Updated ubuntu 18.04

librenms · Nov 6, 2018 · 93cb100 · 93cb100
1 parent fa11196
commit 93cb100
Show file tree

Hide file tree

Showing 11 changed files with 386 additions and 216 deletions.
diff --git a/files/ubuntu/librenms.conf b/files/ubuntu/librenms.conf
@@ -16,7 +16,7 @@ server {
  location ~ \.php {
   include fastcgi.conf;
   fastcgi_split_path_info ^(.+\.php)(/.+)$;
-  fastcgi_pass unix:/var/run/php-fpm/php7.2-fpm.sock;
+  fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
  }
  location ~ /\.ht {
   deny all;

diff --git a/http/ubuntu-18.04/preseed.cfg b/http/ubuntu-18.04/preseed.cfg
@@ -0,0 +1,38 @@
+### Base system installation
+d-i base-installer/kernel/override-image string linux-server
+
+### Account setup
+d-i passwd/user-fullname string vagrant
+d-i passwd/username string vagrant
+d-i passwd/user-password password vagrant
+d-i passwd/user-password-again password vagrant
+d-i user-setup/allow-password-weak boolean true
+d-i user-setup/encrypt-home boolean false
+
+### Clock and time zone setup
+d-i clock-setup/utc boolean true
+d-i time/zone string UTC
+#d-i time/zone string Asia/Tokyo
+
+### Partitioning
+d-i partman-auto/method string lvm
+d-i partman-lvm/confirm_nooverwrite boolean true
+d-i partman-auto-lvm/guided_size string max
+d-i partman/choose_partition select finish
+d-i partman/confirm_nooverwrite boolean true
+
+### Mirror settings
+#d-i mirror/country string JP
+d-i mirror/http/proxy string
+
+### Package selection
+tasksel tasksel/first multiselect standard
+d-i pkgsel/update-policy select none
+d-i pkgsel/include string openssh-server
+d-i pkgsel/install-language-support boolean false
+
+### Boot loader installation
+d-i grub-installer/only_debian boolean true
+
+### Finishing up the installation
+d-i finish-install/reboot_in_progress note
diff --git a/scripts/ubuntu/cleanup.sh b/scripts/ubuntu/cleanup.sh
@@ -1,6 +1,74 @@
-#!/bin/bash
+#!/bin/bash -eu
 
+SSH_USER=${SSH_USERNAME:-vagrant}
+
+# Make sure udev does not block our network - http://6.ptmc.org/?p=164
+echo "==> Cleaning up udev rules"
+rm -rf /dev/.udev/
+rm -f /lib/udev/rules.d/75-persistent-net-generator.rules
+
+echo "==> Cleaning up leftover dhcp leases"
+# Ubuntu 10.04
+if [ -d "/var/lib/dhcp3" ]; then
+    rm /var/lib/dhcp3/*
+fi
+# Ubuntu 12.04 & 14.04
+if [ -d "/var/lib/dhcp" ]; then
+    rm /var/lib/dhcp/*
+fi
+
+# Add delay to prevent "vagrant reload" from failing
+echo "pre-up sleep 2" >> /etc/network/interfaces
+
+echo "==> Cleaning up tmp"
+rm -rf /tmp/*
+
+# Cleanup apt cache
+apt-get -y autoremove --purge
+apt-get -y clean
+
+echo "==> Installed packages"
+dpkg --get-selections | grep -v deinstall
+
+DISK_USAGE_BEFORE_CLEANUP=$(df -h)
+
+# Remove Bash history
+unset HISTFILE
+rm -f /root/.bash_history
+rm -f /home/${SSH_USER}/.bash_history
+
+# Clean up log files
+find /var/log -type f | while read f; do echo -ne '' > "${f}"; done;
+
+echo "==> Clearing last login information"
+>/var/log/lastlog
+>/var/log/wtmp
+>/var/log/btmp
+
+echo '==> Clear out swap and disable until reboot'
+set +e
+swapuuid=$(/sbin/blkid -o value -l -s UUID -t TYPE=swap)
+case "$?" in
+    2|0) ;;
+    *) exit 1 ;;
+esac
 set -e
-set -x
+if [ "x${swapuuid}" != "x" ]; then
+    # Whiteout the swap partition to reduce box size
+    # Swap is disabled till reboot
+    swappart=$(readlink -f /dev/disk/by-uuid/$swapuuid)
+    /sbin/swapoff "${swappart}"
+    dd if=/dev/zero of="${swappart}" bs=1M || echo "dd exit code $? is suppressed"
+    /sbin/mkswap -U "${swapuuid}" "${swappart}"
+fi
+
+# Zero out the free space to save space in the final image
+dd if=/dev/zero of=/EMPTY bs=1M  || echo "dd exit code $? is suppressed"
+rm -f /EMPTY
+sync
+
+echo "==> Disk usage before cleanup"
+echo ${DISK_USAGE_BEFORE_CLEANUP}
 
