /var/log/cloud-init-output.log
- echo
- echo 'AWS LAM Check US Alaska local time for this system'
- ls -lF --time-style=long-iso /etc/localtime
- echo
- echo 'AWS LAM Set git user name, email for system'
- git config --system user.name "LAMurakami"
- git config --system user.email GitHub@LAMurakami.com
- git config --system core.editor vi
- git config --system branch.autosetuprebase always
- git config --system init.defaultBranch master
- git config --system --add safe.directory /var/www/lam
- echo
- echo 'AWS LAM use colors with systemctl'
- echo 'export SYSTEMD_COLORS=1' > /etc/profile.d/systemd_colors.sh
- echo
- echo 'AWS LAM Set vim as default editor for system'
- dnf remove -y nano
- echo
- echo 'AWS LAM Install aws.lam1.us web site'
- git clone https://github.com/LAMurakami/aws /var/www/aws
- sh -c "cd /var/www/aws;git remote set-url origin git@github.com:LAMurakami/aws"
- sh -c "cd /var/www/aws;git remote add ak20 git@ak20:aws"
- sh -c "cd /var/www/aws;git checkout -b $keyName"
- echo
- echo 'AWS LAM Report AWS EC2 metadata for this instance'
- /var/www/aws/ec2-user-data.bash
- echo
- echo 'AWS LAM Report AWS EC2 user-data for this instance (CloudInit directives)'
- /var/www/aws/ec2-instance-user-data.bash
- echo
- echo 'AWS LAM Cloud Guest motd'
- ln -s /var/www/aws/etc/update-motd.d/51-cloudguest /etc/update-motd.d
- echo
- echo echo 'AWS LAM allow read access to apache2 (httpd) log path'
- chmod a+rx /var/log/httpd
- echo
- echo 'AWS LAM enable aws site'
- ln -s /var/www/aws/aws_apache2.conf /etc/httpd/conf.d/zzz_000-aws.conf
- echo
- echo 'AWS LAM Update main apache2 configuration'
- cp /var/www/aws/Amazon-Linux-2-httpd.conf /etc/httpd/conf/httpd.conf
- echo
- echo 'AWS LAM Install no-ssl web site'
- /var/www/aws/aws-lam-www-git-clone.bash no-ssl $keyName
- ln -s /var/www/no-ssl/no-ssl_apache2.conf /etc/httpd/conf.d/zzz_999-no-ssl.conf
- echo
- echo 'AWS LAM Install LAM perl modules'
- mkdir -p /usr/local/share/perl5/5.32
- ln -s /var/www/no-ssl/site_perl-LAM /usr/local/share/perl5/5.32/LAM
- echo
- echo 'AWS LAM create Multicount directory'
- mkdir /var/www/Multicount
- echo
- echo 'AWS LAM Installing z.lam1.us web site'
- /var/www/aws/aws-lam-www-git-clone.bash z $keyName
- ln -s /var/www/z/z_apache2.conf /etc/httpd/conf.d/zzz_050_z.conf
- rm /etc/httpd/conf.d/welcome.conf
- echo
- echo 'AWS LAM Enable x11 forwarding over ssh for sudo'
- ln -s /var/www/no-ssl/xauthority.sh /etc/profile.d
- echo
- echo 'AWS LAM ***** Additional sites *****'
- echo
- echo 'AWS LAM Installing sites.lam1.us web site'
- /var/www/aws/aws-lam-www-git-clone.bash sites $keyName
- ln -s /var/www/sites/sites_apache2.conf /etc/httpd/conf.d/zzz_030_sites.conf
- echo
- echo 'AWS LAM Installing arsc.lam1.us web site'
- /var/www/aws/aws-lam-www-git-clone.bash arsc $keyName
- ln -s /var/www/arsc/arsc_apache2.conf /etc/httpd/conf.d/zzz_060_arsc.conf
- echo
- echo 'AWS LAM Installing cabo.lam1.us web site'
- /var/www/aws/aws-lam-www-git-clone.bash cabo $keyName
- ln -s /var/www/cabo/cabo_apache2.conf /etc/httpd/conf.d/zzz_040_cabo.conf
- echo
- echo 'AWS LAM Adding olnes www Content'
- /var/www/aws/aws-lam-www-git-clone.bash olnes $keyName
- ln -s /var/www/olnes/olnes_apache2.conf /etc/httpd/conf.d/zzz_052_olnes.conf
- echo
- echo 'AWS LAM Adding larryforalaska www Content'
