#!/bin/sh # # Sciri's totally unsupported Ubuntu 8.04 (Hardy Heron) installer for # ServerBeach RapidRescue. # # sb-install-hardy.sh Version 20080718a # # Sean Sosik-Hamor # http://people.ubuntu.com/~sciri/ # # Please read and understand this script before executing it! There is very # little sanity checking and this script is a pretty awful hack. The only # thing I guarantee is that this script will format your hard drives, destroy # your data, eat your babies, and overwrite your MBR with fail. ;) Actually, # formatting your hard drives is the first thing this script does. # # Running this script on a live production server is most definitely a career- # ending action. # # Caveats: # # * 32-bit only (ServerBeach RapidRescue does not support 64-bit) # * Only tested on a Dell PowerEdge 440; you're on your own for anything else # * It appears that RapidRescue uses a static SSH private key # * I enable ufw and only allow connections on port 22; man ufw for more info # * Did I mention you should read and understand the script? # # Usage: # # Login to MyServerBeach and RapidRescue your system. If you don't know how # how to RapidRescue your system then you shouldn't be running this script. # Once you login to sbrescue, execute the following: # # root@sbrescue:/# wget http://people.ubuntu.com/~sciri/src/sb-install-hardy.sh # root@sbrescue:/# chmod 755 sb-install-hardy.sh # # root@sbrescue:/# vi sb-install-hardy.sh # Configure this script using your network settings otherwise you'll end up # with a really expensive paperweight. # # root@sbrescue:/# ./sb-install-hardy.sh # # The initial sb-install-hardy.sh script will overwrite your partition table # with sfdisk, format a single drive, debootstrap an ubuntu-minimal install, # and prompt you for a root password. For the paranoid, choose a temporary # root password due to the fact that sbrescue uses the same static SSH private # key for every customer. # # Reboot, wait a few minutes, SSH to your server as root, and execute the # following: # # root@colo2:~# ./sb-bringup-hardy.sh # root@colo2:~# passwd # # The sb-bringup-hardy.sh script will aptitude an ubuntu-standard install, # install enough packages to make the system usable, and do a few things I # like for my servers. # # Once sb-bringup-hardy.sh completes execute passwd to set a real root # password, then reboot. # # Again, read the script and make sure it's doing what you want. # # Notes: # # You will be asked two questions about postfix and uswsusp while during the # sb-bringup-hardy.sh step. If you don't know how to answer, simply select # "No configuration" for postfix and "Continue without a valid swap space" for # uswsusp. You can change this later with dpkg-reconfigure. # # Configuration: # # Configure Network IP_HOST=yourbox IP_DOMAIN=example.com IP_FQDN=$IP_HOST.$IP_DOMAIN IP_ADDRESS=10.3.2.3 IP_NETMASK=255.255.255.0 IP_BROADCAST=10.3.2.255 IP_GATEWAY=10.3.2.1 IP_DNS1=72.51.32.92 IP_DNS2=72.51.32.76 # Configure Timezone TZ=America/New_York # Configure Disk in Megabytes. HD_ROOT will always fill the remaining space # no matter what you set here. If you want more flexability, have fun editing # the script. :) HD_DEV=/dev/sda HD_BOOT_SIZE=256 HD_SWAP_SIZE=4096 HD_ROOT_SIZE=fill # Change $REALLYINSTALL to yes after reading, understanding, and configuring # this script! REALLYINSTALL=no # Do not edit below this line unless you're a masochist. :D # # Setup variables you probably don't want to touch. HD_BOOT=${HD_DEV}1 HD_SWAP=${HD_DEV}2 HD_ROOT=${HD_DEV}3 DESTDIR=/mnt/ubuntu export LC_ALL=C if [ "$REALLYINSTALL" != "yes" ]; then echo "You didn't actually read the script, did you? Exiting!" exit 1 fi # Partition