The /srv/www/htdocs/pub/bootstrap/bootstrap.sh
script
generated by the SUSE Manager Server installation program provides the
ability to reconfigure client systems to access your SUSE Manager easily. It
is available through the mgr-bootstrap command. After
modifying the script for your particular use, it can be run on each client
machine.
Review the sample and its comments, beginning with a hash mark (#), for additional details. Follow the steps in Chapter 5, Using Bootstrap to prepare the script for use.
#!/bin/bash echo "SUSE Manager Server Client bootstrap script v4.0" # This file was autogenerated. Minor manual editing of this script (and # possibly the client-config-overrides.txt file) may be necessary to complete # the bootstrap setup. Once customized, the bootstrap script can be triggered # in one of two ways (the first is preferred): # # (1) centrally, from the SUSE Manager Server via ssh (i.e., from the # SUSE Manager Server): # cd /srv/www/htdocs/pub/bootstrap/ # cat bootstrap-<edited_name>.sh | ssh root@<client-hostname> /bin/bash # # ...or... # # (2) in a decentralized manner, executed on each client, via wget or curl: # wget -qO- https://<hostname>/pub/bootstrap/bootstrap-<edited_name>.sh | /bin/bash # ...or... # curl -Sks https://<hostname>/pub/bootstrap/bootstrap-<edited_name>.sh | /bin/bash # SECURITY NOTE: # Use of these scripts via the two methods discussed is the most expedient # way to register machines with your SUSE Manager Server. Since "wget" is used # throughout the script to download various files, a "Man-in-the-middle" # attack is theoretically possible. # # The actual registration process is performed securely via SSL, so the risk # is minimized in a sense. This message merely serves as a warning. # Administrators need to appropriately weigh their concern against the # relative security of their internal network. # PROVISIONING/KICKSTART NOTE: # If provisioning a client, ensure the proper CA SSL public certificate is # configured properly in the post section of your kickstart profiles (the # SUSE Manager Server or hosted web user interface). # UP2DATE/RHN_REGISTER VERSIONING NOTE: # This script will not work with very old versions of up2date and # rhn_register. echo echo echo "MINOR MANUAL EDITING OF THIS FILE MAY BE REQUIRED!" echo echo "If this bootstrap script was created during the initial installation" echo "of a SUSE Manager Server, the ACTIVATION_KEYS, and ORG_GPG_KEY values will" echo "probably *not* be set (see below). If this is the case, please do the" echo "following:" echo " - copy this file to a name specific to its use." echo " (e.g., to bootstrap-SOME_NAME.sh - like bootstrap-web-servers.sh.)" echo " - on the website create an activation key or keys for the system(s) to" echo " be registered." echo " - edit the values of the VARIABLES below (in this script) as" echo " appropriate:" echo " - ACTIVATION_KEYS needs to reflect the activation key(s) value(s)" echo " from the website. XKEY or XKEY,YKEY" echo " - ORG_GPG_KEY needs to be set to the name of the corporate public" echo " GPG key filename (residing in /srv/www/htdocs/pub) if appropriate." echo echo "Verify that the script variable settings are correct:" echo " - CLIENT_OVERRIDES should be only set differently if a customized" echo " client-config-overrides-VER.txt file was created with a different" echo " name." echo " - ensure the value of HOSTNAME is correct." echo " - ensure the value of ORG_CA_CERT is correct." echo echo "Enable this script: comment (with #'s) this block (or, at least just" echo "the exit below)" echo exit 1 # can be edited, but probably correct (unless created during initial install): # NOTE: ACTIVATION_KEYS *must* be used to bootstrap a client machine. ACTIVATION_KEYS=insert_activation_key_here ORG_GPG_KEY=insert_activation_key_here # can be edited, but probably correct: CLIENT_OVERRIDES=client-config-overrides.txt HOSTNAME=your_sue_manager_server_host.example.com ORG_CA_CERT=rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm ORG_CA_CERT_IS_RPM_YN=1 USING_SSL=1 USING_GPG=1 REGISTER_THIS_BOX=1 ALLOW_CONFIG_ACTIONS=0 