- /var/www/aws/aws-lam-www-git-clone.bash larryforalaska $keyName
- ln -s /var/www/larryforalaska/larryforalaska_apache2.conf /etc/httpd/conf.d/zzz_070_larryforalaska.conf
- echo
- echo 'AWS LAM ***** Use private LAM Alaska resources *****'
- echo
- echo 'AWS LAM Adding nfs4 mount to AWS NW-O VPC Elastic File System'
- mkdir /mnt/efs
- chown ec2-user:ec2-user /mnt/efs
- nfsOpt="_netdev,noresvport,nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 0 0"
- echo "${EFS}:/ /mnt/efs nfs4 ${nfsOpt}" >> /etc/fstab
- mount -a -t nfs4
- df -Th -x supermount --exclude-type=tmpfs --exclude-type=devtmpfs
- echo
- echo 'AWS LAM Installing Amazon Linux 2 ec2-user bash resources'
- tar -xzf /mnt/efs/Amazon-Linux-2023/ec2-user.tgz --directory /home/ec2-user
- echo
- echo 'AWS LAM Link to .aws resources for root'
- ln -s /home/ec2-user/.aws /root/.aws
- echo
- echo 'AWS LAM Copy ssh key root'
- cp /home/ec2-user/.ssh/git_ak20_id_rsa /root/.ssh
- echo
- echo 'AWS LAM Install man2html'
- aws s3 cp s3://lamurakami/Amazon-Linux-2023/man2html-Arm.tgz - | tar -xzf - --directory /usr/local
- echo
- echo 'AWS LAM Install xeyes, xclock, xlogo'
- aws s3 cp s3://lamurakami/Amazon-Linux-2023/xapps-AL2023-ARM.tgz - | tar -xzf - --directory /usr/local
- echo
- echo 'AWS LAM Install geany'
- aws s3 cp s3://lamurakami/Amazon-Linux-2023/geany-Arm.tgz - | tar -xzf - --directory /usr/local
- ldconfig /usr/local/lib
- echo
- echo 'AWS LAM Install l3afpad substitute for leafpad'
- aws s3 cp s3://lamurakami/Amazon-Linux-2023/l3afpad-arm.tgz - | tar -xzf - --directory /usr/local
- ln -s /usr/local/bin/l3afpad /usr/bin/leafpad
- echo
- echo 'AWS LAM Install glances for ec2-user'
- aws s3 cp s3://lamurakami/Amazon-Linux-2023/glances-ec2-user-Arm.tgz - | tar -xzf - --directory /home/ec2-user
- echo
- echo 'AWS LAM Link to .aws resources for root'
- ln -s /home/ec2-user/.aws /root/.aws
- echo
- echo 'AWS LAM Install etckeeper and perform intitial commit'
- aws s3 cp s3://lamurakami/Amazon-Linux-2023/etckeeper-bin-Arm.tgz - | tar -xzf - --directory /usr
- aws s3 cp s3://lamurakami/Amazon-Linux-2023/etckeeper-etc-Arm.tgz - | tar -xzf - --directory /etc
- aws s3 cp s3://lamurakami/Amazon-Linux-2023/etckeeper-lib-systemd-system-Arm.tgz - | tar -xzf - --directory /lib/systemd/system
- etckeeper init
- etckeeper commit -m 'AWS LAM Amazon Linux 2023'
- systemctl enable etckeeper.timer
- systemctl start etckeeper.timer
- echo
- echo 'AWS LAM Listen for ssh connections on alternate port 55520 and add ssh Banner'
- aws s3 cp s3://lamurakami/Amazon-Linux-2023/sshd_config /etc/ssh/sshd_config
- ln -s /var/www/aws/etc/ssh/Banner.txt /etc/ssh
- systemctl restart sshd
- echo
- echo 'AWS LAM ***** Secure site *****'
- echo
- echo 'AWS LAM Install Let-s Encrypt certificates for TLS encryption (HTTPS)'
- aws s3 cp s3://lamurakami/aws-lam1-ubuntu/letsencrypt.tgz - | tar -xzf - --directory /etc
- echo
- echo 'AWS LAM Install lam web site'
# Extract lam from archive that includes MediWiki and git repo
- aws s3 cp s3://lamurakami/lam.tgz - | tar -xzf - --directory /var/www
- echo
- echo 'AWS LAM Use lam2 branch to serve secure site at https://lam2.duckdns.org'
- sh -c "cd /var/www/lam;git stash"
- sh -c "cd /var/www/lam;git checkout lam2"
- sh -c "cd /var/www/lam;git checkout -b $keyName"
- echo
- echo 'AWS LAM Create lam murakami staff credentials.'
