Centos Installscript

1

Thought I’d share this if anyone wants a kinda turnkey install on Centos (I haven’t maintained my debian/ubuntu version but it’s fairly similar). This script also installs a stun-server as we use that and sets up logging, but it won’t install any scripts or provisions. Go nuts!

#!/bin/bash

set -e

## Creating install log
exec > >(tee -i genieacs_install.log)
exec 2>&1

## Setting up some variables
## Uncomment next line and enter custom ip if user selected ip in env
# systemip= 
jwtsecret="$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-16})"
logdir=/var/log/genieacs
installdir=/opt
configtmp=$(mktemp)

## Get some user input

##Uncomment  if you need  a different HOSTNAME-ip in env. This is handled automatically and should not be neccesary
# read -p "Please enter the ip address: " systemip 
# echo ""

## Uncomment if you want a usersselected jwtsecret and not a random generated
#read -p "Please enter a jwt secret (just generate something random): " jwtsecret
#echo ""

## Checking for existing user and logdir
echo "Does genieacs user exist?"
if id -u "genieacs" >/dev/null 2>&1; then
	echo "genieacs exists"
else
	useradd genieacs
	echo "user does not exist, created genieacs"
fi

echo "Does directory $logdir exist?"
if [ -d "$logdir" ]; then
	echo "Directory $logdir exist"
else
	mkdir $logdir
	echo "Directory $logdir created"
fi

chown genieacs:genieacs $logdir
cd $installdir
## Install prequisites
echo "Installing needed software"
dnf -y install dnf-plugins-core
dnf install epel-release -y
dnf config-manager --set-enabled PowerTools
curl -sL https://rpm.nodesource.com/setup_12.x | sudo bash -
curl -sL https://dl.yarnpkg.com/rpm/yarn.repo | sudo tee /etc/yum.repos.d/yarn.repo
dnf install -y wget mlocate rsyslog jq
/usr/bin/updatedb
dnf install -y git zlib zlib-devel gcc-c++ patch \
readline readline-devel libyaml-devel libffi-devel \
openssl-devel make bzip2 autoconf automake libtool \
bison  sqlite-devel policycoreutils-python-utils libxml2 yarn boost-devel

echo "Installing MongoDB"
## This is a bit hardcoded as mongo is not yet part of Centos 8 repos

if chkconfig mongod >/dev/null 2>&1; then
	echo "MongoDB appears to be running"
else
	"MongoDB is not running, enabling"
	cat <<EOF > /etc/yum.repos.d/mongodb-org.repo
[mongodb-org]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/8Server/mongodb-org/4.4/x86_64
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.4.asc
EOF
	dnf install -y mongodb-org
	systemctl enable mongod
	chkconfig mongod on
fi
echo "Checking SELinux settings"
if semanage port -l | grep 27017 >/dev/null 2>&1; then
	echo "SELinux port open"
else
	"SELinux port closed, creating rule for mongod"
	semanage port -a -t mongod_port_t -p tcp 27017
fi

##  Node.js
echo "Installing node"
yum install -y  nodejs
npm cache clean -f
npm install -g n
n 12.13.1

## Install stuntman for stunserver
echo "Looking for stunserver"
cd $installdir
 if [ -d "stunserver" ]; then
        echo "Stunserver exist, skipping"
 else
        echo "Stunserver not found, installing"
        git clone https://github.com/jselbie/stunserver.git
        cd stunserver/
        make
 fi

## GenieACS
cd $installdir
 if [ -d "genieacs" ]; then
 	echo "Genieacs exist, moving it to .bak"
	mv genieacs genieacs.bak
 	echo "Installing GenieACS"
 else
 	echo "Installing GenieACS"
 fi

git clone https://github.com/genieacs/genieacs.git
cd genieacs/
npm install
npm run build

echo "Done installing GenieACS"

## Create the .env file that holds all relevant settings
## Uncomment FS_HOSTNAME in genieacs.env section if selecting ip via user input at beginning of script
echo "Creating env file"
cd $installdir/genieacs/
cat <<EOF > $installdir/genieacs/genieacs.env
# GENIEACS_FS_HOSTNAME =$systemip 
GENIEACS_EXT_DIR=/opt/genieacs/ext
GENIEACS_CWMP_ACCESS_LOG_FILE=$logdir/genieacs-cwmp-access.log
GENIEACS_NBI_ACCESS_LOG_FILE=$logdir/genieacs-nbi-access.log
GENIEACS_FS_ACCESS_LOG_FILE=$logdir/genieacs-fs-access.log
GENIEACS_FS_LOG_FILE=$logdir/genieacs-fs.log
GENIEACS_UI_ACCESS_LOG_FILE=$logdir/genieacs-ui-access.log
GENIEACS_UI_LOG_FILE=$logdir/genieacs-ui.log
GENIEACS_NBI_LOG_FILE=$logdir/genieacs-nbi.log
GENIEACS_UI_JWT_SECRET=$jwtsecret 
GENIEACS_UDP_CONNECTION_REQUEST_PORT=3478 
GENIEACS_GET_PARAMETER_NAMES_DEPTH_THRESHOLD=3 
GENIEACS_SESSION_TIMEOUT=60 
GENIEACS_MAX_COMMIT_ITERATIONS=96 
GENIEACS_CWMP_KEEP_ALIVE_TIMEOUT=30000 
GENIEACS_EXT_TIMEOUT=15000 
GENIEACS_MAX_CONCURRENT_REQUESTS=200 
GENIEACS_DEBUG_FILE=$logdir/genieacs-debug.yaml
EOF

