#!/bin/bash # # Author: Georg Voell - georg.voell@standby.cloud # Version: @(#)bootstrap 3.2.1 21.09.2025 (c)2025 Standby.cloud # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/ # #@ Attach this script to the instance (Advanced Options - Cloud Init Script File). #@ It downloads admin scripts and tools as soon as internet access is available. #@ Supported platforms: All Linux variants, but only tested with Oracle Linux. #@ Some commands were only executed if OS is "Oracle Linux" or "Red Hat Enterprise Linux" and version >= 7. #@ Works for Oracle Cloud Infrastructure (OCI) and Oracle Public Cloud (OPC or OCI-Classic) #@ An internet connection (e.g. via Internet or NAT Gateway) or at least a Service Gateway is needed. # # Exit codes: # 01: Unsupported platform. # 02: No root privileges (needed to proceed). # 03: No 'curl' in PATH. # 04: No internet connection. # 05: Unable to install extra tools. # # Update history: # # V 3.0.0 04.07.2020 New version # V 3.0.1 08.07.2020 Minor changes # V 3.0.2 10.02.2021 Check if we have internet access # V 3.2.0 29.08.2025 Revised version # V 3.2.1 21.09.2025 Optional parameter # # Usage: # # # Install for all users # curl -skL https://standby.cloud/download/latest/bootstrap | sudo bash # # # Install for one user # curl -skL https://standby.cloud/download/latest/bootstrap | bash # # # Install also software for bastion services # curl -skL https://standby.cloud/download/latest/bootstrap | sudo bash -s bastion # # # Only set password for standard users # curl -skL https://standby.cloud/download/latest/bootstrap | sudo bash -s password # # # Only set vncpassword for vnc user # curl -skL https://standby.cloud/download/latest/bootstrap | sudo bash -s vncpassword # # # Only set key source for public ssh keys # curl -skL https://standby.cloud/download/latest/bootstrap | sudo bash -s keysource # # Set configuration variables TimeZone="Europe/Berlin" # Leave empty to use default timezone or change whatever is needed here Locale="LANG=C.UTF-8" # Leave empty to use default locale therwise change to e.g. "LANG=de_DE.UTF-8" or "LANG=en_US.UTF-8" Cockpit="Enabled" # Set variable to Enabled to enable cockpit otherwise set variable to Disabled Update="Security" # Set to "Disabled" if you don't want to update OS otherwise use "Full" or "Security" RotateLogs="true" # Set variable to true to zip old logs after the lines in log reach a certain limit # Repository where we download our scripts from readonly baseurl="https://standby.cloud/download" readonly storageurl="https://frcc4jd4wdkp.objectstorage.eu-frankfurt-1.oci.customer-oci.com/n/frcc4jd4wdkp/b/download/o" ### obsolete: readonly storageurl="https://objectstorage.eu-frankfurt-1.oraclecloud.com/n/frcc4jd4wdkp/b/download/o" # Information from instance metadata imdsurl="http://169.254.169.254/opc/v2" insttags="instance/definedTags/Instance-Tags" # Set some defaults exitcode=0 progstr="bootstrap" scriptsfile="install-scripts" toolsfile="install-tools" logdir="/var/log" logfile="${logdir}/${progstr}.log" historyfile="${HOME}/.secrets_history" sshdconfig="/etc/ssh/sshd_config" updatetype="" # Get current user and os PARAM1=`echo "$1" | tr '[:upper:]' '[:lower:]'` # First papameter PARAM2=${2} # Second papameter ME=`whoami` # Current user OS=`uname -s` # Infos about the host os (e.g. Darwin, SunOS, Linux) # Define username rootuser="root" jhuser="jumphost" if [ "$ID" = "ubuntu" ]; then opcuser="ubuntu" else opcuser="opc" fi # Get homes roothome=$(eval echo ~${rootuser}) opchome=$(eval echo ~${opcuser}) jhhome=$(eval echo ~${jhuser}) # Set PATH PATH="/bin:/.local/bin:/usr/local/bin:$PATH" # Check for some tools jq=`which "jq" 2>/dev/null | sed 's|^no jq in .