Skip to main content

"finish" script for RHEL 6.3 x86_64

Issue: As powerful and inclusive as RHEL is for a server, it still needs a few tweaks to make it functional as a desktop.  I end up rebuilding my primary machine often enough that I decided I needed a finish script.


#!/bin/sh
PWD=`pwd`
DATE=`date +%Y%m%d`
ARCH=`uname -p`

# ******************************
# Setup local user(s)
# Add the admin/redacted Groups and redacted User - if not already there.
# ******************************
if [ -d /home/redacted ]
then
  echo "mv /home/redacted /home/redacted.${DATE} "
  exit 9
  mv /home/redacted /home/redacted.${DATE}
fi

getent group admin >/dev/null || groupadd -g 6969 admin

getent group redacted >/dev/null || groupadd -g 2025 redacted
getent passwd redacted >/dev/null || useradd -g 2025 -u 2025 -G admin -s /bin/bash -c "Redacted" -d /home/redacted -p '$6$KumYpty4aMKx8Jp/$<ENCRYPTED PASSPHRASE HERE>.' redacted


# UPDATE THE SUDOERS FILE
cat << EOF >> /etc/sudoers

# Added for local admins
%admin  ALL=(ALL)       NOPASSWD: ALL
EOF

# Turn off the background that changes based on time-of-day
mv /usr/share/backgrounds/default.xml /usr/share/backgrounds/default.xml.orig
cat << EOF > /usr/share/backgrounds/default.xml
<background>
    <starttime>
            <year>2010</year>
            <month>03</month>
            <day>01</day>
            <hour>07</hour>
            <minute>00</minute>
            <second>00</second>
    </starttime>
    <static>
        <duration>86400.00</duration>
        <file>
            <size width="1600" height="900">/usr/share/backgrounds/default.png</size>
        </file>
    </static>
</background>
EOF
sed -i -e 's/hiddenmenu/\#hiddenmenu/g' /boot/grub/grub.conf
mv /usr/share/backgrounds/default.png /usr/share/backgrounds/default.png.orig
find /home -name Redhat-wave.png -exec cp {} /usr/share/backgrounds/default.png \;

# ******************************
# MANAGE UPDATES AND REPOS
# ******************************
yum -y install yum-plugin-fastestmirror
echo "NOTICE: registering with RHN"
rhnreg_ks --activationkey=<ACTIVATION KEY HERE> --profilename=neo.matrix.private
yum list > /var/tmp/yum_list.base
echo "        adding optional and supplementary REPO"
rhn-channel -v -u redacted@domain.com -a -c rhel-x86_64-workstation-optional-6 -a -c rhel-x86_64-workstation-supplementary-6

# EPEL REPO
echo "        adding EPEL REPO"
case $ARCH  in
  x86_64)
    rpm -ivh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
  ;;
  i386)
    rpm -Uvh http://download.fedora.redhat.com/pub/epel/6/i386/epel-release-6-5.noarch.rpm
  ;;
  *)
    echo "ERROR: EPEL REPO not added.  Unknown Architecture"
  ;;
esac
#yum list > /var/tmp/yum_list.epel

# # # # # # #
#  So - the verdict is still out whether I should use rpmfusion, or rpmforge.. or EPEL...
# 20120704 - Use RPMfusion and EPEL
# # # # # # #
# Do this so your machine does not end up COMPLETELY HOSED!
# I think priorities is more effective
yum -y install yum-plugin-priorities
# OR
#ALT: yum -y install yum-protectbase

# INSTALL ALL THE GOOD STUFF (RPMFUSION)
# http://rpmfusion.org/Configuration/
echo "        adding RPMFUSION REPO"
case $ARCH  in
  x86_64)
    rpm -Uvh http://download1.rpmfusion.org/free/el/updates/6/x86_64/rpmfusion-free-release-6-1.noarch.rpm http://download1.rpmfusion.org/nonfree/el/updates/6/x86_64/rpmfusion-nonfree-release-6-1.noarch.rpm

#http://download1.rpmfusion.org/free/el/updates/testing/6/x86_64/rpmfusion-free-release-6-0.1.noarch.rpm http://download1.rpmfusion.org/nonfree/el/updates/testing/6/i386/rpmfusion-nonfree-release-6-0.1.noarch.rpm
  ;;
  i386)
    rpm -Uvh http://download1.rpmfusion.org/free/el/updates/testing/6/i386/rpmfusion-free-release-6-0.1.noarch.rpm http://download1.rpmfusion.org/nonfree/el/updates/testing/6/i386/rpmfusion-nonfree-release-6-0.1.noarch.rpm
  ;;
  *)
    echo "ERROR: Unsupported Architecture: $ARCH"
  ;;
esac
#yum list > /var/tmp/yum_list.rpmfusion

