www.bonsaiframework.com
Page tree
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 8 Next »

Starting to put together a script to be converted into Chef for setup of server using Bonsaiframework approach,

#!/bin/bash 
# This is not yet ready to use.
#
# MINIMAL SOFTWARE ON HOST
#
sudo apt-get --assume-yes install ntp
sudo apt-get update
sudo apt-get --assume-yes dist-upgrade
sudo apt-get --assume-yes install wget man htop ntp

#
# allow staff to use sudo 
#

# convert to script similar to below for allow users root for staff
sudo visudo -f /etc/sudoers.d/01_bonsai_disable_password_auth

#
# SSH for HOST and CONTAINER
#
# install ssh
sudo apt-get --assume-yes install ssh
# disable ssh user password authentication
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.2011-02-12.v0.0.tinpham_about_to_disable_password_auth.bck
sudo sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config
# ubuntu 14.04 seems to have slow ssh connection issues, fix by removing dns checking
# only do if you notice it is slow
echo '# Disable reverse DNS lookup to prevent slow login' | sudo tee -a /etc/ssh/sshd_config
echo 'UseDNS no' | sudo tee -a /etc/ssh/sshd_config
#
# MINIMAL SOFTWARE ON CONTAINER
#
sudo apt-get --assume-yes install mlocate
#
# ACCOUNTS
#
# Create Staff Users
sudo useradd -d /home/tin.pham -m -g staff -u 2000 -c "Support Tin Pham" -s /bin/bash tin.pham
sudo usermod -a -G adm tin.pham
sudo passwd tin.pham
sudo su - tin.pham
mkdir ~/.ssh
chmod 700 ~/.ssh
touch ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
cd ~/.ssh
wget www.bonsaiframework.com/tscripts/publicKey.tin.pham
cat publicKey.tin.pham >> authorized_keys
rm publicKey.tin.pham
sudo useradd -d /home/roderick.fongyee -m -g staff -u 2505 -c "Support Roderick Fongyee" -s /bin/bash roderick.fongyee
sudo usermod -a -G adm roderick.fongyee
sudo passwd roderick.fongyee
sudo su - roderick.fongyee
mkdir ~/.ssh
chmod 700 ~/.ssh
touch ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
cd ~/.ssh
wget www.bonsaiframework.com/tscripts/publicKey.roderick.fongyee
cat publicKey.roderick.fongyee >> authorized_keys
rm publicKey.roderick.fongyee

# allow staff users to have root access
# FIX: Commands should use absolute, not relative paths
cd /etc/sudoers.d/
sudo wget www.bonsaiframework.com/tscripts/01_enable_sudo_for_staff
sudo chmod o-r 01_enable_sudo_for_staff

sudo addgroup --gid 3000 serveradmin
sudo useradd -d /home/serveradmin -m -g serveradmin -u 3000 -c "Admin catch-all" -s /bin/bash serveradmin
sudo usermod -a -G adm serveradmin
sudo passwd serveradmin
# add public key here if intention is to allow remote login
sudo su - serveradmin
mkdir ~/.ssh
chmod 700 ~/.ssh
touch ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
cd ~/.ssh
wget www.bonsaiframework.com/tscripts/publicKey.serveradmin
cat publicKey.serveradmin >> authorized_keys
rm publicKey.serveradmin
 
# restart ssh for the change to take effect,
sudo service ssh restart
 
#
# CLEANUP
#
# Logout and delete default ubuntu account for containers
sudo userdel ubuntu
 
  • No labels