rh_systems() {
# Handle the occurance where SELINUX is actually disabled
- if [ `grep SELINUX=permissive /etc/selinux/config` ]; then
- # make sure that the filesystem is properly labelled.
- # it could be not fully labeled correctly if it was just switched
- # from disabled, the autorelabel misses some things
- # skip relabelling on /dev as it will generally throw errors
- restorecon -R -e /dev /
-
- # enable enforcing mode from the very start
- setenforce enforcing
-
- # configure system for enforcing mode on next boot
- sed -i 's/SELINUX=permissive/SELINUX=enforcing/' /etc/selinux/config
- else
- sed -i 's/SELINUX=disabled/SELINUX=permissive/' /etc/selinux/config
- touch /.autorelabel
-
- echo "*******************************************"
- echo "** SYSTEM REQUIRES A RESTART FOR SELINUX **"
- echo "*******************************************"
- fi
+ SELINUX=$(grep -E '^SELINUX=(disabled|permissive|enforcing)$' /etc/selinux/config)
+ MODE=$(echo "$SELINUX" | cut -f 2 -d '=')
+ case "$MODE" in
+ permissive)
+ echo "************************************"
+ echo "** SYSTEM ENTERING ENFORCING MODE **"
+ echo "************************************"
+ # make sure that the filesystem is properly labelled.
+ # it could be not fully labeled correctly if it was just switched
+ # from disabled, the autorelabel misses some things
+ # skip relabelling on /dev as it will generally throw errors
+ restorecon -R -e /dev /
+
+ # enable enforcing mode from the very start
+ setenforce enforcing
+
+ # configure system for enforcing mode on next boot
+ sed -i 's/SELINUX=permissive/SELINUX=enforcing/' /etc/selinux/config
+ ;;
+ disabled)
+ sed -i 's/SELINUX=disabled/SELINUX=permissive/' /etc/selinux/config
+ touch /.autorelabel
+
+ echo "*******************************************"
+ echo "** SYSTEM REQUIRES A RESTART FOR SELINUX **"
+ echo "*******************************************"
+ ;;
+ enforcing)
+ echo "*********************************"
+ echo "** SYSTEM IS IN ENFORCING MODE **"
+ echo "*********************************"
+ ;;
+ esac
# Allow jenkins access to alternatives command to switch java version
cat <<EOF >/etc/sudoers.d/89-jenkins-user-defaults
# add in components we need or want on systems
echo "---> Installing base packages"
- yum install -y -q @base
+ yum install -y -q @base https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
# separate group installs from package installs since a non-existing
# group with dnf based systems (F21+) will fail the install if such
# a group does not exist
echo "---> Configuring OpenJDK"
yum install -y -q 'java-*-openjdk-devel'
- FACTER_OS=`/usr/bin/facter operatingsystem`
- FACTER_OSVER=`/usr/bin/facter operatingsystemrelease`
+ FACTER_OS=$(/usr/bin/facter operatingsystem)
+ FACTER_OSVER=$(/usr/bin/facter operatingsystemrelease)
case "$FACTER_OS" in
Fedora)
if [ "$FACTER_OSVER" -ge "21" ]
cat <<EOF >/etc/sudoers.d/89-jenkins-user-defaults
Defaults:jenkins !requiretty
jenkins ALL = NOPASSWD: /usr/bin/update-alternatives
+EOF
+
+ export DEBIAN_FRONTEND=noninteractive
+ cat <<EOF >> /etc/apt/apt.conf
+APT {
+ Get {
+ Assume-Yes "true";
+ allow-change-held-packages "true";
+ allow-downgrades "true";
+ allow-remove-essential "true";
+ };
+};
+
+Dpkg::Options {
+ "--force-confdef";
+ "--force-confold";
+};
+
EOF
echo "---> Updating operating system"
- apt-get update -qq
- apt-get upgrade -y --force-yes -qq
+ apt-get update
+ apt-get upgrade
# add in stuff we know we need
echo "---> Installing base packages"
- apt-get install -y --force-yes -qq unzip xz-utils puppet git libxml-xpath-perl
+ apt-get install unzip xz-utils puppet git libxml-xpath-perl
# install Java 7
echo "---> Configuring OpenJDK"
- apt-get install -y --force-yes -qq openjdk-7-jdk
+ apt-get install openjdk-7-jdk
# make jdk8 available
add-apt-repository -y ppa:openjdk-r/ppa
- apt-get update -qq
+ apt-get update
# We need to force openjdk-8-jdk to install
- apt-get install -y -qq openjdk-8-jdk
+ apt-get install openjdk-8-jdk
# make sure that we still default to openjdk 7
update-alternatives --set java /usr/lib/jvm/java-7-openjdk-amd64/jre/bin/java
# Do any Distro specific installations here
echo "Checking distribution"
- FACTER_OS=`/usr/bin/facter operatingsystem`
+ FACTER_OS=$(/usr/bin/facter operatingsystem)
case "$FACTER_OS" in
RedHat|CentOS)
- if [ `/usr/bin/facter operatingsystemrelease | /bin/cut -d '.' -f1` = "7" ]; then
+ if [ "$(/usr/bin/facter operatingsystemrelease | /bin/cut -d '.' -f1)" = "7" ]; then
echo
echo "---> CentOS 7"
echo "No extra steps currently for CentOS 7"
}
echo "---> Attempting to detect OS"
-# OS selector
-if [ -f /usr/bin/yum ]
-then
- OS='RH'
-else
- OS='UBUNTU'
-fi
-
-case "$OS" in
- RH)
+# upstream cloud images use the distro name as the initial user
+ORIGIN=$(logname)
+
+case "${ORIGIN}" in
+ fedora|centos)
echo "---> RH type system detected"
rh_systems
;;
- UBUNTU)
+ ubuntu)
echo "---> Ubuntu system detected"
ubuntu_systems
;;