-
Notifications
You must be signed in to change notification settings - Fork 0
/
setup_statement_of_origin.sh
515 lines (448 loc) · 15.4 KB
/
setup_statement_of_origin.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
#!/bin/bash
# Purpose: Gather data that must be provided by an admin for a new OS setup
# Author: SDW
# Incept: 2014/01/10
#################FUNCTION DEFINITIONS########################
#08-28-2015 - amayberr - removed sat01 entry for directory services.
# Include common_functions.h
if [[ -s /maint/scripts/common_functions.h ]]; then
source /maint/scripts/common_functions.h
elif [[ -s common_functions.h ]]; then
source common_functions.h
else
echo "Critical dependency failure: unable to locate common_functions.h"
exit 1
fi
if [[ $EUID != 0 ]]; then
echo "FAILURE: This script must be run as root or with equivalent privilege."
echo " Setup has not been completed on this system."
exit 2
fi
if [[ -z $VTS ]]; then
export VTS="date +%Y%m%d%H%M%S"
fi
if [[ -z $LOGFILE ]]; then
export LOGFILE=/var/log/install/`basename $0`.log
f_SetLogLevel 0
fi
# Variables
TPUT=/usr/bin/tput
# Server Statement of Origin
SSO=/etc/sso
if [[ -s "${SSO}" ]]; then
if [[ ! -s "${SSO}.${TS}" ]]; then
/bin/cp "${SSO}" "${SSO}.${TS}"
fi
fi
# Timestamp the SSO
echo "# Server Statement of Origin generated by $0" > $SSO
echo "# Generated on `date`" >> $SSO
LDAP_IPS="
10.27.60.133
10.27.60.129
10.166.136.99
10.64.51.253
10.70.2.253
10.166.120.56
10.166.120.57
10.168.120.56
10.168.120.57
75.78.177.68
75.78.1.92
75.78.192.61
75.78.192.62
75.78.200.25
75.78.200.26"
for LS in `echo $LDAP_IPS`; do
#if [[ `f_IsHostValid $LS 389` ]]; then
if [[ `f_IsHostValid $LS 389` == 0 ]]; then
WLS=$LS
if [[ -n $LOGFILE ]] && [[ -n $VTS ]]; then
echo "`$VTS`:$0:Elected $WLS as a temporary EOD server" | $LOG1
fi
break
fi
done
# Get the admin's user ID and validate it
unset SUSER
if [[ -n $WLS ]]; then
LDAP_SEARCH="/usr/bin/ldapsearch -x -h $WLS -p 389"
LDAP_BASE="dc=ds,dc=west,dc=com"
VC1=FALSE
echo ""
echo "###################[ RESPONSE REQUIRED ]#######################"
echo ""
while [[ "$VC1" == "FALSE" ]]; do
read -p "Provide a valid AD/EOD account to continue setup: " GUSER
if [[ -n $GUSER ]]; then
# Validate the account and verify the password
if [[ -n $LOGFILE ]] && [[ -n $VTS ]]; then
echo "`$VTS`:$0:user provided the EOD account name [$GUSER]" | $LOG1
fi
if [[ -z `$LDAP_SEARCH -b "ou=People,${LDAP_BASE}" "(uid=${GUSER})" uid | grep "^uid:"` ]]; then
echo "Error, user [$GUSER] does not exist in the directory."