-sudo apt-get clean
+echo "==> Disk usage after cleanup"
+df -h
diff --git a/scripts/ubuntu/librenms.sh b/scripts/ubuntu/librenms.sh
@@ -4,13 +4,12 @@ if [ -z "$LIBRENMS_VERSION"]; then
   LIBRENMS_VERSION="master"
 fi
 
-sudo yum install -y epel-release
-sudo yum update -y
-sudo rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
-sudo yum install -y composer cronie fping git ImageMagick jwhois mariadb mariadb-server mtr MySQL-python net-snmp net-snmp-utils nginx nmap php72w php72w-cli php72w-common php72w-curl php72w-fpm php72w-gd php72w-mbstring php72w-mysqlnd php72w-process php72w-snmp php72w-xml php72w-zip python-memcached rrdtool libargon2
+sudo add-apt-repository universe
+sudo apt update -y
+sudo apt install -y curl composer fping git graphviz imagemagick mariadb-client mariadb-server mtr-tiny nginx-full nmap php7.2-cli php7.2-curl php7.2-fpm php7.2-gd php7.2-json php7.2-mbstring php7.2-mysql php7.2-snmp php7.2-xml php7.2-zip python-memcache python-mysqldb rrdtool snmp snmpd whois acl
 
 sudo useradd librenms -d /opt/librenms -M -r
-sudo usermod -a -G librenms nginx
+sudo usermod -a -G librenms www-data
 
 sudo bash -c 'cat <<EOF > /etc/sudoers.d/librenms
 Defaults:librenms !requiretty
@@ -22,26 +21,28 @@ sudo chmod 440 /etc/sudoers.d/librenms
 sudo sh -c "cd /opt; composer create-project --no-dev --keep-vcs librenms/librenms:$LIBRENMS_VERSION librenms dev-master"
 
 # Change php to UTC TZ
-sudo sed -i "s/;date.timezone =.*/date.timezone = UTC/" /etc/php.ini
+sudo sed -i "s/;date.timezone =.*/date.timezone = UTC/" /etc/php/7.2/fpm/php.ini
+sudo sed -i "s/;date.timezone =.*/date.timezone = UTC/" /etc/php/7.2/cli/php.ini
 sudo sed -i "s/^user =.*/user = nginx/" /etc/php-fpm.d/www.conf
 sudo sed -i "s/^group =.*/group = apache/" /etc/php-fpm.d/www.conf
 sudo sed -i "s/^listen =.*/listen = \/var\/run\/php-fpm\/php7.2-fpm.sock/" /etc/php-fpm.d/www.conf
 sudo sed -i "s/^;listen.owner =.*/listen.owner = nginx/" /etc/php-fpm.d/www.conf
 sudo sed -i "s/^;listen.group =.*/listen.group = nginx/" /etc/php-fpm.d/www.conf
 sudo sed -i "s/^;listen.mode =.*/listen.mode = 0660/" /etc/php-fpm.d/www.conf
 
-sudo systemctl enable php-fpm
-sudo systemctl restart php-fpm
+sudo systemctl enable php7.2-fpm
+sudo systemctl restart php7.2-fpm
 
 sudo cp /tmp/librenms.conf /etc/nginx/conf.d/librenms.conf
 sudo cp /tmp/nginx.conf /etc/nginx/nginx.conf
 
-sudo rm -f /etc/httpd/conf.d/welcome.conf
-sudo chgrp apache /var/lib/php/session/
+sudo rm -f /etc/nginx/sites-enabled/default
 
 sudo systemctl enable nginx
 sudo systemctl restart nginx
 
+sudo cp /opt/librenms/misc/librenms.logrotate /etc/logrotate.d/librenms
+
 sudo yum install -y policycoreutils-python
 sudo semanage fcontext -a -t httpd_sys_content_t '/opt/librenms/logs(/.*)?'
 sudo semanage fcontext -a -t httpd_sys_rw_content_t '/opt/librenms/logs(/.*)?'
@@ -58,25 +59,6 @@ sudo restorecon -RFvv /opt/librenms/bootstrap/cache/
 sudo setsebool -P httpd_can_sendmail=1
 sudo setsebool -P httpd_execmem 1
 