the disk. sfdisk $HD_DEV -uM -O /tmp/oldpart.save < $DESTDIR/etc/apt/sources.list deb http://archive.ubuntu.com/ubuntu/ hardy main universe restricted multiverse deb-src http://archive.ubuntu.com/ubuntu/ hardy main universe restricted multiverse deb http://security.ubuntu.com/ubuntu/ hardy-security main universe restricted multiverse deb-src http://security.ubuntu.com/ubuntu/ hardy-security main universe restricted multiverse deb http://archive.ubuntu.com/ubuntu/ hardy-updates main universe restricted multiverse deb-src http://archive.ubuntu.com/ubuntu/ hardy-updates main universe restricted multiverse EOF cat $DESTDIR/etc/apt/sources.list echo; echo "*** Configuring timezone..." cat << EOF > $DESTDIR/etc/timezone $TZ EOF cat $DESTDIR/etc/timezone echo; echo "*** Configuring hostname..." cat << EOF > $DESTDIR/etc/hostname $IP_HOST EOF cat $DESTDIR/etc/hostname echo; echo "*** Configuring hosts..." cat << EOF > $DESTDIR/etc/hosts 127.0.0.1 localhost $IP_ADDRESS $IP_FQDN EOF cat $DESTDIR/etc/hosts echo; echo "*** Configuring fstab..." cat << EOF > $DESTDIR/etc/fstab $HD_BOOT /boot ext3 defaults 0 1 $HD_SWAP none swap sw 0 0 $HD_ROOT / ext3 defaults 0 1 EOF cat $DESTDIR/etc/fstab echo; echo "*** Configuring interfaces..." cat << EOF > $DESTDIR/etc/network/interfaces auto lo iface lo inet loopback auto eth0 iface eth0 inet static address $IP_ADDRESS netmask $IP_NETMASK broadcast $IP_BROADCAST gateway $IP_GATEWAY EOF cat $DESTDIR/etc/network/interfaces echo; echo "*** Configuring resolv.conf..." cat << EOF > $DESTDIR/etc/resolv.conf search $IP_DOMAIN nameserver $IP_DNS1 nameserver $IP_DNS2 EOF cat $DESTDIR/etc/resolv.conf echo; echo "*** Creating sb-postinstall-hardy.sh..." cat << EOF > $DESTDIR/root/sb-postinstall-hardy.sh export HD_DEV=$HD_DEV export LC_ALL=C dpkg-reconfigure locales aptitude update aptitude -y install grub linux-image-server openssh-server libssl openssh-blacklist openssl-blacklist update-manager-core grep -v rootfs /proc/mounts > /etc/mtab grub-install --no-floppy $HD_DEV update-grub -y echo; echo "*** Setting temporary root password! I need input from you now!" passwd exit EOF cat << EOF > $DESTDIR/root/sb-bringup-hardy.sh export LC_ALL=C echo "deb http://landscape.canonical.com/packages/hardy ./" > /etc/apt/sources.list.d/landscape.list gpg --keyserver-options http-proxy --keyserver keyserver.ubuntu.com --recv-key C605E80D gpg --armor --export C605E80D | apt-key add - aptitude update aptitude -y install landscape-client ubuntu-standard bzr bzrtools iptables ufw ubuntu-dev-tools build-essential ufw allow 22/tcp ufw enable cd /etc bzr init chgrp -R adm .bzr chmod -R g+w,o-rwx .bzr find .bzr -type d | xargs chmod g+s bzr ignore ld.so.cache bzr ignore adjtime bzr ignore '*-' bzr ignore apache2/ssl bzr ignore blkid.tab.old bzr ignore '*.dpkg-new' bzr add bzr commit -m 'Initial import of /etc.' echo 'DPkg::Post-Invoke {"if [ -d /etc/.bzr ]; then LANG=C /usr/bin/bzr st /etc; fi";};' > /etc/apt/apt.conf.d/99etcinbzr bzr add bzr commit -m 'Added 99etcinbzr.' echo ufw status echo "*** man ufw for more info on firewall configuration..." echo echo "*** That should pretty much be it! You should set a permanent root" echo "*** password and reboot now..." EOF chmod 755 $DESTDIR/root/sb-postinstall-hardy.sh chmod 755 $DESTDIR/root/sb-bringup-hardy.sh chroot $DESTDIR /root/sb-postinstall-hardy.sh cat << EOF ***************************************************************************** *** Initial ubuntu-minimal debootstrap complete! Reboot the server, login *** *** as root, and execute: *** *** *** *** /root/sb-bringup-hardy.sh *** ***************************************************************************** EOF