if [[ -n $LOGFILE ]] && [[ -n $VTS ]]; then
echo "`$VTS`:$0:account name [$GUSER] not found in the directory." | $LOG1
fi
unset GUSER
read -p "Ctrl+C to quit, anything else to try again: " JUNK
$TPUT cuu1; $TPUT el;$TPUT cuu1; $TPUT el;$TPUT cuu1; $TPUT el
else
# Get the DN for the user
GUSERDN=`$LDAP_SEARCH -b "ou=People,${LDAP_BASE}" "(uid=${GUSER})" dn | grep "^dn:" | sed 's/^dn:[ \t]//'`
# Define the BIND test
LDAP_BT="$LDAP_SEARCH '(ou=SUDOers)' -b \"$LDAP_BASE\" -D \"$GUSERDN\" -w"
# Verifgy GUSER password
VP=FALSE
TRIES=0
MAXTRIES=5
while [[ $VP == FALSE ]] && [[ $TRIES -le $MAXTRIES ]]; do
read -sp "LDAP Password ($GUSERDN): " UUP
echo "$LDAP_BT \"$UUP\"" | /bin/bash 2>&1 >/dev/null
if [[ $? != 0 ]]; then
unset UUP
let TRIES=$TRIES+1
else
echo ""
VP=TRUE
VC1=TRUE
SUSER=$GUSER
SUSERFN=`$LDAP_SEARCH -b "ou=People,${LDAP_BASE}" "(uid=${GUSER})" givenName | grep "^givenName:" | sed 's/^givenName:[ \t]//'`
SUSERMI=`$LDAP_SEARCH -b "ou=People,${LDAP_BASE}" "(uid=${GUSER})" initials | grep "^initials:" | sed 's/^initials:[ \t]//'`
SUSERLN=`$LDAP_SEARCH -b "ou=People,${LDAP_BASE}" "(uid=${GUSER})" sn | grep "^sn:" | sed 's/^sn:[ \t]//'`
if [[ -z $SUSERMI ]]; then
SUSERWN="$SUSERFN $SUSERLN"
else
SUSERWN="$SUSERFN ${SUSERMI}. $SUSERLN"
fi
if [[ -n $LOGFILE ]] && [[ -n $VTS ]]; then
echo "`$VTS`:$0:user account password-based validation succeeded for [$SUSER]." | $LOG1
fi
fi
done
fi
else
$TPUT cuu1; $TPUT el
fi
done
else
read -p "Provide a valid AD/EOD account to continue setup: " GUSER
fi
if [[ -n $SUSER ]]; then
echo "VA=$SUSER" >> $SSO
echo "VAFN=$SUSERWN" >> $SSO
else
echo "NVA=$GUSER" >> $SSO
fi
RHEL6ONLY=`f_GetRelease | awk '{print $2}'`
if [[ $RHEL6ONLY -ge 6 ]]
then
# Determine authentication type
echo ""
echo "----------------------------------------------------"
echo " What authentication service would you like to use? "
echo "----------------------------------------------------"
echo "Enter \"SSSD\" in all caps if your end user has agreed to beta test SSSD authentication (non-prod only please)"
echo "If you are not sure, or startled by this new question, RELAX, just leave it blank and mash the enter key. "
echo ""
read -p "SSSD or NSS? [NSS]: " AUTHTYPE
echo ""
if [[ $AUTHTYPE == SSSD ]] || [[ $AUTHTYPE == sssd ]]; then
AUTHTYPE=SSSD
echo ""
echo "Setting auth to SSSD..."
echo "`$VTS`:setup_statement_of_origin.sh - user selected SSSD as the authentication client." | $LOG1
echo "AUTHTYPE=$AUTHTYPE" >> $SSO
echo ""
else
AUTHTYPE=NSS
echo ""
echo "Setting auth to legacy NSS..."
echo "`$VTS`:setup_statement_of_origin.sh - user selected NSS_LDAP as the authentication client." | $LOG1
echo "AUTHTYPE=$AUTHTYPE" >> $SSO
echo ""
fi
else
AUTHTYPE=NSS
echo ""
echo "SSSD is not currently available for `f_GetRelease` - setting auth to legacy NSS..."
