diff --git a/README.md b/README.md index 166b664..3b2f9e7 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,9 @@ Clone the repository: - $ git clone https://github.com/librenms/packer-builds && cd packer-builds +```bash +git clone https://github.com/librenms/packer-builds && cd packer-builds +``` Install requirements: @@ -21,15 +23,17 @@ You can configure each template to match your requirements by setting the follow `headless` | 0 | [Documentation](https://packer.io/docs/builders/virtualbox-iso.html#headless) `memory` | 512 | Memory size in MB `mirror` | | A URL of the mirror where the ISO image is available - `librenms_version` | master | The version to build LibreNMS agains. You can use a branch name or tag + `librenms_version` | master | Available options are master or release, master will be up to the latest commit and release will be the latest tag `oxidized` | true | Install Oxidized as part of the image `syslog_ng` | true | Install and configure Syslog-NG ### Example -Build a LibreNMS CentOS 7 (NGINX) box with a 10GB hard disk using the VirtualBox provider: +Build a LibreNMS Ubuntu 22.04 (NGINX) box with a 10GB hard disk using the VirtualBox provider: - $ packer build -only=virtualbox-iso -var disk_size=10000 centos-7.6-x86_64.json +```bash +packer build -only=virtualbox-iso -var disk_size=10000 ubuntu-22.04-amd64.json +``` If running on a remote system over ssh, or on a system without a graphical console, add `-var headless=true` diff --git a/Vagrantfile b/Vagrantfile index 7799aa8..b9d52ce 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -1,35 +1,70 @@ -Vagrant.configure('2') do |config| - 7.times do - config.vm.network :private_network, type: :dhcp - end - - Pathname.glob('*.json').sort.each do |template| - name = template.basename('.json').to_s - escaped_name = name.gsub(/[.]/, '_') - - config.vm.define "#{escaped_name}-libvirt" do |c| - c.vm.box = name - - c.vm.provider :libvirt do |v, override| - override.vm.synced_folder '', '/vagrant', disabled: true - end - end - - config.vm.define "#{escaped_name}-virtualbox" do |c| - c.vm.box = name - - c.vm.provider :virtualbox do |v| - v.name = name - v.gui = false - end - end - - config.vm.define "#{escaped_name}-vmware_fusion" do |c| - c.vm.box = name - - c.vm.provider :vmware_fusion do |v| - v.gui = false - end - end - end +# -*- mode: ruby -*- +# vi: set ft=ruby : + +# All Vagrant configuration is done below. The "2" in Vagrant.configure +# configures the configuration version (we support older styles for +# backwards compatibility). Please don't change it unless you know what +# you're doing. +Vagrant.configure("2") do |config| + # The most common configuration options are documented and commented below. + # For a complete reference, please see the online documentation at + # https://docs.vagrantup.com. + + # Every Vagrant development environment requires a box. You can search for + # boxes at https://vagrantcloud.com/search. + config.vm.box = "librenms-test" + + # Disable automatic box update checking. If you disable this, then + # boxes will only be checked for updates when the user runs + # `vagrant box outdated`. This is not recommended. + # config.vm.box_check_update = false + + # Create a forwarded port mapping which allows access to a specific port + # within the machine from a port on the host machine. In the example below, + # accessing "localhost:8080" will access port 80 on the guest machine. + # NOTE: This will enable public access to the opened port + # config.vm.network "forwarded_port", guest: 80, host: 8080 + + # Create a forwarded port mapping which allows access to a specific port + # within the machine from a port on the host machine and only allow access + # via 127.0.0.1 to disable public access + # config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1" + + # Create a private network, which allows host-only access to the machine + # using a specific IP. + # config.vm.network "private_network", ip: "192.168.33.10" + + # Create a public network, which generally matched to bridged network. + # Bridged networks make the machine appear as another physical device on + # your network. + # config.vm.network "public_network" + + # Share an additional folder to the guest VM. The first argument is + # the path on the host to the actual folder. The second argument is + # the path on the guest to mount the folder. And the optional third + # argument is a set of non-required options. + # config.vm.synced_folder "../data", "/vagrant_data" + + # Provider-specific configuration so you can fine-tune various + # backing providers for Vagrant. These expose provider-specific options. + # Example for VirtualBox: + # + # config.vm.provider "virtualbox" do |vb| + # # Display the VirtualBox GUI when booting the machine + # vb.gui = true + # + # # Customize the amount of memory on the VM: + # vb.memory = "1024" + # end + # + # View the documentation for the provider you are using for more + # information on available options. + + # Enable provisioning with a shell script. Additional provisioners such as + # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the + # documentation for more information about their specific syntax and use. + # config.vm.provision "shell", inline: <<-SHELL + # apt-get update + # apt-get install -y apache2 + # SHELL end diff --git a/centos-7.6-x86_64.json.disabled b/centos-7.6-x86_64.json.disabled deleted file mode 100644 index cd9b24a..0000000 --- a/centos-7.6-x86_64.json.disabled +++ /dev/null @@ -1,157 +0,0 @@ -{ - "builders": [{ - "type": "qemu", - "iso_urls": [ - "{{ user `iso_path` }}/{{ user `iso_name` }}", - "{{ user `mirror` }}/7/isos/x86_64/{{ user `iso_name` }}" - ], - "iso_checksum": "{{user `iso_checksum`}}", - "iso_checksum_type": "{{user `iso_checksum_type`}}", - "output_directory": "output-centos-7.6-x86_64-{{build_type}}", - "vm_name": "librenms-centos-7.6-x86_64", - "disk_size": "{{user `disk_size`}}", - "headless": "{{user `headless`}}", - "http_directory": "http", - "boot_wait": "5s", - "boot_command": [ - "", - "", - "linux inst.ks=http://{{.HTTPIP}}:{{.HTTPPort}}/centos-7.6/anaconda-ks.cfg biosdevname=0 net.ifnames=0", - "" - ], - "ssh_timeout": "{{user `ssh_timeout`}}", - "ssh_username": "{{ user `ssh_username` }}", - "ssh_password": "{{ user `ssh_password` }}", - "shutdown_command": "sudo usermod -L vagrant && sudo chage -d 0 vagrant && sudo systemctl poweroff", - "qemuargs": [ - ["-m", "{{user `memory`}}"], - ["-smp", "{{user `cpus`}}"] - ] - }, { - "type": "virtualbox-iso", - "guest_os_type": "RedHat_64", - "iso_urls": [ - "{{ user `iso_path` }}/{{ user `iso_name` }}", - "{{ user `mirror` }}/7/isos/x86_64/{{ user `iso_name` }}" - ], - "iso_checksum": "{{user `iso_checksum`}}", - "iso_checksum_type": "{{user `iso_checksum_type`}}", - "output_directory": "output-centos-7.6-x86_64-{{build_type}}", - "vm_name": "librenms-centos-7.6-x86_64", - "disk_size": "{{user `disk_size`}}", - "headless": "{{user `headless`}}", - "http_directory": "http", - "boot_wait": "5s", - "boot_command": [ - "", - "", - "linux inst.ks=http://{{.HTTPIP}}:{{.HTTPPort}}/centos-7.6/anaconda-ks.cfg biosdevname=0 net.ifnames=0", - "" - ], - "ssh_timeout": "{{user `ssh_timeout`}}", - "ssh_username": "{{ user `ssh_username` }}", - "ssh_password": "{{ user `ssh_password` }}", - "shutdown_command": "sudo systemctl poweroff", - "vboxmanage": [ - ["modifyvm", "{{.Name}}", "--memory", "{{user `memory`}}"], - ["modifyvm", "{{.Name}}", "--cpus", "{{user `cpus`}}"], - ["modifyvm", "{{.Name}}", "--audio", "none"], - ["modifyvm", "{{.Name}}", "--usb", "off"], - ["modifyvm", "{{.Name}}", "--vram", "12"], - [ "modifyvm", "{{.Name}}", "--natpf1", "ssh,tcp,,2023,,22" ], - [ "modifyvm", "{{.Name}}", "--natpf1", "http,tcp,,8080,,80" ] - ], - "export_opts": - [ - "--manifest", - "--vsys", "0", - "--product", "LibreNMS", - "--producturl", "https://www.librenms.org", - "--description", "LibreNMS, a fully featured network monitoring system that provides a wealth of features and device support.", - "--version", "LibreNMS" - ], - "format": "ova" - }, { - "type": "vmware-iso", - "guest_os_type": "centos-64", - "iso_urls": [ - "{{ user `iso_path` }}/{{ user `iso_name` }}", - "{{ user `mirror` }}/7/isos/x86_64/{{ user `iso_name` }}" - ], - "iso_checksum": "{{user `iso_checksum`}}", - "iso_checksum_type": "{{user `iso_checksum_type`}}", - "output_directory": "output-centos-7.6-x86_64-{{build_type}}", - "vm_name": "librenms-centos-7.6-x86_64", - "disk_size": "{{user `disk_size`}}", - "headless": "{{user `headless`}}", - "http_directory": "http", - "boot_wait": "5s", - "boot_command": [ - "", - "", - "linux inst.ks=http://{{.HTTPIP}}:{{.HTTPPort}}/centos-7.6/anaconda-ks.cfg biosdevname=0 net.ifnames=0", - "" - ], - "ssh_timeout": "{{user `ssh_timeout`}}", - "ssh_username": "{{ user `ssh_username` }}", - "ssh_password": "{{ user `ssh_password` }}", - "tools_upload_flavor": "linux", - "shutdown_command": "sudo systemctl poweroff", - "vmx_data": { - "memsize": "{{user `memory`}}", - "numvcpus": "{{user `cpus`}}" - }, - "vmx_remove_ethernet_interfaces": true - }], - "provisioners": [ - { - "type": "file", - "source": "files/centos/nginx.conf", - "destination": "/tmp/nginx.conf" - }, - { - "type": "file", - "source": "files/centos/librenms.conf", - "destination": "/tmp/librenms.conf" - }, - { - "type": "shell", - "environment_vars": [ - "LIBRENMS_VERSION={{user `librenms_version`}}", - "OXIDIZED={{user `oxidized`}}", - "SYSLOG_NG={{user `syslog_ng`}}" - ], - "scripts": [ - "scripts/centos-7.6/repo.sh", - "scripts/centos/virtualbox.sh", - "scripts/centos/vmware.sh", - "scripts/common/vagrant.sh", - "scripts/common/sshd.sh", - "scripts/centos/locale.sh", - "scripts/centos-7.6/cleanup.sh", - "scripts/centos/librenms.sh", - "scripts/centos/syslog-ng.sh", - "scripts/centos/oxidized.sh", - "scripts/common/finish.sh", - "scripts/common/minimize.sh", - "scripts/common/clean_users.sh" - ] - } - ], - "variables": { - "compression_level": "6", - "cpus": "1", - "disk_size": "40960", - "memory": "512", - "headless": "false", - "iso_checksum": "19d94274ef856c4dfcacb2e7cfe4be73e442a71dd65cc3fb6e46db826040b56e", - "iso_checksum_type": "sha256", - "iso_name": "CentOS-7-x86_64-NetInstall-1810.iso", - "iso_path": "iso", - "mirror": "http://mirrors.kernel.org/centos", - "ssh_fullname": "vagrant", - "ssh_password": "vagrant", - "ssh_username": "vagrant", - "ssh_timeout": "60m" - } -} diff --git a/http/centos-7.6/anaconda-ks.cfg b/http/centos-7.6/anaconda-ks.cfg deleted file mode 100644 index a5ba6b6..0000000 --- a/http/centos-7.6/anaconda-ks.cfg +++ /dev/null @@ -1,50 +0,0 @@ -install -text -reboot -url --mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os -lang en_US.UTF-8 -keyboard us -timezone --utc Etc/UTC -rootpw --plaintext CDne3fwdfds -user --name=vagrant --password=vagrant --plaintext -zerombr -clearpart --all --initlabel -autopart --type=plain -bootloader --timeout=1 - -%packages -@core -which -# mandatory packages in the @core group --btrfs-progs --iprutils --kexec-tools --plymouth -# default packages in the @core group --*-firmware --dracut-config-rescue --kernel-tools --libsysfs --microcode_ctl --NetworkManager* --postfix --rdma -%end - -%post --erroronfail -yum -y update - -cat < /etc/sudoers.d/vagrant -Defaults:vagrant !requiretty -vagrant ALL=(ALL) NOPASSWD: ALL -EOF -chmod 440 /etc/sudoers.d/vagrant - -ln -s /dev/null /etc/udev/rules.d/80-net-name-slot.rules -cat > /etc/sysconfig/network-scripts/ifcfg-eth0 < /root/.ssh/authorized_keys; \ + chmod 0600 /root/.ssh/authorized_keys; \ + chown -Rf root:root /root; \ + groupadd -g 1000 vagrant; \ + useradd -g 1000 -u 1000 -d /home/vagrant -s /bin/bash -m vagrant; \ + echo "vagrant:vagrant" | chpasswd; \ + rm -rf /home/vagrant/.bash_logout; \ + mkdir -p /home/vagrant/.ssh; \ + chmod 0700 /home/vagrant/.ssh; \ + echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key" > /home/vagrant/.ssh/authorized_keys; \ + chmod 0600 /home/vagrant/.ssh/authorized_keys; \ + chown -Rf vagrant:vagrant /home/vagrant; \ + mkdir -p /etc/sudoers.d; \ + chmod 0755 /etc/sudoers.d; \ + echo "vagrant ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/vagrant; \ + chmod 0440 /etc/sudoers.d/vagrant; \ + chown -Rf root:root /etc/sudoers.d; \ + sed -ie "s/^[#\s]*UseDNS.*$/UseDNS no/g" /etc/ssh/sshd_config; \ + ssh-keygen -A; \ + systemctl enable ssh.service; \ + sed -ie "s/^GRUB_DEFAULT=.*/GRUB_DEFAULT=\"0\"/g" /etc/default/grub; \ + sed -ie "s/^GRUB_CMDLINE_LINUX=.*/GRUB_CMDLINE_LINUX=\"net.ifnames=0 biosdevname=0 systemd.unified_cgroup_hierarchy=0\"/g" /etc/default/grub; \ + sed -ie "s/^GRUB_CMDLINE_LINUX_DEFAULT=.*/GRUB_CMDLINE_LINUX_DEFAULT=\"net.ifnames=0 biosdevname=0 systemd.unified_cgroup_hierarchy=0\"/g" /etc/default/grub; \ + update-grub; \ + update-initramfs -c -k all; \ + mkdir -p /etc/ssh/sshd_config.d; \ + echo "PubkeyAcceptedKeyTypes +ssh-rsa" > /etc/ssh/sshd_config.d/10-PubkeyAcceptedKeyTypes-ssh-rsa.conf; \ + chmod 600 /etc/ssh/sshd_config.d/10-PubkeyAcceptedKeyTypes-ssh-rsa.conf; \ + mkdir -p /etc/ssh/ssh_config.d; \ + echo "Host *" >> /etc/ssh/ssh_config.d/10-PubkeyAcceptedKeyTypes-ssh-rsa.conf; \ + echo " HostkeyAlgorithms +ssh-rsa" >> /etc/ssh/ssh_config.d/10-PubkeyAcceptedKeyTypes-ssh-rsa.conf; \ + echo " PubkeyAcceptedKeyTypes +ssh-rsa" >> /etc/ssh/ssh_config.d/10-PubkeyAcceptedKeyTypes-ssh-rsa.conf; \ + chmod 644 /etc/ssh/ssh_config.d/10-PubkeyAcceptedKeyTypes-ssh-rsa.conf; \ + apt-get -y purge snapd; \ + systemctl disable apt-daily.service; \ + systemctl disable apt-daily.timer; \ + systemctl disable apt-daily-upgrade.service; \ + systemctl disable apt-daily-upgrade.timer; \ + exit 0 \ + ' diff --git a/scripts/centos-7.6/cleanup.sh b/scripts/centos-7.6/cleanup.sh deleted file mode 100644 index 260444e..0000000 --- a/scripts/centos-7.6/cleanup.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash - -set -e -set -x - -if rpm -q --whatprovides kernel | grep -Fqv "$(uname -r)"; then - rpm -q --whatprovides kernel | grep -Fv "$(uname -r)" | xargs sudo yum -y autoremove -fi - -sudo yum --enablerepo=epel clean all -sudo yum history new -sudo truncate -c -s 0 /var/log/yum.log diff --git a/scripts/centos-7.6/repo.sh b/scripts/centos-7.6/repo.sh deleted file mode 100644 index 72899c4..0000000 --- a/scripts/centos-7.6/repo.