ALLOW_REMOTE_COMMANDS=0 FULLY_UPDATE_THIS_BOX=1 # Set if you want to specify profilename for client systems. # NOTE: Make sure it's set correctly if any external command is used. # # ex. PROFILENAME="foo.example.com" # For specific clinet system # PROFILENAME=`hostname -s` # Short hostname # PROFILENAME=`hostname -f` # FQDN PROFILENAME="" # Empty by default to let it be set automatically. # # ----------------------------------------------------------------------------- # DO NOT EDIT BEYOND THIS POINT ----------------------------------------------- # ----------------------------------------------------------------------------- # # an idea from Erich Morisse (of Red Hat). # use either wget *or* curl # Also check to see if the version on the # machine supports the insecure mode and format # command accordingly. if [ -x /usr/bin/wget ] ; then output=`LANG=en_US /usr/bin/wget --no-check-certificate 2>&1` error=`echo $output | grep "unrecognized option"` if [ -z "$error" ] ; then FETCH="/usr/bin/wget -q -r -nd --no-check-certificate" else FETCH="/usr/bin/wget -q -r -nd" fi else if [ -x /usr/bin/curl ] ; then output=`LANG=en_US /usr/bin/curl -k 2>&1` error=`echo $output | grep "is unknown"` if [ -z "$error" ] ; then FETCH="/usr/bin/curl -SksO" else FETCH="/usr/bin/curl -SsO" fi fi fi HTTP_PUB_DIRECTORY=http://${HOSTNAME}/pub HTTPS_PUB_DIRECTORY=https://${HOSTNAME}/pub if [ $USING_SSL -eq 0 ] ; then HTTPS_PUB_DIRECTORY=${HTTP_PUB_DIRECTORY} fi INSTALLER=up2date if [ -x /usr/bin/zypper ] ; then INSTALLER=zypper elif [ -x /usr/bin/yum ] ; then INSTALLER=yum fi if [ "$INSTALLER" == zypper ]; then echo echo "CHECKING THE REGISTRATION STACK" echo "-------------------------------------------------" echo "* check for necessary packages being installed:" Z_NEEDED="spacewalk-check spacewalk-client-setup spacewalk-client-tools rhncfg-actions rhncfg-client rhncfg-management zypp-plugin-spacewalk" Z_MISSING="" for P in $Z_NEEDED; do rpm -q "$P" || Z_MISSING="$Z_MISSING $P" done if [ -z "$Z_MISSING" ]; then echo " no packages missing." else echo "* going to install missing packages:" Z_CLIENT_REPO_NAME="susemanager-client-setup" Z_CLIENT_REPO_FILE="/etc/zypp/repos.d/${Z_CLIENT_REPO_NAME}.repo" if [ ! -f "$Z_CLIENT_REPO_FILE" ]; then echo " adding client software repository $Z_CLIENT_REPO_NAME" cat <<EOF >"$Z_CLIENT_REPO_FILE" [$Z_CLIENT_REPO_NAME] name=$Z_CLIENT_REPO_NAME baseurl=http://${HOSTNAME}/pub/repositories/${Z_CLIENT_REPO_NAME} enabled=1 autorefresh=1 keeppackages=0 gpgcheck=0 EOF zypper --non-interactive --gpg-auto-import-keys refresh "$Z_CLIENT_REPO_NAME" || exit 1 fi zypper --non-interactive in $Z_MISSING || exit 1 fi fi echo echo "UPDATING RHN_REGISTER/UP2DATE CONFIGURATION FILES" echo "-------------------------------------------------" echo "* downloading necessary files" echo " client_config_update.py..." rm -f client_config_update.py $FETCH ${HTTPS_PUB_DIRECTORY}/bootstrap/client_config_update.py echo " ${CLIENT_OVERRIDES}..." rm -f ${CLIENT_OVERRIDES} $FETCH ${HTTPS_PUB_DIRECTORY}/bootstrap/${CLIENT_OVERRIDES} if [ ! -f "client_config_update.py" ] ; then echo "ERROR: client_config_update.py was not downloaded" exit 1 fi if [ ! -f "${CLIENT_OVERRIDES}" ] ; then echo "ERROR: ${CLIENT_OVERRIDES} was not downloaded" exit 1 fi echo "* running the update scripts" if [ -f "/etc/sysconfig/rhn/rhn_register" ] ; then echo " . rhn_register config file" /usr/bin/python -u client_config_update.py /etc/sysconfig/rhn/rhn_register ${CLIENT_OVERRIDES} fi echo " . up2date config file" /usr/bin/python -u client_config_update.py /etc/sysconfig/rhn/up2date ${CLIENT_OVERRIDES} if [ ! -z "$ORG_GPG_KEY" ] ; then echo echo "* importing organizational GPG key" rm -f ${ORG_GPG_KEY} $FETCH ${HTTPS_PUB_DIRECTORY}/${ORG_GPG_KEY} # get the major version of up2date # this will also work for RHEL 5 and systems where no up2date is installed res=$(LC_ALL=C rpm -q --queryformat '%{version}' up2date | sed -e 's/\..