#!/bin/bash

# Update latest patch
yum update -y

# Add EPEL Repo
wget http://ftp.riken.jp/Linux/fedora/epel/RPM-GPG-KEY-EPEL-6
rpm --import RPM-GPG-KEY-EPEL-6
rm -f RPM-GPG-KEY-EPEL-6
echo '[epel]' >> /etc/yum.repos.d/epel.repo
echo 'name=EPEL RPM Repository for Red Hat Enterprise Linux' >> /etc/yum.repos.d/epel.repo
echo 'baseurl=http://ftp.riken.jp/Linux/fedora/epel/6/$basearch/' >> /etc/yum.repos.d/epel.repo
echo 'gpgcheck=1' >> /etc/yum.repos.d/epel.repo
echo 'enabled=0' >> /etc/yum.repos.d/epel.repo

# Add CloudStack Repo
echo '[cloudstack]' >> /etc/yum.repos.d/cloudstack.repo
echo 'name=cloudstack' >> /etc/yum.repos.d/cloudstack.repo
echo 'baseurl=http://cloudstack.apt-get.eu/centos/6/4.6/' >> /etc/yum.repos.d/cloudstack.repo
echo 'gpgcheck=0' >> /etc/yum.repos.d/cloudstack.repo
echo 'enabled=1' >> /etc/yum.repos.d/cloudstack.repo

# Disable tunnelled clear text passwords
sed -i.org -e "s/PasswordAuthentication yes/PasswordAuthentication no/g" /etc/ssh/sshd_config
service sshd restart

# Change to Japanese locale
yum groupinstall "Japanese Support" -y 
sed -i.org -e "s/en_US.UTF-8/ja_JP.UTF-8/g" /etc/sysconfig/i18n

# Change to JST time zone
rm -f /etc/localtime
ln -s /usr/share/zoneinfo/Asia/Tokyo /etc/localtime

# Configure SELinux to be permissive
setenforce 0

# Install NTP
yum install ntp -y
chkconfig ntpd on
service ntpd start

# install vhd-util (XenServerを利用する時のみ)
wget http://download.cloud.com.s3.amazonaws.com/tools/vhd-util
mv vhd-util /usr/share/cloudstack-common/scripts/vm/hypervisor/xenserver/

# Install MySQL
yum install mysql-server -y
chkconfig mysqld on
service mysqld start

# Install CloudStack management server
yum install cloudstack-management -y

# Configure Linux Firewall
# --- CAUTION --- Change to deny access from public address
# 1883: Mosquitto
# 5001: iperf
# 1880: Node-RED
# 27017: MongoDB
iptables -A INPUT -s 10.0.0.0/8 -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT
#iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 1883 -j ACCEPT
#iptables -A INPUT -m state --state NEW -m tcp -p tcp --sport 1883 -j ACCEPT
#iptables -A INPUT -m state --state NEW -m udp -p udp --dport 1883 -j ACCEPT
#iptables -A INPUT -m state --state NEW -m udp -p udp --sport 1883 -j ACCEPT
#iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 1880 -j ACCEPT
#iptables -A INPUT -m state --state NEW -m tcp -p tcp --sport 1880 -j ACCEPT
#iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 27017 -j ACCEPT
#iptables -A INPUT -m state --state NEW -m tcp -p tcp --sport 27017 -j ACCEPT
iptables -A INPUT -s 0.0.0.0/0 -d 0.0.0.0/0 -p all -j REJECT
service iptables save

# End
echo "****************************************************************************" >> /etc/motd
echo "  Provisioning was successful" >> /etc/motd
echo "  1) Setup OS (Network, NTP)" >> /etc/motd
echo "  2) Check accessibility to Primary and Secondary storages" >> /etc/motd
echo "  3) Download System VM template" >> /etc/motd
echo "  4) Access http://ipaddress:8080/client/ and setup cloudstack network" >> /etc/motd
echo "****************************************************************************" >> /etc/motd
history -c