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash - -set -e -set -x - -sudo yum -y install https://download.fedoraproject.org/pub/epel/7/x86_64/Packages/e/epel-release-7-11.noarch.rpm diff --git a/scripts/centos/librenms.sh b/scripts/centos/librenms.sh deleted file mode 100644 index 5cbf3ac..0000000 --- a/scripts/centos/librenms.sh +++ /dev/null @@ -1,174 +0,0 @@ -#!/bin/bash -eux - -if [[ -z "$LIBRENMS_VERSION" ]]; then - LIBRENMS_VERSION="master" -fi - -sudo yum install -y epel-release -sudo yum update -y -sudo rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm -sudo yum install -y composer cronie fping git ImageMagick jwhois mariadb mariadb-server mtr MySQL-python net-snmp net-snmp-utils nginx nmap php72w php72w-cli php72w-common php72w-curl php72w-fpm php72w-gd php72w-mbstring php72w-mysqlnd php72w-process php72w-snmp php72w-xml php72w-zip python-memcached rrdtool libargon2 - -sudo sh -c "cd /opt; composer create-project --no-dev --keep-vcs librenms/librenms=$LIBRENMS_VERSION librenms" - - -sudo useradd librenms -d /opt/librenms -M -s /bin/bash -echo "librenms:CDne3fwdfds" | sudo chpasswd -sudo usermod -a -G librenms nginx -sudo cp -r /etc/skel/. /opt/librenms - -sudo bash -c 'cat < /etc/sudoers.d/librenms -Defaults:librenms !requiretty -librenms ALL=(ALL) NOPASSWD: ALL -EOF' - -sudo chmod 440 /etc/sudoers.d/librenms - -# Change php to UTC TZ -sudo sed -i "s/;date.timezone =.*/date.timezone = UTC/" /etc/php.ini -sudo sed -i "s/^user =.*/user = nginx/" /etc/php-fpm.d/www.conf -sudo sed -i "s/^group =.*/group = apache/" /etc/php-fpm.d/www.conf -sudo sed -i "s/^listen =.*/listen = \/var\/run\/php-fpm\/php7.2-fpm.sock/" /etc/php-fpm.d/www.conf -sudo sed -i "s/^;listen.owner =.*/listen.owner = nginx/" /etc/php-fpm.d/www.conf -sudo sed -i "s/^;listen.group =.*/listen.group = nginx/" /etc/php-fpm.d/www.conf -sudo sed -i "s/^;listen.mode =.*/listen.mode = 0660/" /etc/php-fpm.d/www.conf - -sudo systemctl enable php-fpm -sudo systemctl restart php-fpm - -sudo cp /tmp/librenms.conf /etc/nginx/conf.d/librenms.conf -sudo cp /tmp/nginx.conf /etc/nginx/nginx.conf - -sudo rm -f /etc/httpd/conf.d/welcome.conf -sudo chgrp apache /var/lib/php/session/ - -sudo systemctl enable nginx -sudo systemctl restart nginx - -sudo yum install -y policycoreutils-python -sudo semanage fcontext -a -t httpd_sys_content_t '/opt/librenms/logs(/.*)?' -sudo semanage fcontext -a -t httpd_sys_rw_content_t '/opt/librenms/logs(/.*)?' -sudo restorecon -RFvv /opt/librenms/logs/ -sudo semanage fcontext -a -t httpd_sys_content_t '/opt/librenms/rrd(/.*)?' -sudo semanage fcontext -a -t httpd_sys_rw_content_t '/opt/librenms/rrd(/.*)?' -sudo restorecon -RFvv /opt/librenms/rrd/ -sudo semanage fcontext -a -t httpd_sys_content_t '/opt/librenms/storage(/.*)?' -sudo semanage fcontext -a -t httpd_sys_rw_content_t '/opt/librenms/storage(/.*)?' -sudo restorecon -RFvv /opt/librenms/storage/ -sudo semanage fcontext -a -t httpd_sys_content_t '/opt/librenms/bootstrap/cache(/.*)?' -sudo semanage fcontext -a -t httpd_sys_rw_content_t '/opt/librenms/bootstrap/cache(/.*)?' -sudo restorecon -RFvv /opt/librenms/bootstrap/cache/ -sudo setsebool -P httpd_can_sendmail=1 -sudo setsebool -P httpd_execmem 1 - -sudo bash -c 'cat < /tmp/http_fping.tt -module http_fping 1.0; - -require { -type httpd_t; -class capability net_raw; -class rawip_socket { getopt create setopt write read }; -} - -#============= httpd_t ============== -allow httpd_t self:capability net_raw; -allow httpd_t self:rawip_socket { getopt create setopt write read }; -EOF' - -sudo checkmodule -M -m -o /tmp/http_fping.mod /tmp/http_fping.tt -sudo semodule_package -o /tmp/http_fping.pp -m /tmp/http_fping.mod -sudo semodule -i /tmp/http_fping.pp -sudo rm -f /tmp/http_fping.tt /tmp/http_fping.pp /tmp/http_fping.mod - -sudo firewall-cmd --zone public --add-service http -sudo firewall-cmd --permanent --zone public --add-service http -sudo firewall-cmd --zone public --add-service https -sudo firewall-cmd --permanent --zone public --add-service https -sudo firewall-cmd --zone=public --add-port=514/tcp -sudo firewall-cmd --permanent --zone=public --add-port=514/tcp -sudo firewall-cmd --zone=public --add-port=514/udp -sudo firewall-cmd --permanent --zone=public --add-port=514/udp - -sudo mkdir /var/run/rrdcached -sudo chown librenms:librenms /var/run/rrdcached -sudo chmod 755 /var/run/rrdcached - -sudo bash -c 'cat << EOF > /etc/systemd/system/rrdcached.service -[Unit] -Description=Data caching daemon for rrdtool -After=network.service - -[Service] -Type=forking -PIDFile=/run/rrdcached.pid -ExecStart=/usr/bin/rrdcached -w 1800 -z 1800 -f 3600 -s librenms -U librenms -G librenms -B -R -j /var/tmp -l unix:/var/run/rrdcached/rrdcached.sock -t 4 -F -b /opt/librenms/rrd/ - -[Install] -WantedBy=default.target -EOF' - -sudo systemctl daemon-reload -sudo systemctl enable --now rrdcached.service - -sudo bash -c 'cat << EOF > /etc/my.cnf.d/server.cnf -# -# These groups are read by MariaDB server. -# Use it for options that only the server (but not clients) should see -# -# See the examples of server my.cnf files in /usr/share/mysql/ -# - -# this is read by the standalone daemon and embedded servers -[server] -innodb_file_per_table=1 -lower_case_table_names=0 -EOF' - -sudo systemctl restart mariadb -sudo systemctl enable mariadb - -mysql_pass="D42nf23rewD"; - -echo "CREATE DATABASE librenms; - GRANT ALL PRIVILEGES ON librenms.