echo "`$VTS`:setup_motd.sh - Selected NSS_LDAP as `f_GetRelease` is not currently tested with SSSD." | $LOG1
echo "AUTHTYPE=$AUTHTYPE" >> $SSO
echo ""
fi
# Get location information
# Get site number for logging and big brother
SITELIST=/maint/scripts/sitelist.cfg
#SITELIST=sitelist.cfg
VALID_SITE_CHOICE=NO
echo ""
echo "`$VTS`:$0:Getting site information from user." | $LOG1
echo "Please select the site where this server is located: "
echo ""
f_MakeSiteMenu $SITELIST
echo ""
while [[ $VALID_SITE_CHOICE != YES ]]; do
read -p "Please enter the site number: " SITE
if [[ -n $LOGFILE ]] && [[ -n $VTS ]]; then
echo "`$VTS`:$0:User [$SUSER] Input [site number] value entered \"$SITE\"" | $LOG1
fi
if [[ -z `grep "^${SITE}:" $SITELIST` ]]; then
read -p "\"$SITE\" is not a valid selection. Press Enter to try again. " JUNK
if [[ -n $LOGFILE ]] && [[ -n $VTS ]]; then
echo "`$VTS`:$0:Invalid User [$SUSER] Input [site number] value entered \"$SITE\"" | $LOG1
fi
tput cuu1; tput el; tput cuu1; tput el
unset SITE
else
VALID_SITE_CHOICE=YES
fi
done
if [[ "$SITE" == "A" ]]; then
if [[ -n $LOGFILE ]] && [[ -n $VTS ]]; then
echo "`$VTS`:$0:User [$SUSER] Input - user selected [A] for unlisted site." | $LOG1
fi
read -p "Please provide the unlisted Big Brother site number (00 if unknown): " BBSN
if [[ -n $LOGFILE ]] && [[ -n $VTS ]]; then
echo "`$VTS`:$0:User [$SUSER] Input [Unlisted site number?] value entered: \"$BBSN\"" | $LOG1
fi
if [[ -z $BBSN ]]; then
BBSN=00
fi
SITE=$BBSN
read -p "Please provide the unlisted site name (ex. GLC01): " SITENAME
if [[ -n $LOGFILE ]] && [[ -n $VTS ]]; then
echo "`$VTS`:$0:User [$SUSER] Input [Unlisted site name?] value entered: \"$SITENAME\"" | $LOG1
fi
if [[ -z $SITENAME ]]; then
SITENAME=UNK00
fi
else
SITENAME=`grep "^${SITE}:" $SITELIST | awk -F':' '{print $2}' | awk -F'(' '{print $1}'`
fi
echo "SITENUM=$SITE" >> $SSO
echo "SITENAME=$SITENAME" >> $SSO
# Populate legacy locations with the site number
if [[ ! -d /usr/eos/data/ ]]; then mkdir -p /usr/eos/data; fi
echo "site $SITE" > /usr/eos/data/expcfg
echo "$SITE" >/etc/sitenum
# Get Business Unit;
echo "Which Business Unit owns the server?"
echo ""
echo " 1) Corporate (eitcorp)"
echo " 2) Intercall (intercall)"
echo " 3) WIC (wic)"
echo " 4) WBS (wbs)"
echo " 5) WAN (wan)"
echo ""
VC2=NO
while [[ $VC2 != YES ]]; do
read -p "Select 1-5: " BUNUM
if [[ -n $LOGFILE ]] && [[ -n $VTS ]]; then
echo "`$VTS`:$0:User [$SUSER] Input [Business Unit 1=CORP 2=ITC 3=WIC 4=WBS 5=WAN] provided answer \"$BUNUM\"" | $LOG1
fi
if [[ $BUNUM -lt 1 ]] || [[ $BUNUM -gt 5 ]]; then
echo "\"$BUNUM\" is not a valid choice, please select 1-5."