- /var/www/lam/Create-lam-murakami-staff.bash AL2023
- chown lam:staff /mnt/efs
- echo
- echo 'AWS LAM Update apache2 ssl configuration'
- rm /etc/httpd/conf.d/ssl.conf
- ln -s /var/www/lam/lam_apache2.conf /etc/httpd/conf.d/ssl.conf
- echo
- echo 'AWS LAM Update gitweb configuration'
- sed -i '1 s|Alias /git /var/www/git|Alias /gitweb /var/www/git|' /etc/httpd/conf.d/gitweb.conf
- cp /var/www/aws/Amazon-Linux-2-gitweb.conf /etc/gitweb.conf
- echo
- echo 'AWS LAM Configure /server-status /server-info ReadmeName'
- ln -s /var/www/lam/lam_info.conf /etc/httpd/conf.d/info.conf
- ln -s /var/www/lam/lam_status.conf /etc/httpd/conf.d/status.conf
- sed -i 's/ReadmeName README.html/ReadmeName FOOTER.html/' /etc/httpd/conf.d/autoindex.conf
- echo
- echo 'AWS LAM enable and start MariaDB'
- systemctl enable mariadb
- systemctl start mariadb
- echo
- echo 'AWS LAM Creating {lam|Mediawiki} database and user'
- mysql --table < /var/www/lam/lam-user.sql
- echo 'AWS LAM Restore latest lam database backup from AWS S3'
- aws s3 cp s3://lamurakami/Bk-20-MySQL.lam.sql.gz - | gunzip -c | mysql --user=lam lam
- echo 'AWS LAM Restore latest LAM Alaska MediaWiki database backup from AWS S3'
- aws s3 cp s3://lamurakami/Bk-20-MySQL.wikidb.sql.gz - | gunzip -c | mysql --user=lam wikidb
- echo
- echo 'AWS LAM ***** Private Additional sites *****'
- echo
- echo 'AWS LAM Installing {new|old}.interiordems.com web sites'
- /var/www/aws/aws-efs-www-git-clone.bash interiordems $keyName
- ln -s /var/www/interiordems/interiordems_apache2.conf /etc/httpd/conf.d/zzz_020_interiordems.conf
- /var/www/aws/aws-efs-www-git-clone.bash oldinteriordems $keyName
- ln -s /var/www/oldinteriordems/oldinteriordems_apache2.conf /etc/httpd/conf.d/zzz_010_oldinteriordems.conf
- echo
- echo 'AWS LAM Adding mike@mike.lam1.us user, group and www Content'
- useradd --shell /bin/bash --create-home --groups users --uid 55501 mike
- usermod --groups users,mike mike
- aws s3 cp s3://lamurakami/aws-lam1-ubuntu/mike.tgz - | tar -xzf - --directory /home
- /var/www/aws/aws-efs-www-git-clone.bash mike $keyName
- ln -s /var/www/mike/mike_apache2.conf /etc/httpd/conf.d/zzz_081_mike.conf
- echo
- echo 'AWS LAM Adding blinkenshell www Content'
# Extract blinkenshell from archive that includes date time stamps
- aws s3 cp s3://lamurakami/aws-lam1-ubuntu/blinkenshell.tgz - | tar -xzf - --directory /var/www
- echo
- echo 'AWS LAM Tell git ownership of /var/www/blinkenshell/public_html is O.K.'