* - TO 'librenms'@'localhost' - IDENTIFIED BY '$mysql_pass'; - FLUSH PRIVILEGES;" | mysql -u root - -sudo cp /opt/librenms/config.php.default /opt/librenms/config.php - -sudo sed -i 's/USERNAME/librenms/g' /opt/librenms/config.php -sudo sed -i "s/PASSWORD/${mysql_pass}/g" /opt/librenms/config.php -sudo bash -c "echo '\$config[\"fping\"] = \"/usr/sbin/fping\";' >> /opt/librenms/config.php" -sudo bash -c "echo '\$config[\"rrdcached\"] = \"unix:/var/run/rrdcached/rrdcached.sock\";' >> /opt/librenms/config.php" -sudo bash -c "echo '\$config[\"update_channel\"] = \"release\";' >> /opt/librenms/config.php" - -sudo bash -c 'cat < /etc/snmp/snmpd.conf -rocommunity public 127.0.0.1 -extend distro /usr/bin/distro -extend hardware "/bin/cat /sys/devices/virtual/dmi/id/product_name" -extend manufacturer "/bin/cat /sys/devices/virtual/dmi/id/sys_vendor" -EOF' -sudo curl -o /usr/bin/distro https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/distro -sudo chmod +x /usr/bin/distro -sudo systemctl restart snmpd -sudo systemctl enable snmpd - -sudo cp /opt/librenms/librenms.nonroot.cron /etc/cron.d/librenms -sudo sed -i "s/16/4/g" /etc/cron.d/librenms - -sudo /usr/bin/php /opt/librenms/build-base.php -sudo /usr/bin/php /opt/librenms/addhost.php localhost public v2c -sudo /usr/bin/php /opt/librenms/adduser.php librenms D32fwefwef 10 - -sudo git clone https://github.com/librenms-plugins/Weathermap.git /opt/librenms/html/plugins/Weathermap/ -echo "INSERT INTO plugins SET plugin_name = 'Weathermap', plugin_active = 1;" | mysql -u root librenms -sudo bash -c "echo '*/5 * * * * librenms /opt/librenms/html/plugins/Weathermap/map-poller.php >> /dev/null 2>&1' >> /etc/cron.d/librenms" -sudo chcon -R -t httpd_cache_t /opt/librenms/html/plugins/Weathermap/ -sudo chmod -R g+w /opt/librenms/html/plugins/Weathermap/configs/ - - -sudo chown -R librenms:librenms /opt/librenms -sudo setfacl -d -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/ -sudo chmod -R ug=rwX /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/ -sudo su - librenms -c "git checkout ." diff --git a/scripts/centos/locale.sh b/scripts/centos/locale.sh deleted file mode 100644 index ebb90a7..0000000 --- a/scripts/centos/locale.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash - -set -e -set -x - -localedef --list-archive | grep -a -v en_US.utf8 | xargs sudo localedef --delete-from-archive -sudo cp /usr/lib/locale/locale-archive{,.tmpl} -sudo build-locale-archive diff --git a/scripts/centos/oxidized.sh b/scripts/centos/oxidized.sh deleted file mode 100644 index c81fac4..0000000 --- a/scripts/centos/oxidized.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/bash -eux - -if [ "$OXIDIZED" == false ]; then - echo "Oxidized support disabled" - exit 0 -fi - -sudo yum install -y centos-release-scl -sudo yum install -y make cmake which sqlite-devel openssl-devel libssh2-devel ruby gcc ruby-devel libicu-devel gcc-c++ rubygem-rake -sudo yum install -y rh-ruby23 rh-ruby23-ruby-devel -sudo useradd oxidized -sudo su - librenms -c "source scl_source enable rh-ruby23 && gem install oxidized" -sudo su - librenms -c "source scl_source enable rh-ruby23 && gem install oxidized-script oxidized-web" -sudo bash -c 'cat << EOF > /etc/profile.d/rh-ruby23.sh -#!/bin/bash - -source scl_source enable rh-ruby23 -EOF' -sudo bash -c 'cat << EOF > /etc/systemd/system/oxidized.service -[Unit] -Description=Oxidized - Network Device Configuration Backup Tool - -[Service] -ExecStart=/usr/local/bin/oxidized -User=oxidized - -[Install] -WantedBy=multi-user.target -EOF' -sudo systemctl enable oxidized - diff --git a/scripts/centos/syslog-ng.sh b/scripts/centos/syslog-ng.sh deleted file mode 100644 index f3f5818..0000000 --- a/scripts/centos/syslog-ng.sh +++ /dev/null @@ -1,66 +0,0 @@ -#!