if [[ -n $LOGFILE ]] && [[ -n $VTS ]]; then
echo "`$VTS`:$0:Invalid User [$SUSER] Input [Business Unit 1=CORP 2=ITC 3=WIC 4=WBS 5=WAN] provided answer \"$BUNUM\"" | $LOG1
fi
read -p "Press Enter to continue. " JUNK
unset BUNUM
tput cuu1; tput el; tput cuu1; tput el; tput cuu1; tput el
else
VC2=YES
fi
done
case $BUNUM in
1) BU=eitcorp
;;
2) BU=intercall
;;
3) BU=wic
;;
4) BU=wbs
;;
5) BU=wan
;;
*) if [[ -n $LOGFILE ]] && [[ -n $VTS ]]; then
echo "`$VTS`:$0:Business Unit validation failure, please debug this script." | $LOG1
fi
exit 10
;;
esac
echo "BU=$BU" >> $SSO
# Ask if the server is supported by EIT or the BU
EITSUPPORT=YES
if [[ "$BU" != "eitcorp" ]]; then
VC4=NO
while [[ $VC4 != YES ]]; do
read -p "Is this server supported by EIT? (Y/N): " EITSUPPORT
if [[ -n $LOGFILE ]] && [[ -n $VTS ]]; then
echo "`$VTS`:$0:User [$SUSER] Input [supported by EIT?] value entered \"$EITSUPPORT\"" | $LOG1
fi
if [[ -n `echo $EITSUPPORT | grep -i "^y"` ]]; then
VC4=YES
EITSUPPORT=YES
elif [[ -n `echo $EITSUPPORT | grep -i "^n"` ]]; then
VC4=YES
EITSUPPORT=NO
else
echo "Error: [$EITSUPPORT] is not a valid response, please select Y or N."
if [[ -n $LOGFILE ]] && [[ -n $VTS ]]; then
echo "`$VTS`:$0:Invalid User [$SUSER] Input [supported by EIT?] provided answer \"$EITSUPPORTED\"" | $LOG1
fi
read -p "Press Enter to continue. " JUNK
unset EITSUPPORT
tput cuu1; tput el; tput cuu1; tput el; tput cuu1; tput el
fi
done
fi
echo "EITSUPPORT=$EITSUPPORT" >> $SSO
# If the BU is "intercall" see if we're on the ITC network.
ITC=NO
echo ""
if [[ "$BU" == "intercall" ]]; then
VC3=NO
while [[ $VC3 != YES ]]; do
read -p "Is this server on the Intercall domain? (Y/N): " ITC
if [[ -n $LOGFILE ]] && [[ -n $VTS ]]; then
echo "`$VTS`:$0:User [$SUSER] Input [on intercall domain?] value entered \"$ITC\"" | $LOG1
fi
if [[ -n `echo $ITC | grep -i "^y"` ]]; then
VC3=YES
ITC=YES
elif [[ -n `echo $ITC | grep -i "^n"` ]]; then
VC3=YES
ITC=NO
else
echo "Error: [$ITC] is not a valid response, please select Y or N."
if [[ -n $LOGFILE ]] && [[ -n $VTS ]]; then
echo "`$VTS`:$0:Invalid User [$SUSER] Input [On Intercall domain?] provided answer \"$ITC\"" | $LOG1
fi
read -p "Press Enter to continue. " JUNK
unset ITC
tput cuu1; tput el; tput cuu1; tput el; tput cuu1; tput el
fi
done
fi
echo "ITC=$ITC" >> $SSO
# If this is a VM, then ask for the cluster or VCENTER name
if [[ "`f_DetectVM`" == "TRUE" ]]; then
read -p "Please provide the VCenter or Cluster name for this server: " VCN
if [[ -n $LOGFILE ]] && [[ -n $VTS ]]; then
echo "`$VTS`:$0:User [$SUSER] Input [VCenter or Cluster name?] value entered \"$VCN\"" | $LOG1
fi
echo "VCN=$VCN" >> $SSO
else
echo "VCN=N/A" >> $SSO
fi
# Ask about the purpose of the server
echo ""
echo "What will this server be used for?"