-sudo bash -c 'cat <<EOF > /tmp/http_fping.tt
-module http_fping 1.0;
-
-require {
-type httpd_t;
-class capability net_raw;
-class rawip_socket { getopt create setopt write read };
-}
-
-#============= httpd_t ==============
-allow httpd_t self:capability net_raw;
-allow httpd_t self:rawip_socket { getopt create setopt write read };
-EOF'
-
-sudo checkmodule -M -m -o http_fping.mod /tmp/http_fping.tt
-sudo semodule_package -o http_fping.pp -m http_fping.mod
-sudo semodule -i http_fping.pp
-sudo rm -f /tmp/http_fping.tt
-
 sudo firewall-cmd --zone public --add-service http
 sudo firewall-cmd --permanent --zone public --add-service http
 sudo firewall-cmd --zone public --add-service https
@@ -103,7 +85,7 @@ EOF'
 sudo systemctl daemon-reload
 sudo systemctl enable --now rrdcached.service
 
-sudo bash -c 'cat << EOF > /etc/my.cnf.d/server.cnf
+sudo bash -c 'cat << EOF > /etc/mysql/mariadb.conf.d/50-server.cnf
 #
 # These groups are read by MariaDB server.
 # Use it for options that only the server (but not clients) should see
@@ -118,8 +100,8 @@ lower_case_table_names=0
 sql-mode=""
 EOF'
 
-sudo systemctl restart mariadb
-sudo systemctl enable mariadb
+sudo systemctl enable mysql
+sudo systemctl restart mysql
 
 mysql_pass="D42nf23rewD";
 
@@ -133,7 +115,6 @@ sudo cp /opt/librenms/config.php.default /opt/librenms/config.php
 
 sudo sed -i 's/USERNAME/librenms/g' /opt/librenms/config.php
 sudo sed -i "s/PASSWORD/${mysql_pass}/g" /opt/librenms/config.php
-sudo bash -c "echo '\$config[\"fping\"] = \"/usr/sbin/fping\";' >> /opt/librenms/config.php"
 sudo bash -c "echo '\$config[\"rrdcached\"] = \"unix:/var/run/rrdcached/rrdcached.sock\";' >> /opt/librenms/config.php"
 sudo bash -c "echo '\$config[\"update_channel\"] = \"release\";' >> /opt/librenms/config.php"
 
@@ -160,5 +141,5 @@ sudo bash -c "echo '*/5 * * * * librenms /opt/librenms/html/plugins/Weathermap/m
 sudo sed -i "s/16/4/g" /etc/cron.d/librenms
 
 sudo chown -R librenms:librenms /opt/librenms
-sudo setfacl -d -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/
-sudo setfacl -R -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/
+#sudo setfacl -d -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/
+#sudo setfacl -R -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/
diff --git a/scripts/ubuntu/minimize.sh b/scripts/ubuntu/minimize.sh
@@ -0,0 +1,60 @@
+#!/bin/bash -eu
+
+if [[ "$DESKTOP" =~ ^(true|yes|on|1|TRUE|YES|ON])$ ]]; then
+    exit
+fi
+
+echo "==> Disk usage before minimization"
+df -h
+
+echo "==> Installed packages before cleanup"
+dpkg --get-selections | grep -v deinstall
+
+# Remove some packages to get a minimal install
+echo "==> Removing all linux kernels except the currrent one"
+#dpkg --list | awk '{ print $2 }' | grep 'linux-image-3.*-generic' | grep -v $(uname -r) | xargs apt-get -y purge
+apt-get -y purge `ls /boot/vmlinuz-* | sed -e '$d' | sed s/.*vmlinuz/linux-image/`
+apt-get -y purge $(dpkg --list |egrep 'linux-image-[0-9]' |awk '{print $3,$2}' |sort -nr |tail -n +2 |grep -v $(uname -r) |awk '{ print $2}')
+apt-get -y purge $(dpkg --list |grep '^rc' |awk '{print $2}')
+echo "==> Removing linux source"
+dpkg --list | awk '{ print $2 }' | grep linux-source | xargs apt-get -y purge
+echo "==> Removing documentation"
+dpkg --list | awk '{ print $2 }' | grep -- '-doc$' | xargs apt-get -y purge
+#echo "==> Removing development packages"
+#dpkg --list | awk '{ print $2 }' | grep -- '-dev$' | xargs apt-get -y purge
+#echo "==> Removing development tools"
+#dpkg --list | grep -i compiler | awk '{ print $2 }' | xargs apt-get -y purge
+#apt-get -y purge cpp gcc g++
+#apt-get -y purge build-essential git
+#echo "==> Removing default system Ruby"
+#apt-get -y purge ruby ri doc
+#echo "==> Removing default system Python"
+#apt-get -y purge python-dbus libnl1 python-smartpm python-twisted-core libiw30 python-twisted-bin libdbus-glib-1-2 python-pexpect python-pycurl python-serial python-gobject python-pam python-openssl libffi5
+echo "==> Removing X11 libraries"
+apt-get -y purge libx11-data xauth libxmuu1 libxcb1 libx11-6 libxext6
+echo "==> Removing other oddities"
+apt-get -y purge popularity-contest installation-report landscape-common wireless-tools wpasupplicant ubuntu-serverguide
+apt-get -y purge nano
+
+# Clean up the apt cache
+apt-get -y autoremove --purge
+apt-get -y clean
+
+# Clean up orphaned packages with deborphan
+apt-get -y install deborphan
+while [ -n "$(deborphan --guess-all --libdevel)" ]; do
+    deborphan --guess-all --libdevel | xargs apt-get -y purge
+done
+apt-get -y purge deborphan dialog
+
+echo "==> Removing man pages"
+rm -rf /usr/share/man/*
+echo "==> Removing APT files"
+find /var/lib/apt -type f | xargs rm -f
+echo "==> Removing any docs"
+rm -rf /usr/share/doc/*
+echo "==> Removing caches"
+find /var/cache -type f -exec rm -rf {} \;
+
+echo "==> Disk usage after cleanup"
+df -h
diff --git a/scripts/ubuntu/oxidized.sh b/scripts/ubuntu/oxidized.sh
@@ -5,10 +5,10 @@ if [ "$OXIDIZED" == false ]; then
     exit 0
 fi
 