/bin/bash -eux - -if [[ "$SYSLOG_NG" == false ]]; then - echo "Syslog-ng support disabled" - exit 0 -fi - -sudo yum remove -y rsyslog -sudo yum install -y syslog-ng -sudo sh -c "echo '' > /var/log/secure" - -sudo bash -c 'cat << EOF > /etc/syslog-ng/syslog-ng.conf -@version: 3.5 -@include "scl.conf" - -# First, set some global options. -options { - chain_hostnames(off); - flush_lines(0); - use_dns(no); - use_fqdn(no); - owner("root"); - group("adm"); - perm(0640); - stats_freq(0); - bad_hostname("^gconfd$"); -}; - -######################## -# Sources -######################## -source s_sys { - system(); - internal(); -}; - -source s_net { - tcp(port(514) flags(syslog-protocol)); - udp(port(514) flags(syslog-protocol)); -}; - -######################## -# Destinations -######################## -destination d_librenms { - program("/opt/librenms/syslog.php" template ("\$HOST||\$FACILITY||\$PRIORITY||\$LEVEL||\$TAG||\$YEAR-\$MONTH-\$DAY \$HOUR:\$MIN:\$SEC||\$MSG||\$PROGRAM\n") template-escape(yes)); -}; - -######################## -# Log paths -######################## -log { - source(s_net); - source(s_sys); - destination(d_librenms); -}; - -### -# Include all config files in /etc/syslog-ng/conf.d/ -### -@include "/etc/syslog-ng/conf.d/*.conf" -EOF' - -sudo systemctl enable syslog-ng -sudo systemctl restart syslog-ng -sudo bash -c "echo '\$config[\"enable_syslog\"] = 1;' >> /opt/librenms/config.php" diff --git a/scripts/centos/virtualbox.sh b/scripts/centos/virtualbox.sh deleted file mode 100644 index d2f1010..0000000 --- a/scripts/centos/virtualbox.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash - -set -e -set -x - -if [ "$PACKER_BUILDER_TYPE" != "virtualbox-iso" ]; then - exit 0 -fi - -sudo yum -y install bzip2 -sudo yum -y --enablerepo=epel install dkms -sudo yum -y install kernel-devel -sudo yum -y install make -sudo yum -y install perl - -# Uncomment this if you want to install Guest Additions with support for X -#sudo yum -y install xorg-x11-server-Xorg - -# In CentOS 6 or earlier, dkms package provides SysV init script called -# dkms_autoinstaller that is enabled by default -if systemctl list-unit-files | grep -q dkms.service; then - sudo systemctl start dkms - sudo systemctl enable dkms -fi - -sudo mount -o loop,ro ~/VBoxGuestAdditions.iso /mnt/ -sudo /mnt/VBoxLinuxAdditions.run || : -sudo umount /mnt/ -rm -f ~/VBoxGuestAdditions.iso diff --git a/scripts/centos/vmware.sh b/scripts/centos/vmware.sh deleted file mode 100644 index c291004..0000000 --- a/scripts/centos/vmware.sh +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/bash - -set -e -set -x - -if [ "$PACKER_BUILDER_TYPE" != "vmware-iso" ]; then - exit 0 -fi - -sudo yum -y install perl -sudo yum -y install net-tools -sudo yum -y install make -sudo yum -y install gcc -sudo yum -y install kernel-devel - -sudo mkdir /mnt/vmware -sudo mount -o loop,ro ~/linux.iso /mnt/vmware - -mkdir /tmp/vmware -tar zxf /mnt/vmware/VMwareTools-*.tar.gz -C /tmp/vmware - -sudo /tmp/vmware/vmware-tools-distrib/vmware-install.pl --default --force-install -rm -r /tmp/vmware - -sudo umount /mnt/vmware -sudo rm -r /mnt/vmware -rm -f ~/linux.iso - -sudo tee -a /etc/vmware-tools/locations < Clearing Ubuntu machine-id' sudo cp /dev/null /etc/machine-id -echo '==> Resetting networking' -rm -f /etc/netplan/*.yaml \ - /etc/cloud/cloud.cfg.d/99-installer.cfg \ - /etc/cloud/cloud.cfg.d/subiquity-disable-cloudinit-networking.cfg +sudo bash -c 'cat << EOF > /etc/netplan/01-netcfg.yaml +network: + version: 2 + renderer: networkd + ethernets: + eth: + match: + name: en* + dhcp4: yes +EOF' cloud-init clean --seed --logs diff --git a/scripts/ubuntu/librenms.sh b/scripts/ubuntu/librenms.sh index dc6ece7..6a94f54 100644 --- a/scripts/ubuntu/librenms.sh +++ b/scripts/ubuntu/librenms.sh @@ -7,7 +7,8 @@ echo '==> Aquiring prerequisite packages' apt -y install software-properties-common add-apt-repository universe apt -y update -apt -y install acl curl composer fping git graphviz imagemagick mariadb-client mariadb-server mtr-tiny nginx-full nmap php7.4-cli php7.4-curl php7.4-fpm php7.4-gd php7.4-json php7.4-mbstring php7.4-mysql php7.4-snmp php7.4-xml php7.4-zip rrdtool snmp snmpd whois unzip python3-pymysql python3-dotenv python3-redis python3-setuptools +apt -y install acl curl fping git graphviz imagemagick mariadb-client mariadb-server mtr-tiny nginx-full nmap php-cli php-curl php-fpm php-gd php-gmp php-json php-mbstring php-mysql php-snmp php-xml php-zip rrdtool snmp snmpd whois unzip python3-pymysql python3-dotenv python3-redis python3-setuptools python3-systemd python3-pip + echo '==> Downloading LibreNMS' @@ -21,23 +22,31 @@ EOF' sudo chmod 440 /etc/sudoers.d/librenms cd /opt -git clone https://github.com/librenms/librenms.git +git clone --branch master --depth 1 https://github.com/librenms/librenms.git chown -R librenms:librenms /opt/librenms chmod 771 /opt/librenms setfacl -d -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/ setfacl -R -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/ cd /opt/librenms +if [[ "$LIBRENMS_VERSION" == "release" ]]; then +#sudo -u librenms git fetch --tags && sudo -u librenms git checkout $(sudo -u librenms git describe --tags $(sudo -u librenms git rev-list --tags --max-count=1)) +RELEASE=$(sudo -u librenms git ls-remote --tags origin|tail -1|cut -d$'\t' -f1) +sudo -u librenms git fetch origin "$RELEASE" +sudo -u librenms git checkout "$RELEASE" +#sudo -u librenms git checkout $(sudo -u librenms git fetch origin $(sudo -u librenms git ls-remote --tags origin|tail -1|cut -d$'\t' -f1)) +fi +echo '==> Running composer install' sudo -u librenms ./scripts/composer_wrapper.php install --no-dev echo '==> Configuring PHP' -sudo sed -i "s/;date.timezone =.