read -p "A short description such as \"Web Server\": " PURPOSE
if [[ -z $PURPOSE ]]; then
PURPOSE=UNSET
if [[ -n $LOGFILE ]] && [[ -n $VTS ]]; then
echo "`$VTS`:$0:Info - User [$SUSER] declined to provide a purpose for the server" | $LOG1
fi
else
if [[ -n $LOGFILE ]] && [[ -n $VTS ]]; then
echo "`$VTS`:$0:User [$SUSER] Input [Server Purpose?] value entered \"$PURPOSE\"" | $LOG1
fi
fi
echo "PURPOSE=$PURPOSE" >> $SSO
###########NON-INTERACTIVE DETAILS##############
HN=`hostname`
CL=`uname -s`
if [[ "`f_DetectVM`" != "TRUE" ]]; then
FAMILY="Hardware.Server"
else
FAMILY="Hardware.Virtual Machine"
fi
SERIAL=`dmidecode | awk /"System Information"/,/"Serial Number"/ | grep "Serial Number" | awk -F':' '{print $NF}'`
PUBIF=`f_FindPubIF`
if [[ "$PUBIF" != "FAILURE" ]]; then
if [[ -f "/sys/class/net/${PUBIF}/address" ]]; then
MACADDR=`cat /sys/class/net/${PUBIF}/address`
else
MACADDR=UNKNOWN
fi
MACADDR=UNKNOWN
fi
NAME=`hostname | awk -F'.' '{print $1}'`
FQDN=`host $HN | awk '{print $1}'`
PTYPE=`dmidecode -t4 | grep Family: | awk -F': ' '{print $2}' | head -1`
PCACHESIZEK=`grep "cache size" /proc/cpuinfo | head -1 | awk '{print $4}'`
if [[ $PCACHESIZEK -lt 1024 ]]; then
PCACHESTRING="${PCACHESIZEK}K"
else
PCACHESTRING="$( expr $PCACHESIZEK / 1024 )M"
fi
# Add non-interactive details to SSO
echo "CLASS=Linux" >> $SSO
echo "FAMILY=${FAMILY}" >> $SSO
echo "NAME=${NAME}" >> $SSO
echo "SERIAL=${SERIAL}" >> $SSO
echo "DNS_HOSTNAME=${FQDN}" >> $SSO
echo "MAC_ADDRESS=${MACADDR}" >> $SSO
echo "PROCESSOR_TYPE=${PTYPE}" >> $SSO
echo "PROCESSOR_CACHE=${PCACHESTRING}" >> $SSO
exit
Name = linux1410
Class = Linux
Family = Hardware.Server
Host Name = linux1410
Serial Number = KQ300F4
MAC Address = e4:1f:13:6a:e7:3c
DNS Name = linux1410.wic.west.com
EIT Managed? = !!UNKNOWN!!
NOTES = !!UNKNOWN!!
Environment = !!UNKNOWN!!
1. CMDB Attributes
1. Attributes
Memory Installed = 12GB
Memory Capacity = 18 slots
Disk Capacity = 1196.0GB
Processor Type = Xeon MP
Processor Cache = 12GB
Processor Speed = 2670 MHz
Processor Sockets = 2
Number of Physical Processors Installed = 2
Number of Cores per Processor =
Number of Memory Slots = 18
OS Version = RHEL6
Primary Application = Admin Server
6. Inventory
IP Address = 10.27.110.84
Install Date = 05/23/2013 10:27 AM
2. Contacts
1. Contacts
Support Group = !!UNKNOWN!!
Name = swtest-6464v
Class = Linux_VM
Family = Hardware.Virtual Machine
Host Name = swtest-6464v
Serial Number = VMware-42 18 d0 84 af eb a8 17-29 ec f0 78 67 66 49 5e
Virtual MAC Address = 00:50:56:98:4d:83
Virtual Host Name = Host
EIT Managed? = !!UNKNOWN!!
NOTES = !!UNKNOWN!!
Environment = !!UNKNOWN!!
1. CMDB Attributes
1. Attributes
Memory Installed = 8GB
Disk Capacity = 1105.2GB
Processor Type = Pentium Pro
Processor Speed = 2533 MHz
Number of Virtual Processors = 2
Memory Minimum = 2GB
Memory Allocated = 8GB
Host = !!UNKNOWN!!
OS Version = RHEL6
Primary Application = Samson's Test Box
Cluster Name = !!UNKNOWN!!
6. Inventory
IP Address = 10.50.66.136
Installation Date = 02/06/2014 04:13 PM
2. Contacts
1. Contacts
Support Group = !!UNKNOWN!!