*||'` oci=`which "oci" 2>/dev/null | sed 's|^no oci in .*||'` curl=`which "curl" 2>/dev/null | sed 's|^no curl in .*||'` rclone=`which "rclone" 2>/dev/null | sed 's|^no rclone in .*||'` transfer=`which "transfer" 2>/dev/null | sed 's|^no transfer in .*||'` vncpasswd=`which "vncpasswd" 2>/dev/null | sed 's|^no vncpasswd in .*||'` sshkeygen=`which "ssh-keygen" 2>/dev/null | sed 's|^no ssh-keygen in .*||'` # Write string to log with current date and time function WriteLog { local param=${1} if [ "$logfile" != "" ]; then curdate=`date "+%Y-%m-%d %T"` printf "%s\t%s\n" "$curdate" "$param" >> "$logfile" fi } # Delete file function DeleteFile { local filename=${1} if [ "$filename" != "" ]; then if [ -f "$filename" ]; then rm -f "$filename" fi fi } # Delete tempfiles function Cleanup { DeleteFile "/tmp/$scriptsfile" DeleteFile "/tmp/$toolsfile" } # Get OS name and version from /etc/os-release. Examples: # OL6: NAME="Oracle Linux Server" / ID="rhel" / VERSION_ID="6.10" / ID="ol" / ID_LIKE="fedora" # OL7: NAME="Oracle Linux Server" / VERSION_ID="7.9" / ID="ol" # OL8: NAME="Oracle Linux Server" / VERSION_ID="8.10" / ID="ol" # OL9: NAME="Oracle Linux Server" / VERSION_ID="9.6" / ID="ol" # OL10: NAME="Oracle Linux Server" / VERSION_ID="10.0" / ID="ol" # RHEL8: NAME="Red Hat Enterprise Linux" / VERSION_ID="8.6" / ID="rhel" # UBUNTU: Name="Ubuntu" / VERSION_ID="25.04" / ID=ubuntu / ID_LIKE=debian / VERSION_CODENAME=plucky function GetOSVersion { NAME="" ID="" ID_LIKE="fedora" VERSION_ID="" VERSION_CODENAME="" VERSION_MAIN=6 VERSION_GT_6="false" VERSION_GT_7="false" if [ -r /etc/os-release ]; then source /etc/os-release ID_LIKE=`echo "$ID_LIKE" | cut -d' ' -f1` if [ "$VERSION_ID" != "" ]; then VERSION_MAIN=`echo "$VERSION_ID" | cut -d'.' -f1` if [ "$VERSION_MAIN" != "" ]; then if [ "$ID" = "ol" -o "$ID" = "rhel" ]; then if [ $VERSION_MAIN -gt 6 ]; then VERSION_GT_6="true" if [ $VERSION_MAIN -gt 7 ]; then VERSION_GT_7="true" fi fi fi fi fi fi # Determine tools case "$ID_LIKE" in fedora) instcmd=`which "yum" 2>/dev/null | sed 's|^no yum in .*||'` if [ "$instcmd" = "" ]; then instcmd=`which "dnf" 2>/dev/null | sed 's|^no dnf in .*||'` fi firewallcmd=`which "firewall-cmd" 2>/dev/null | sed 's|^no firewall-cmd in .*||'` ;; debian) instcmd=`which "apt" 2>/dev/null | sed 's|^no apt in .*||' if [ "$instcmd" = "" ]; then instcmd=`which "apt-get" 2>/dev/null | sed 's|^no apt-get in .*||'` fi if [ "$instcmd" != "" ]; then $instcmd update >/dev/null 2>&1 fi firewallcmd=`which "ufw" 2>/dev/null | sed 's|^no ufw in .*||'` ;; suse | opensuse) instcmd=`which "zypper" 2>/dev/null | sed 's|^no zypper in .*||' firewallcmd=`which "firewall-cmd" 2>/dev/null | sed 's|^no firewall-cmd in .*||'` ;; esac systemctl=`which "systemctl" 2>/dev/null | sed 's|^no systemctl in .