*/date.timezone = UTC/" /etc/php/7.4/fpm/php.ini -sudo sed -i "s/;date.timezone =.*/date.timezone = UTC/" /etc/php/7.4/cli/php.ini -mv /etc/php/7.4/fpm/pool.d/www.conf /etc/php/7.4/fpm/pool.d/librenms.conf -sed -i "s/user = .*/user = librenms/" /etc/php/7.4/fpm/pool.d/librenms.conf -sed -i "s/group = .*/group = librenms/" /etc/php/7.4/fpm/pool.d/librenms.conf -sed -i "s|listen = .*|listen = /run/php-fpm-librenms.sock|" /etc/php/7.4/fpm/pool.d/librenms.conf -systemctl restart php7.4-fpm.service -systemctl enable php7.4-fpm.service +sudo sed -i "s/;date.timezone =.*/date.timezone = UTC/" /etc/php/8.1/fpm/php.ini +sudo sed -i "s/;date.timezone =.*/date.timezone = UTC/" /etc/php/8.1/cli/php.ini +mv /etc/php/8.1/fpm/pool.d/www.conf /etc/php/8.1/fpm/pool.d/librenms.conf +sed -i "s/user = .*/user = librenms/" /etc/php/8.1/fpm/pool.d/librenms.conf +sed -i "s/group = .*/group = librenms/" /etc/php/8.1/fpm/pool.d/librenms.conf +sed -i "s|listen = .*|listen = /run/php-fpm-librenms.sock|" /etc/php/8.1/fpm/pool.d/librenms.conf +systemctl restart php8.1-fpm.service +systemctl enable php8.1-fpm.service echo '==> Installing lnms' ln -s /opt/librenms/lnms /usr/bin/lnms @@ -88,7 +97,7 @@ sudo systemctl restart mariadb mysql_pass="D42nf23rewD"; -echo "CREATE DATABASE librenms CHARACTER SET utf8 COLLATE utf8_unicode_ci; +echo "CREATE DATABASE librenms CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; GRANT ALL PRIVILEGES ON librenms.* TO 'librenms'@'localhost' IDENTIFIED BY '$mysql_pass'; diff --git a/scripts/ubuntu/minimize.sh b/scripts/ubuntu/minimize.sh index 293800d..0e7c5a8 100644 --- a/scripts/ubuntu/minimize.sh +++ b/scripts/ubuntu/minimize.sh @@ -31,7 +31,7 @@ dpkg --list | awk '{ print $2 }' | grep -- '-doc$' | xargs apt-get -y purge #echo "==> Removing default system Python" #apt-get -y purge python-dbus libnl1 python-smartpm python-twisted-core libiw30 python-twisted-bin libdbus-glib-1-2 python-pexpect python-pycurl python-serial python-gobject python-pam python-openssl libffi5 echo "==> Removing other oddities" -apt-get -y purge popularity-contest installation-report landscape-common wireless-tools wpasupplicant ubuntu-serverguide +apt-get -y purge popularity-contest landscape-common wireless-tools wpasupplicant apt-get -y purge nano # Clean up the apt cache @@ -46,6 +46,15 @@ echo "==> Removing any docs" rm -rf /usr/share/doc/* echo "==> Removing caches" find /var/cache -type f -exec rm -rf {} \; +echo "==> Removing snapd files" +rm -rf /var/lib/snapd/seed/ /var/lib/snapd/snaps/ +echo "==> Removing journal files" +rm -rf /var/log/journal/* +echo "==> Cleaning up LibreNMS" +rm -rf /opt/librenms/rrd/* /opt/librenms/.cache/composer/* +cd /opt/librenms; sudo -u librenms git repack -a -d --depth=250 --window=250 +echo "==> Removing VBoxGuestAdditions.iso" +rm -f /home/vagrant/VBoxGuestAdditions.iso # Zero out the free space to save space in the final image dd if=/dev/zero of=/EMPTY bs=1M || echo "dd exit code $? is suppressed" diff --git a/ubuntu-20.04-amd64.json b/ubuntu-22.04-amd64.json similarity index 58% rename from ubuntu-20.04-amd64.json rename to ubuntu-22.04-amd64.json index 0fdff0e..b9cd974 100644 --- a/ubuntu-20.04-amd64.json +++ b/ubuntu-22.04-amd64.json @@ -1,20 +1,48 @@ { - "_comment": "Build with `packer build ubuntu.json`", "builders": [ { "boot_command": [ - "{{ user `boot_command_prefix` }}", - "/casper/vmlinuz ", - "root=/dev/sr0 ", - "initrd=/casper/initrd ", - "acpi=off noapic ", - "autoinstall ", - "ds=nocloud-net;s=http://{{ .HTTPIP }}:{{ .HTTPPort }}/ubuntu-20.04/", - "" + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "c", + "set gfxpayload=keep", + "linux /casper/vmlinuz ", + "autoinstall quiet fsck.mode=skip ", + "net.ifnames=0 biosdevname=0 systemd.unified_cgroup_hierarchy=0 ", + "ds=\"nocloud-net;s=http://{{.HTTPIP}}:{{.HTTPPort}}/ubuntu-22.04/\" ", + "---", + "initrd /casper/initrd", + "boot" ], - "boot_wait": "5s", - "boot_keygroup_interval": "300ms", + "boot_wait": "1s", + "cpus": "{{ user `cpus` }}", "disk_size": "{{ user `disk_size` }}", + "format": "ova", + "guest_os_type": "Ubuntu_64", + "headless": "{{ user `headless` }}", + "http_directory": "http", + "iso_checksum": "{{ user `iso_checksum_type` }}:{{ user `iso_checksum` }}", + "iso_urls": [ + "{{ user `iso_path` }}/{{ user `iso_name` }}", + "{{ user `mirror` }}/22.04.2/{{ user `iso_name` }}" + ], + "memory": "{{ user `memory` }}", + "output_directory": "output-ubuntu-22.04-amd64", + "shutdown_command": "sudo shutdown -h now", + "ssh_password": "vagrant", + "ssh_port": 22, + "ssh_read_write_timeout": "600s", + "ssh_timeout": "120m", + "ssh_username": "vagrant", + "type": "virtualbox-iso", "export_opts": [ "--manifest", "--vsys", @@ -28,59 +56,18 @@ "--version", "LibreNMS" ], - "format": "ova", - "guest_additions_path": "VBoxGuestAdditions_{{.Version}}.iso", - "guest_os_type": "Ubuntu_64", - "headless": "{{ user `headless` }}", - "http_directory": "http", - "iso_checksum": "{{ user `iso_checksum_type` }}:{{ user `iso_checksum` }}", - "iso_urls": [ - "{{ user `iso_path` }}/{{ user `iso_name` }}", - "{{ user `mirror` }}/focal/{{ user `iso_name` }}" - ], - "output_directory": "output-ubuntu-20.04-amd64-{{build_type}}", - "shutdown_command": "sudo usermod -L vagrant \u0026\u0026 sudo chage -d 0 vagrant \u0026\u0026 sudo systemctl poweroff", - "ssh_handshake_attempts":"1000", - "ssh_password": "{{ user `ssh_password` }}", - "ssh_timeout": "{{user `ssh_timeout`}}", - "ssh_username": "{{ user `ssh_username` }}", - "type": "virtualbox-iso", "vboxmanage": [ [ "modifyvm", "{{.Name}}", - "--audio", - "none" + "--cpu-profile", + "host" ], [ "modifyvm", "{{.Name}}", - "--usb", - "off" - ], - [ - "modifyvm", - "{{.Name}}", - "--vram", - "12" - ], - [ - "modifyvm", - "{{.Name}}", - "--vrde", - "off" - ], - [ - "modifyvm", - "{{.Name}}", - "--memory", - "{{ user `memory` }}" - ], - [ - "modifyvm", - "{{.Name}}", - "--cpus", - "{{ user `cpus` }}" + "--nat-localhostreachable1", + "on" ], [ "modifyvm", @@ -96,7 +83,19 @@ ] ], "virtualbox_version_file": ".vbox_version", - "vm_name": "librenms-ubuntu-20.04-amd64" + "vm_name": "librenms-ubuntu-22.04-amd64", + "vrdp_bind_address": "0.0.0.0", + "vrdp_port_max": 6000, + "vrdp_port_min": 5900 + } + ], + "post-processors": [ + { + "compression_level": 9, + "keep_input_artifact": true, + "output": "output-ubuntu-22.04-amd64/librenms-vagrant.box", + "provider_override": "virtualbox", + "type": "vagrant" } ], "provisioners": [ @@ -115,7 +114,6 @@ "SSH_PASSWORD={{user `ssh_password`}}", "http_proxy={{user `http_proxy`}}", "https_proxy={{user `https_proxy`}}", - "no_proxy={{user `no_proxy`}}", "LIBRENMS_VERSION={{user `librenms_version`}}", "OXIDIZED={{user `oxidized`}}", "SYSLOG_NG={{user `syslog_ng`}}" @@ -124,7 +122,6 @@ "expect_disconnect": true, "scripts": [ "scripts/ubuntu/update.sh", - "scripts/ubuntu/virtualbox.sh", "scripts/ubuntu/vmware.sh", "scripts/common/vagrant.sh", "scripts/common/sshd.sh", @@ -140,20 +137,16 @@ } ], "variables": { - "boot_command_prefix": "", "cpus": "1", "desktop": "false", "disk_size": "40960", "headless": "false", - "hostname": "librenms", - "http_proxy": "{{env `http_proxy`}}", - "https_proxy": "{{env `https_proxy`}}", "install_vagrant_key": "true", - "iso_checksum": "d1f2bf834bbe9bb43faf16f9be992a6f3935e65be0edece1dee2aa6eb1767423", + "iso_checksum": "5e38b55d57d94ff029719342357325ed3bda38fa80054f9330dc789cd2d43931", "iso_checksum_type": "sha256", - "iso_name": "ubuntu-20.04.2-live-server-amd64.iso", + "iso_name": "ubuntu-22.04.2-live-server-amd64.iso", "iso_path": "iso", - "memory": "512", + "memory": "2048", "mirror": "http://releases.ubuntu.com", "no_proxy": "{{env `no_proxy`}}", "ssh_fullname": "vagrant", diff --git a/upload.sh b/upload.sh new file mode 100755 index 0000000..b542468 --- /dev/null +++ b/upload.sh @@ -0,0 +1,37 @@ +#!/usr/bin/env bash + +CURL='/usr/bin/env curl' +JQ='/usr/bin/env jq' +PACKER='/usr/bin/env packer' +RE='^[0-9]+[.][0-9]+([.][0-9]+)?$' +FIND='/usr/bin/env find' +IMAGES="centos-7.6-x86_64 +ubuntu-18.04-amd64" +BUILDERS="virtualbox-iso" + +echo "Please enter your GitHub personal access token (we don't save it):" +read -s TOKEN + +LATEST_TAG=$($CURL -s https://api.github.com/repos/librenms/librenms/releases/latest | $JQ -r ".tag_name") + +if ! [[ "$LATEST_TAG" =~ $RE ]] ; then + echo "Tag not found"; exit 1; +fi + +echo "Creating new release $LATEST_TAG" + +UPLOAD_URL=$($CURL -s https://api.github.com/repos/librenms/packer-builds/releases -H "Authorization: token $TOKEN" -X POST --header "Content-Type: application/json" -d "{\"tag_name\":\"$LATEST_TAG\",\"name\":\"v$LATEST_TAG\"}" | $JQ -r ".upload_url") +UPLOAD_URL="${UPLOAD_URL//\{\?name,label\}/}" +FILES=$($FIND ./output-* -type f -print) +for FILE in $FILES; do + IFS='/' read -a OVA <<< "$FILE" + NAME=${OVA[2]} + echo "$CURL -s \"$UPLOAD_URL?name=$NAME\" -H \"Authorization: token \" -T \"$FILE\" -X POST -H \"Content-Type: application/tar\"" + UPLOAD=$($CURL -s "$UPLOAD_URL?name=$NAME" -H "Authorization: token $TOKEN" -T "$FILE" -X POST -H "Content-Type: application/tar") + if [ $? != 0 ] ; then + echo "Upload failed:" + echo $UPLOAD + else + echo "Upload completed" + fi +done