## Systemd genieacs-cwmp.service
echo "Creating systemd services"
cat << EOF > /usr/lib/systemd/system/genieacs-cwmp.service
[Unit]
Description=GenieACS CWMP
After=network.target mongod.service

[Service]
User=genieacs
EnvironmentFile=$installdir/genieacs/genieacs.env
ExecStart=$installdir/genieacs/dist/bin/genieacs-cwmp
KillMode=process

[Install]
WantedBy=multi-user.target
EOF

cat << EOF > /usr/lib/systemd/system/genieacs-nbi.service
[Unit]
Description=GenieACS NBI
After=network.target mongod.service

[Service]
User=genieacs
EnvironmentFile=$installdir/genieacs/genieacs.env
ExecStart=$installdir/genieacs/dist/bin/genieacs-nbi
KillMode=process

[Install]
WantedBy=multi-user.target
EOF

cat << EOF > /usr/lib/systemd/system/genieacs-fs.service
[Unit]
Description=GenieACS FS
After=network.target mongod.service

[Service]
User=genieacs
EnvironmentFile=$installdir/genieacs/genieacs.env
ExecStart=$installdir/genieacs/dist/bin/genieacs-fs
KillMode=process

[Install]
WantedBy=multi-user.target
EOF

cat << EOF > /usr/lib/systemd/system/genieacs-ui.service
[Unit]
Description=GenieACS UI
After=network.target mongod.service genieacs-cwmp.service

[Service]
User=genieacs
EnvironmentFile=$installdir/genieacs/genieacs.env
ExecStart=$installdir/genieacs/dist/bin/genieacs-ui --ui-jwt-secret $jwtsecret
KillMode=process

[Install]
WantedBy=multi-user.target
EOF

# Create systemd service for stuntman
cat << EOF > /usr/lib/systemd/system/stunserver.service
[Unit]
Description=Stuntman stunserver
After=network.target

[Service]
User=genieacs
ExecStart=/opt/stunserver/stunserver --reuseaddr
KillMode=process

[Install]
WantedBy=default.target
EOF

## Logrotate
echo "Creating logrotate config"
cat <<-EOF > /etc/logrotate.d/genieacs
$logdir/*.log {
  daily
  rotate 7
  compress
  delaycompress
  missingok
  notifempty
  size 25k
  copytruncate
  create 0644 genieacs genieacs
}
EOF

##
cd $installdir
##

## Enable and start services
systemctl enable genieacs-cwmp
systemctl enable genieacs-nbi
systemctl enable genieacs-fs
systemctl enable genieacs-ui
systemctl enable stunserver
systemctl daemon-reload

systemctl start mongod
systemctl start genieacs-cwmp
systemctl start genieacs-nbi
systemctl start genieacs-fs
systemctl start genieacs-ui
systemctl start stunserver


echo ""
echo ""

## Firewalld rules
if firewall-cmd --state >/dev/null 2>&1; then
	read -p "Firewalld appears to be running. Create default rules for public zone, not subnet specific (y/n)? " answer
	case ${answer:0:1} in
		y|Y )
			firewall-cmd --zone=public --add-port=3000/tcp --permanent
			firewall-cmd --zone=public --add-port=7547/tcp --permanent
			firewall-cmd --zone=public --add-port=7557/tcp --permanent
			firewall-cmd --zone=public --add-port=7567/tcp --permanent
			firewall-cmd --zone=public --add-port=3478/udp --permanent
			echo "Rules created"
			echo "Reloading firewalld"
			firewall-cmd --reload
			firewall-cmd --zone=public --list-all
			;;
		* )
			echo "No rules created, please make sure the relevant ports are open"
			exit
			;;
	esac
else
	echo "No firewalld was detected, no rules created"
fi

## Quick systemcheck
echo "Please verify that all services are running"
echo "Checking listening ports"
netstat -plnut | grep '27017\|3000\|7547\|7557\|7567\|3478'

echo ""
echo "Done!"

exit 0

I’ve edited it somewhat, hope I squashed the bugs that came as Centos 8 is different… Apologies if you get headaches from this, I’ll try to verify it.

2

I’ll need to make some minor corrections to this, Centos 8 is throwing me off a bit…