# RPMFORGE REPO
# http://wiki.centos.org/AdditionalResources/Repositories/RPMForge
#rpm --import http://apt.sw.be/RPM-GPG-KEY.dag.txt
#wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
#rpm -ihv rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
# SETUP REPO PRIORITIES
#sed -i -e '7ipriority=1' /etc/yum.repos.d/rhel-source.repo
#echo "priority=10" >> /etc/yum.repos.d/rhel-source.repo
#sed -i -e '9ipriority=2' /etc/yum.repos.d/epel.repo

# OTHER 3rd-PARTY REPOs
# Add Google stuff
wget https://dl-ssl.google.com/linux/linux_signing_key.pub
rpm --import linux_signing_key.pub

case $ARCH in
  i386)
# Google - i386
cat << EOF > /etc/yum.repos.d/google-i386.repo
[google]
name=Google - i386
baseurl=http://dl.google.com/linux/rpm/stable/i386
enabled=1
gpgcheck=1
gpgkey=https://dl-ssl.google.com/linux/linux_signing_key.pub
EOF
  ;;
  x86_64)
# Google - x86_64
cat << EOF > /etc/yum.repos.d/google-x86_64.repo
[google64]
name=Google - x86_64
baseurl=http://dl.google.com/linux/rpm/stable/x86_64
enabled=1
gpgcheck=1
gpgkey=https://dl-ssl.google.com/linux/linux_signing_key.pub
EOF
  ;;
esac

# ******************************
# PACKAGE MGMT
# ******************************
yum -y install sysfsutils sysstat git intltool nmap autofs policycoreutils-gui glib glib-devel glib2-devel gtk+-devel gconf-editor compizconfig-backend-gconf ntfs-3g PackageKit-gtk-module.i686 pptp NetworkManager-pptp spice-xpi spice-client icedtea-web

yum -y install compiz-fusion compiz-fusion-extras compiz-fusion-gnome gconf-editor compizconfig-backend-gconf ccsm

yum -y install gcc cmake kernel-headers kernel-devel gcc-c++ iotop policycoreutils-python
#KVM# yum -y install libvirt kvm qemu-kvm qemu-kvm-tools virt-manager virt-v2v virt-viewer virt-top

yum --disablerepo=epel -y install rdesktop virt-viewer virt-manager freerdp freerdp-devel tsclient sysfsutils iotop sysstat git intltool nmap autofs policycoreutils-gui rdesktop virt-viewer virt-manager openssh-askpass gimp

grep -E '(vmx|svm)' --color=always /proc/cpuinfo
if [ $? -eq 0 ]
then
  VIRTOK=1
  echo "64-bit Virtualization is possible on this machine."
  echo "Installing KVM Virtualization Engine"
  yum -y install libvirt libvirt-python python-virtinst libvirt-client kvm qemu-kvm virt-v2v virt-top
    touch /dev/shm/notbeenrebooted
  yum -y  install samba libsmbclient samba-client samba-common samba-winbind-clients
else
  echo "64-bit Virtualization is NOT possible on this machine."
fi

# Google Apps
yum -y install google-chrome-stable
#yum -y install google-desktop-linux
#yum -y install google-gadgets google-gadgets-gtk
# KDE- google-gadgets-qt

# INSTALL ADOBE
yum install http://linuxdownload.adobe.com/adobe-release/adobe-release-x86_64-1.0-1.noarch.rpm
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-adobe-linux
yum -y install flash-plugin

# MISC (mostly audio-type stuff)
yum -y install id3lib mesa-demos mesa-libGL
yum -y install gstreamer-plugins-bad-free gstreamer-plugins-bad-free-extras gstreamer-plugins-base phonon-backend-gstreamer
yum -y install gstreamer*x86_64
yum -y install lame lame-devel lame-mp3x lame-libs
yum -y install esound-devel esound-libs esound-tools libvorbis-devel alsa-plugins-* alsamixer*

yum -y install gstreamer-plugins-ugly gstreamer-ffmpeg two-lame

yum clean all
yum -y update
#yum check-update

if [ -f /etc/init.d/libvirtd ]
then
  sed -i -e '141i\iptables --insert INPUT 5 -s 192.168.122.0/24 -j ACCEPT' /etc/init.d/libvirtd
fi