*||'` } # Install language packs function InstallLanguagePacks { local currlang="" # Load language packs on ol or rhel and version greater 7 if [ "$instcmd" != "" -a "$VERSION_GT_7" = "true" ]; then currlang="$LANG" LANG=C.utf8 $instcmd install -y langpacks-en glibc-all-langpacks LANG="$currlang" fi } # Install Cockpit function InstallCockpit { if [ "$instcmd" != "" ]; then $instcmd install -y cockpit fi # Check if cockpit folder exists (needed by OL7) if [ ! -d "/run/cockpit" ]; then mkdir "/run/cockpit" chmod 755 "/run/cockpit" fi # Delete cockpit motd (needed by OL8) DeleteFile "/etc/motd.d/cockpit" } # Set password for a user function SetPassword { local user=${1} local password=${2} local stat=1 if [ "$user" != "" -a "$password" != "" ]; then echo "$password" | passwd "$user" --stdin stat=$? fi return $stat } # Set vnc password for a user function SetVncPassword { local password=${1} local passwdfile="${jhhome}/.config/tigervnc/passwd" local passwddir=`dirname $passwdfile` local stat=1 if [ "$jhuser" != "" -a "$password" != "" -a "$vncpasswd" != "" ]; then # Could do better if we check the version of vncpasswd if [ "$VERSION_MAIN" != "" ]; then if [ $VERSION_MAIN -lt 8 ]; then passwdfile="${jhhome}/.vnc/passwd" passwddir=`dirname $passwdfile` fi fi echo "$password" | $vncpasswd -f > "$passwdfile" stat=$? if [ -f "$passwdfile" ]; then chown -R ${jhuser}:$jhuser "$passwddir" chmod 600 "$passwdfile" fi fi return $stat } # Set passwords (read from file) for all specified users function SetAllPasswords { local password="" local user="" local stat=0 if [ "$PARAM1" = "password" -a "$PARAM2" != "" ]; then password="$PARAM2" else if [ -s "${HOME}/.newpasswd" ]; then password=`cat "${HOME}/.newpasswd"` fi fi if [ "$password" != "" ]; then for user in $rootuser $opcuser; do SetPassword "$user" "$password" stat=$? if [ $stat -eq 0 ]; then echo "Password for user '$user' set." else echo "Unable to set password for user '$user'." fi done # Rename passwd file is insecure - delete it instead if [ -f "${HOME}/.newpasswd" ]; then # mv -f "${HOME}/.newpasswd" "${HOME}/.passwd" rm -f "${HOME}/.newpasswd" fi fi # Make sure password is empty password="" # Set VNC password only if tool is available if [ "$vncpasswd" != "" ]; then if [ "$PARAM1" = "vncpassword" -a "$PARAM2" != "" ]; then password="$PARAM2" else if [ -s "${HOME}/.newvncpasswd" ]; then password=`cat "${HOME}/.newvncpasswd"` fi fi if [ "$password" != "" ]; then SetVncPassword "$password" stat=$? if [ $stat -eq 0 ]; then # mv -f "${HOME}/.newvncpasswd" "${HOME}/.vncpasswd" rm -f "${HOME}/.newvncpasswd" echo "VNC password for user '$jhuser' set." else echo "Unable to set VNC password for user '$jhuser'." fi fi fi } # Download file from standby.cloud function DownloadFile { local filename=${1} local stage=${2} local grepres="" local code="" local stat=1 if [ "$filename" != "" ]; then # Try to get file from Internet $curl -skL "${baseurl}/${stage}/$filename" -o "/tmp/$filename" stat=$? if [ $stat -eq 0 -a -s "/tmp/$filename" ]; then grepres=`grep '^' "/tmp/$filename"` if [ "$grepres" != "" ]; then code=`echo "$grepres" | cut -d'>' -f2 | cut -d'<' -f1` echo "Unable to download '$filename' from Internet - Errorcode: '$code'" stat=1 else chmod 755 "/tmp/$filename" fi fi if [ $stat -ne 0 ]; then # Try to get file from ObjectStorage $curl -skL "${storageurl}/${stage}/$filename" -o "/tmp/$filename" stat=$? if [ $stat -eq 0 -a -s "/tmp/$filename" ]; then grepres=`grep '^{"code":"' "/tmp/$filename"` if [ "$grepres" != "" ]; then code=`echo "$grepres" | cut -d'"' -f4` echo "Unable to download '$filename' from ObjectStorage - Errorcode: '$code'" stat=1 else chmod 755 "/tmp/$filename" fi fi fi if [ $stat -ne 0 ]; then DeleteFile "/tmp/$filename" fi fi return $stat } # Check for internet connection function CheckInternet { local i=0 local max=120 local stat=1 while [ $stat -ne 0 -a $i -lt $max ]; do DownloadFile "$scriptsfile" "latest" >> $logfile 2>&1 stat=$? # Increase counter let "i++" if [ $stat -ne 0 -a $i -lt $max ]; then # Pause 3 seconds sleep 3 fi done # Exit, if we can't download file if [ $stat -ne 0 ]; then exitcode=4 WriteLog "No internet connection - stat: '$stat'." Cleanup exit 4 fi } # Download and compile putty function CompilePutty { local curdir=`pwd` if [ "$instcmd" != "" -a ! -d "/usr/local/src/putty-0.83" ]; then # Install needed tools $instcmd install -y gcc cmake # Install putty cd /usr/local/src wget https://the.earth.li/~sgtatham/putty/latest/putty-0.83.tar.gz 2>>$logfile tar xvf putty-0.83.tar.gz rm -f putty-0.83.tar.gz cd putty* cmake . 2>>$logfile cmake --build . 2>>$logfile cd "$curdir" fi } # Download and compile python 3.9 function CompilePython39 { local curdir=`pwd` if [ "$instcmd" != "" -a ! -d "/usr/local/ssl" ]; then # Install needed tools $instcmd install -y gcc libffi-devel zlib-devel bzip2-devel openssl-devel ncurses-devel sqlite-devel \ readline-devel tk-devel gdbm-devel libpcap-devel xz-devel # Install openssl cd /usr/local/src wget https://www.openssl.org/source/openssl-1.0.2q.tar.gz 2>>$logfile tar xvf openssl-1.0.2q.tar.gz rm -f openssl-1.0.2q.tar.gz cd openssl* ./config 2>>$logfile make 2>>$logfile make install 2>>$logfile # Install Python 3.9 cd /usr/local/src wget https://www.python.org/ftp/python/3.9.19/Python-3.9.19.tgz 2>>$logfile tar xvf Python-3.9.19.tgz rm -f Python-3.9.19.tgz cd Python* mv -f Modules/Setup Modules/Setup.org cat Modules/Setup.org | sed 's|#SSL=/usr/local/ssl|SSL=/usr/local/ssl|' | sed 's|#_ssl _ssl.c|_ssl _ssl.c|' \ | sed 's|# -DUSE_SSL -I$(SSL)/include -I$(SSL)/include/openssl| -DUSE_SSL -I$(SSL)/include -I$(SSL)/include/openssl|' \ | sed 's|# -L$(SSL)/lib -lssl -lcrypto| -L$(SSL)/lib -lssl -lcrypto|' > Modules/Setup ./configure --enable-optimizations 2>>$logfile make install 2>>$logfile cd "$curdir" fi } # Configuration for tigervnc only works for OL8+ # For OL7: https://docs.oracle.com/en/operating-systems/oracle-linux/7/network/network-ConfiguringtheVNCService.html#ol7-vnc-config function InstallBastionAddons { # Create jumphost user user-management check $jhuser $jhuser -c "Jumphost User" -s "/bin/bash" >> $logfile jhhome=$(eval echo ~${jhuser}) # Create tigervnc dir if [ ! -d "${jhhome}/.config/tigervnc" ]; then mkdir -m 0700 -p "${jhhome}/.config/tigervnc" chown -R ${jhuser}:$jhuser "${jhhome}/.config" fi # Copy bash profile from user opc cp -f "${opchome}/.bash_profile" "${jhhome}/" # Install server software and VNC server if [ "$instcmd" != "" ]; then $instcmd groupinstall -y "Server with GUI" >> $logfile $instcmd install -y tigervnc-server tigervnc-server-module >> $logfile # Configure VNC server echo ":1=$jhuser" >> /etc/tigervnc/vncserver.users result=`ls /usr/share/xsessions/` result=`echo "$result" | grep "gnome-classic.desktop"` if [ "$result" != "" ]; then result=`grep "^session=gnome" /etc/tigervnc/vncserver-config-defaults` if [ "$result" != "" ]; then mv -f /etc/tigervnc/vncserver-config-defaults /etc/tigervnc/vncserver-config-defaults.old cat /etc/tigervnc/vncserver-config-defaults.old | sed 's|^session=gnome|session=gnome-classic|' > /etc/tigervnc/vncserver-config-defaults else echo "session=gnome-classic" >> /etc/tigervnc/vncserver-config-defaults fi fi echo "geometry=1280x1024" >> /etc/tigervnc/vncserver-config-defaults # Set VNC password vncpasswd=`which "vncpasswd" 2>/dev/null | sed 's|^no vncpasswd in .