-sudo yum install -y make cmake which sqlite-devel openssl-devel libssh2-devel ruby gcc ruby-devel libicu-devel gcc-c++ rubygem-rake
-sudo git clone https://github.com/ytti/oxidized.git /opt/oxidized/
-sudo gem install bundler
-sudo sh -c "(cd /opt/oxidized && rake install)"
+sudo add-apt-repository universe
+sudo apt install -y ruby ruby-dev libsqlite3-dev libssl-dev pkg-config cmake libssh2-1-dev libicu-dev zlib1g-dev
+sudo gem install oxidized
+sudo gem install oxidized-script oxidized-web
 sudo useradd oxidized
 sudo bash -c 'cat << EOF > /etc/systemd/system/oxidized.service
 [Unit]

diff --git a/scripts/ubuntu/syslog-ng.sh b/scripts/ubuntu/syslog-ng.sh
@@ -5,8 +5,8 @@ if [ "$SYSLOG_NG" == false ]; then
     exit 0
 fi
 
-sudo yum remove -y rsyslog
-sudo yum install -y syslog-ng
+sudo apt remove -y rsyslog
+sudo apt install -y syslog-ng
 sudo sh -c "echo '' > /var/log/secure"
 
 sudo bash -c 'cat << EOF > /etc/syslog-ng/syslog-ng.conf

diff --git a/scripts/ubuntu/update.sh b/scripts/ubuntu/update.sh
@@ -0,0 +1,53 @@
+#!/bin/bash -eu
+
+# locale
+echo "==> Configuring locales"
+apt-get -y purge language-pack-en language-pack-gnome-en
+sed -i -e '/^[^# ]/s/^/# /' /etc/locale.gen
+LANG=en_US.UTF-8
+LC_ALL=$LANG
+locale-gen --purge $LANG
+update-locale LANG=$LANG LC_ALL=$LC_ALL
+
+# Disable the release upgrader
+echo "==> Disabling the release upgrader"
+sed -i.bak 's/^Prompt=.*$/Prompt=never/' /etc/update-manager/release-upgrades
+
+echo "==> Disabling apt.daily.service"
+systemctl stop apt-daily.timer
+systemctl disable apt-daily.timer
+systemctl mask apt-daily.service
+systemctl daemon-reload
+
+# install packages and upgrade
+echo "==> Updating list of repositories"
+apt-get -y update
+if [[ $UPDATE  =~ true || $UPDATE =~ 1 || $UPDATE =~ yes ]]; then
+    apt-get -y dist-upgrade
+    apt-get -y autoremove --purge
+fi
+apt-get -y install build-essential linux-headers-generic
+apt-get -y install ssh nfs-common vim curl perl git
+apt-get -y autoclean
+apt-get -y clean
+
+# Disable IPv6
+echo "==> Disabling IPv6"
+echo "net.ipv6.conf.all.disable_ipv6 = 1" >> /etc/sysctl.conf
+echo "net.ipv6.conf.default.disable_ipv6 = 1" >> /etc/sysctl.conf
+sysctl -p
+
+# Remove 5s grub timeout to speed up booting
+sed -i -e 's/^GRUB_TIMEOUT=.*/GRUB_TIMEOUT=0/' \
+    -e 's/^GRUB_CMDLINE_LINUX_DEFAULT=.*/GRUB_CMDLINE_LINUX_DEFAULT="quiet nosplash"/' \
+    /etc/default/grub
+update-grub
+# SSH tweaks
+echo "UseDNS no" >> /etc/ssh/sshd_config
+
+# reboot
+echo "====> Shutting down the SSHD service and rebooting..."
+systemctl stop sshd.service
+nohup shutdown -r now < /dev/null > /dev/null 2>&1 &
+sleep 120
+exit 0