# CONFIGURE SAMBA
mv /etc/samba/smb.conf /etc/samba/smb.conf.orig
cat << EOF > /etc/samba/smb.conf
[global]
        workgroup = VM
        server string = Samba Server Version %v
        netbios name = NEO
;       interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
        hosts allow = 127. 192.168.122.
        log file = /var/log/samba/log.%m
        max log size = 50
        security = user
        passdb backend = tdbsam
        domain master = yes
        local master = yes
        os level = 33
        preferred master = yes
        wins support = yes
        wins proxy = yes
        dns proxy = yes
[homes]
        comment = Home Directories
        browseable = no
        writable = yes
        valid users = redacted
EOF
setsebool -P samba_enable_home_dirs on
setsebool -P samba_export_all_rw on

chkconfig smb on; chkconfig nmb on
service smb start; service nmb start

# For NixNote
yum -y install openssl098e openssl-devel perl-TermReadKey
# End of the "automated" stuff...
exit 0

# ******************************
#  Random stuff which will make life hell...
# Use XMMS if you can't get anything else working
# ******************************
# Enable MP3 playback
yum -y install esound-devel esound-libs esound-tools libvorbis-devel alsa-plugins-*
mkdir XMMS; cd XMMS
wget http://www.xmms.org/files/1.2.x/xmms-1.2.11.tar.gz
wget http://files.softicons.com/download/system-icons/human-o2-icons-by-oliver-scholtz/png/32x32/apps/xmms.png
cp xmms.png /usr/share/icons/hicolor/32x32/apps/
tar -xvzf xmms-1.2.11.tar.gz
cd  xmms-1.2.11
./configure && make && make install
cd $PWD

exit 0

Labels:

Comments

Post a Comment

Popular posts from this blog

P2V using dd for KVM-QEMU guest

Preface: I have certainly not exhaustively tested this process.  I had a specific need and found a specific solution that worked. Situation:  I was issued a shiny new laptop running Red Hat Enterprise Linux 7 (with Corp VPN, certs, Authentication configuration, etc...)  The image was great, but I needed more flexibility on my bare metal.  So, my goal was to P2V the corporate image so I could just run it as a VM. * Remove corporate drive and install new SSD * install corp drive in external USB-3 case * Install RHEL 7 on new SSD * dd old drive to a disk-image file in a temp location which will be an image which is the same size as your actual drive (unless you have enough space in your destination to contain a temp and converted image) * convert the raw disk-image to a qcow file while pushing it to the final location - this step should reduce the disk size - however, I believe it will only reduce/collapse zero-byte blocks (not just free space - i.e. if you de...
1 comment
Read more

Extending SNMP to run arbitrary shell script

Why are we here... This is not likely something I would have pursued under normal circumstances.  I happen to be working for a customer/client who is not afforded a lot of flexibility to accomplish their goals.  In this case, the rigor is justified.  They have to sometimes be fairly creative with how they solve problems. In this case they would like to utilize an existing snmp implementation to execute a command (or shell script) on a remote system.  They came to me with the idea of using Net-SNMP extend. https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/sect-System_Monitoring_Tools-Net-SNMP-Extending.html NOTE:  This is NOT a good implementation strategy in the "real world"  it will simply allow you to test the functionality.  There are a TON of security implications which would need to be taken in to consideration. Implementation Steps: [root@rh7tst01 ~]# yum -y install net-snmp net-snmp-utils ...
Post a Comment
Read more

RHN Satellite Server (spacewalk) repomd.xml not found

"repomd.xml not found" If you add a channel, or if your RHN cache gets corrupted, and one of your guests complains that it cannot find repomd.xml for jb-ews-2-x86_64-server-5-rpm (for example) - you need to rebuild your repodata cache. Normally this is an automated job - which is exemplified by the fact that you have obviously built out your entire Satellite environment and never had to do any of the steps you are about to do. So - some prep work: Open 3 terminals to your Satellite Server and run: # Term 1 cd /var/cache/rhn watch "ls -l | wc -l" # Term 2 pwd cd /var/log/rhn tail -f rhn_taskomatic_daemon.log # Term 3 satellite-sync --channel=jb-ews-2-x86_64-server-5-rpm Once the satellite-sync has completed, you >should< see the count increment by one.  If you are unlucky (like me) you will not. You then need to login to the Satellite WebUI as the satellite admin user. Click on the Admin tab (at the top) Task Schedules (on the left) fin...
Post a Comment
Read more