*//g') if [ "x$res" == "x2" ] ; then gpg $(up2date --gpg-flags) --import $ORG_GPG_KEY else rpm --import $ORG_GPG_KEY fi fi echo echo "* attempting to install corporate public CA cert" if [ $USING_SSL -eq 1 ] ; then if [ $ORG_CA_CERT_IS_RPM_YN -eq 1 ] ; then rpm -Uvh ${HTTP_PUB_DIRECTORY}/${ORG_CA_CERT} else rm -f ${ORG_CA_CERT} $FETCH ${HTTP_PUB_DIRECTORY}/${ORG_CA_CERT} mv ${ORG_CA_CERT} /usr/share/rhn/ fi if [ "$INSTALLER" == zypper ] ; then if [ $ORG_CA_CERT_IS_RPM_YN -eq 1 ] ; then # get name from config ORG_CA_CERT=$(basename $(sed -n 's/^sslCACert *= *//p' /etc/sysconfig/rhn/up2date)) fi test -e "/etc/ssl/certs/${ORG_CA_CERT}.pem" || { test -d "/etc/ssl/certs" || mkdir -p "/etc/ssl/certs" ln -s "/usr/share/rhn/${ORG_CA_CERT}" "/etc/ssl/certs/${ORG_CA_CERT}.pem" test -x /usr/bin/c_rehash && /usr/bin/c_rehash /etc/ssl/certs/ | grep "${ORG_CA_CERT}" } fi fi echo echo "REGISTRATION" echo "------------" # Should have created an activation key or keys on the SUSE Manager Server's # website and edited the value of ACTIVATION_KEYS above. # # If you require use of several different activation keys, copy this file and # change the string as needed. # if [ -z "$ACTIVATION_KEYS" ] ; then echo "*** ERROR: in order to bootstrap SUSE Manager Server clients, an activation key or keys" echo " must be created in the SUSE Manager Server web user interface, and the" echo " corresponding key or keys string (XKEY,YKEY,...) must be mapped to" echo " the ACTIVATION_KEYS variable of this script." exit 1 fi if [ $REGISTER_THIS_BOX -eq 1 ] ; then echo "* registering" files="" directories="" if [ $ALLOW_CONFIG_ACTIONS -eq 1 ] ; then for i in "/etc/sysconfig/rhn/allowed-actions /etc/sysconfig/rhn/allowed-actions/configfiles"; do [ -d "$i" ] || (mkdir -p $i && directories="$directories $i") done [ -f /etc/sysconfig/rhn/allowed-actions/configfiles/all ] || files="$files /etc/sysconfig/rhn/allowed-actions/configfiles/all" [ -n "$files" ] && touch $files fi if [ -z "$PROFILENAME" ] ; then profilename_opt="" else profilename_opt="--profilename=$PROFILENAME" fi /usr/sbin/rhnreg_ks --force --activationkey "$ACTIVATION_KEYS" $profilename_opt [ -n "$files" ] && rm -f $files [ -n "$directories" ] && rmdir $(echo $directories | rev) echo echo "*** this system should now be registered, please verify ***" echo else echo "* explicitely not registering" fi echo echo "OTHER ACTIONS" echo "------------------------------------------------------" if [ $FULLY_UPDATE_THIS_BOX -eq 1 ] ; then if [ "$INSTALLER" == zypper ] ; then echo "zypper --non-interactive up zypper zypp-plugin-spacewalk; rhn-profile-sync; zypper --non-interactive up (conditional)" elif [ "$INSTALLER" == yum ] ; then echo "yum -y upgrade yum yum-rhn-plugin; rhn-profile-sync; yum upgrade (conditional)" else echo "up2date up2date; up2date -p; up2date -uf (conditional)" fi else if [ "$INSTALLER" == zypper ] ; then echo "zypper --non-interactive up zypper zypp-plugin-spacewalk; rhn-profile-sync" elif [ "$INSTALLER" == yum ] ; then echo "yum -y upgrade yum yum-rhn-plugin; rhn-profile-sync" else echo "up2date up2date; up2date -p" fi fi echo "but any post configuration action can be added here. " echo "------------------------------------------------------" if [ $FULLY_UPDATE_THIS_BOX -eq 1 ] ; then echo "* completely updating the box" else echo "* ensuring $INSTALLER itself is updated" fi if [ "$INSTALLER" == zypper ] ; then zypper ref -s zypper --non-interactive up zypper zypp-plugin-spacewalk if [ -x /usr/sbin/rhn-profile-sync ] ; then /usr/sbin/rhn-profile-sync else echo "Error updating system info in SUSE Manager Server." echo " Please ensure that rhn-profile-sync in installed and rerun it." fi if [ $FULLY_UPDATE_THIS_BOX -eq 1 ] ; then zypper --non-interactive up fi elif [ "$INSTALLER" == yum ] ; then /usr/bin/yum -y upgrade yum yum-rhn-plugin if [ -x /usr/sbin/rhn-profile-sync ] ; then /usr/sbin/rhn-profile-sync else echo "Error updating system info in SUSE Manager Server." echo " Please ensure that rhn-profile-sync in installed and rerun it." fi if [ $FULLY_UPDATE_THIS_BOX -eq 1 ] ; then /usr/bin/yum -y upgrade fi else /usr/sbin/up2date up2date /usr/sbin/up2date -p if [ $FULLY_UPDATE_THIS_BOX -eq 1 ] ; then /usr/sbin/up2date -uf fi fi echo "-bootstrap complete-"