- git config --system --add safe.directory /var/www/blinkenshell/public_html
# Clone the blinkenshell repo and integrate it with blinkenshell archive
- /var/www/aws/aws-efs-www-git-clone.bash blinkenshell $keyName /tmp/
- mv /tmp/blinkenshell/.git /var/www/blinkenshell/public_html
- rm -rf /tmp/blinkenshell # Remove the blinkenshell repo fragment
- sh -c "cd /var/www/blinkenshell/public_html;git remote set-url origin git@github.com:LAMurakami/blinkenshell"
- sh -c "cd /var/www/blinkenshell/public_html;git remote add ak20 git@ak20:blinkenshell"
- sh -c "cd /var/www/blinkenshell/public_html;git stash"
- sh -c "cd /var/www/blinkenshell/public_html;git checkout master"
- sh -c "cd /var/www/blinkenshell/public_html;git checkout -b $keyName"
- ln -s /var/www/blinkenshell/public_html/blinkenshell_apache2.conf /etc/httpd/conf.d/zzz_051_blinkenshell.conf
- echo
- echo 'AWS LAM Adding alaskademocrat www Content'
- /var/www/aws/aws-efs-www-git-clone.bash alaskademocrat $keyName
- ln -s /var/www/alaskademocrat/alaskademocrat_apache2.conf /etc/httpd/conf.d/zzz_069_alaskademocrat.conf
- echo
- echo 'AWS LAM ***** Final Initialization Steps *****'
- echo
- echo 'AWS LAM add apache group to ec2-user'
- sh -c "usermod -a -G apache ec2-user"
- echo
- echo 'AWS LAM Create /phpinfo.php page'
- sh -c "echo '<?php phpinfo(); ?>' > /var/www/lam/html/phpinfo.php"
- sh -c "cd /var/www/lam;git add html/phpinfo.php"
- echo
- echo 'AWS LAM update aws site with current public local name ipv4 ipv6'
- /var/www/aws/cloud-init.pl
- /var/www/aws/AWS-LAM-git-commit.bash $keyName aws no-ssl lam
- echo
- echo 'AWS LAM Change ownership of /var/www'
- sh -c "chown -R lam:apache /var/www"
- chown apache:apache /var/www/Multicount
- chown lam:staff /mnt/efs
- echo
- echo 'AWS LAM systemctl start httpd'
- systemctl start httpd
- echo
- echo 'AWS LAM systemctl enable httpd'
- systemctl enable httpd
- echo
- echo 'AWS LAM Update packages to latest'
- dnf -y update
- sh -c 'echo "latest" >> /etc/dnf/vars/releasever'
- dnf -y upgrade
- echo
- echo 'AWS LAM Set lam2.duckdns.org hostname'
- /var/www/aws/Amazon-Linux-2-set-hostname.bash
- echo
- echo 'AWS LAM Set hostname and localhost alias in /etc/hosts'
- sed -i '1s/localhost/lam2.duckdns.org lam2 localhost/' /etc/hosts
- echo
- echo 'AWS LAM Updating lam2.duckdns.org IP address'
- ln -s /home/ec2-user/.duckdns /root/.duckdns
- /var/www/aws/Update-DuckDNS.bash lam2
- echo
- echo 'AWS LAM List Installed Packages information'
- dnf repoquery -a --installed
- echo
- echo 'AWS LAM ***** Update mlocate database *****'
- updatedb
- /var/www/aws/systemd/daily-backup/mlocate-mnt-efs
- echo
- echo 'AWS LAM Use Elastic File System mlocate database'
- ln -s /var/www/no-ssl/mlocate.sh /etc/profile.d/mlocate.sh
- echo
- echo 'AWS LAM link which to /usr/local/bin *****'
- ln -s /bin/which /usr/local/bin/which
- echo
- echo 'AWS LAM Final Cloud-init etckeeper commit'
- etckeeper commit -m 'AWS LAM Final Cloud-init etckeeper commit'
- echo
- echo 'AWS LAM cloud-config YAML runcmd complete'
- date