#!/bin/bash # Update latest patch yum update -y # Add EPEL Repo wget http://ftp.riken.jp/Linux/fedora/epel/RPM-GPG-KEY-EPEL-6 rpm --import RPM-GPG-KEY-EPEL-6 rm -f RPM-GPG-KEY-EPEL-6 echo '[epel]' >> /etc/yum.repos.d/epel.repo echo 'name=EPEL RPM Repository for Red Hat Enterprise Linux' >> /etc/yum.repos.d/epel.repo echo 'baseurl=http://ftp.riken.jp/Linux/fedora/epel/6/$basearch/' >> /etc/yum.repos.d/epel.repo echo 'gpgcheck=1' >> /etc/yum.repos.d/epel.repo echo 'enabled=0' >> /etc/yum.repos.d/epel.repo # Add CloudStack Repo echo '[cloudstack]' >> /etc/yum.repos.d/cloudstack.repo echo 'name=cloudstack' >> /etc/yum.repos.d/cloudstack.repo echo 'baseurl=http://cloudstack.apt-get.eu/centos/6/4.6/' >> /etc/yum.repos.d/cloudstack.repo echo 'gpgcheck=0' >> /etc/yum.repos.d/cloudstack.repo echo 'enabled=1' >> /etc/yum.repos.d/cloudstack.repo # Disable tunnelled clear text passwords sed -i.org -e "s/PasswordAuthentication yes/PasswordAuthentication no/g" /etc/ssh/sshd_config service sshd restart # Change to Japanese locale yum groupinstall "Japanese Support" -y sed -i.org -e "s/en_US.UTF-8/ja_JP.UTF-8/g" /etc/sysconfig/i18n # Change to JST time zone rm -f /etc/localtime ln -s /usr/share/zoneinfo/Asia/Tokyo /etc/localtime # Configure SELinux to be permissive setenforce 0 # Install NTP yum install ntp -y chkconfig ntpd on service ntpd start # install vhd-util (XenServerを利用する時のみ) wget http://download.cloud.com.s3.amazonaws.com/tools/vhd-util mv vhd-util /usr/share/cloudstack-common/scripts/vm/hypervisor/xenserver/ # Install MySQL yum install mysql-server -y chkconfig mysqld on service mysqld start # Install CloudStack management server yum install cloudstack-management -y # Configure Linux Firewall # --- CAUTION --- Change to deny access from public address # 1883: Mosquitto # 5001: iperf # 1880: Node-RED # 27017: MongoDB iptables -A INPUT -s 10.0.0.0/8 -j ACCEPT iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -p icmp -j ACCEPT iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT #iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 1883 -j ACCEPT #iptables -A INPUT -m state --state NEW -m tcp -p tcp --sport 1883 -j ACCEPT #iptables -A INPUT -m state --state NEW -m udp -p udp --dport 1883 -j ACCEPT #iptables -A INPUT -m state --state NEW -m udp -p udp --sport 1883 -j ACCEPT #iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 1880 -j ACCEPT #iptables -A INPUT -m state --state NEW -m tcp -p tcp --sport 1880 -j ACCEPT #iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 27017 -j ACCEPT #iptables -A INPUT -m state --state NEW -m tcp -p tcp --sport 27017 -j ACCEPT iptables -A INPUT -s 0.0.0.0/0 -d 0.0.0.0/0 -p all -j REJECT service iptables save # End echo "****************************************************************************" >> /etc/motd echo " Provisioning was successful" >> /etc/motd echo " 1) Setup OS (Network, NTP)" >> /etc/motd echo " 2) Check accessibility to Primary and Secondary storages" >> /etc/motd echo " 3) Download System VM template" >> /etc/motd echo " 4) Access http://ipaddress:8080/client/ and setup cloudstack network" >> /etc/motd echo "****************************************************************************" >> /etc/motd history -c