*||'` SetAllPasswords >> $logfile # Start VNC server if [ "$systemctl" != "" ]; then echo "Enabling VNC." $systemctl daemon-reload $systemctl enable --now vncserver@:1.service 2>> $logfile fi fi } # Check if AuthorizedKeysCommand in sshd_config is set function CheckAuthKeysCommand { local result="" if [ -s "$sshdconfig" ]; then result=`grep "^AuthorizedKeysCommand " "$sshdconfig"` if [ "$result" != "" ]; then result=`echo "$result" | awk '{print $2}'` fi fi echo "$result" } # Define the source of the keys function ModifyAuthKeysCommand { local keysource=${1} local keysconfig="/etc/ssh/keys_config" local getauthkeys="" local result="" if [ -s "$sshdconfig" -a "$keysource" != "" ]; then getauthkeys=`CheckAuthKeysCommand` if [ "$getauthkeys" != "" ]; then if [ -s "$keysconfig" ]; then mv -f "$keysconfig" "${keysconfig}.old" fi echo "$keysource" > "$keysconfig" chmod 644 "$keysconfig" # Check if we get a key from tool result=`"$getauthkeys" "$opcuser" 2>/dev/null | grep "^ssh-rsa "` if [ "$result" = "" ]; then echo "No keys from key source '$keysource'." if [ -s "${keysconfig}.old" ]; then mv -f "${keysconfig}.old" "$keysconfig" fi else echo "Key source changed to '$keysource'." DeleteFile "${keysconfig}.old" fi fi fi } # Check if get-authkeys is activated in sshd config function CheckConfig { local authkeysfile="${opchome}/.ssh/authorized_keys" local getauthkeys="" local header="" local key="" local keyname="" local result="" if [ -s "$sshdconfig" ]; then getauthkeys=`CheckAuthKeysCommand` if [ "$getauthkeys" = "" ]; then # Install get-authkeys key-management install getauthkeys=`CheckAuthKeysCommand` if [ "$getauthkeys" = "" ]; then echo "Unable to install tool 'get-authkeys'." else echo "Tool 'get-authkeys' installed." fi else echo "Tool 'get-authkeys' already checked." fi fi # Check if public ssh key for user opc is disabled if [ -s "$authkeysfile" -a "$getauthkeys" != "" ]; then # First check if we get keys from tool result=`"$getauthkeys" "$opcuser" 2>/dev/null | grep "^ssh-rsa "` if [ "$result" != "" ]; then mv -f "$authkeysfile" "${authkeysfile}.tmp" echo "# Public ssh keys for user '$opcuser' are managed by '$getauthkeys'." > "$authkeysfile" echo "# Archived public ssh keys for user '$opcuser'." > "${authkeysfile}.old" echo "# Please restore this file before uninstalling '$getauthkeys'." >> "${authkeysfile}.old" chmod 600 "$authkeysfile" "${authkeysfile}.old" chown ${opcuser}:$opcuser "$authkeysfile" "${authkeysfile}.old" # Check if there are additional keys in authorized_keys file while read -r header key keyname; do result=`"$getauthkeys" "$opcuser" | grep "$key"` if [ "$result" = "" ]; then # Key is not managed by tool - keep it in authorized_keys file if [ "$keyname" = "" ]; then printf "%s %s\n" "$header" "$key" >> "$authkeysfile" else printf "%s %s %s\n" "$header" "$key" "$keyname" >> "$authkeysfile" fi else # Key is managed by tool - move it to authorized_keys.old file if [ "$keyname" = "" ]; then printf "%s %s\n" "$header" "$key" >> "${authkeysfile}.old" else printf "%s %s %s\n" "$header" "$key" "$keyname" >> "${authkeysfile}.old" fi fi done < <(grep '^ssh-rsa ' "${authkeysfile}.tmp") # Delete temp file DeleteFile "${authkeysfile}.tmp" fi fi } # Reads a tag from instance metadata - if not set, output the value of first parameter function GetInfoFromMetadata { local tagname=${1} local result="" if [ "$transfer" != "" ]; then result=`$transfer --quiet --auth "${imdsurl}/${insttags}/$tagname" 2>/dev/null | head -n 1 | grep -v "^<html>"` stat=$? if [ $stat -eq 0 -a "$result" != "" ]; then echo "$result" else echo ${!tagname} fi else echo ${!tagname} fi } ### Main # Get OS and version, if possible if [ "$OS" != "Linux" ]; then echo "Unsupported platform '$OS'. Exiting." exitcode=1 else # Check if we have root privileges if [ "$ME" != "root" ]; then echo "Need to be 'root'. Exiting." exitcode=2 else # Check if we have curl installed if [ "$curl" = "" ]; then echo "No 'curl' in PATH. Exiting." exitcode=3 else # Check OS and version GetOSVersion # Check if logdir exists - otherwise create it if [ ! -d "$logdir" ]; then mkdir -m 0755 -p "$logdir" fi # Print divider and header echo "----------------------------------------------------------------------" >> "$logfile" WriteLog "Tool '$progstr' started." if [ "$NAME" != "" ]; then echo "OS: '$OS', Name: '$NAME', Version: '${ID}:$VERSION_ID'." >> $logfile else echo "OS: '$OS'." >> $logfile fi if [ "$PARAM1" = "keysource" ]; then ModifyAuthKeysCommand "$PARAM2" >> $logfile else # Set password for opc, root and vnc user SetAllPasswords >> $logfile fi if [ "$PARAM1" != "password" -a "$PARAM1" != "vncpassword" -a "$PARAM1" != "keysource" ]; then # Wait for internet connection CheckInternet # Download maintenance and cloud-agent updatetype=`GetInfoFromMetadata "Update"` for scriptname in maintenance cloud-agent; do if [ ! -s "/sbin/$scriptname" -o "$updatetype" = "Full" ]; then DownloadFile "$scriptname" "extra" >> $logfile 2>&1 stat=$? if [ $stat -eq 0 ]; then mv -f "/tmp/$scriptname" /sbin fi fi done # Download crontab file crontab -l >/dev/null 2>&1 stat=$? if [ $stat -gt 0 ]; then # Crontab not installed scriptname="crontab-root" DownloadFile "$scriptname" "samples" >> $logfile 2>&1 stat=$? if [ $stat -eq 0 ]; then crontab "/tmp/$scriptname" stat=$? DeleteFile "/tmp/$scriptname" fi fi # Check if maintenance can be used maintenance=`which "maintenance" 2>/dev/null | sed 's|^no maintenance in .*||'` if [ "$maintenance" != "" ]; then $maintenance status >> $logfile stat=$? else stat=1 fi if [ $stat -eq 0 ]; then # Check if oci cli was already installed and try to download infos for passwords and keys # GetInfosFromCloud >> $logfile # Archive old logs if [ "$RotateLogs" = "true" ]; then $maintenance "rotatelogs" "$logdir" >> $logfile fi # Set locale and timezone InstallLanguagePacks >> $logfile result=`GetInfoFromMetadata "Locale"` $maintenance "locale" "$result" >> $logfile result=`GetInfoFromMetadata "TimeZone"` $maintenance "timezone" "$TimeZone" >> $logfile # Enable cockpit if needed InstallCockpit >> $logfile result=`GetInfoFromMetadata "Cockpit"` $maintenance "cockpit" "$result" >> $logfile # Install version specific software (before installing scripts and tools) if [ "$VERSION_MAIN" != "" ]; then case "$VERSION_MAIN" in 7) CompilePython39 >> $logfile if [ "$transfer" = "" ]; then mv -f "${opchome}/.bash_profile" "${opchome}/.bash_profile.old" head -n 8 "${opchome}/.bash_profile.old" > "${opchome}/.bash_profile" chown ${opcuser}:$opcuser "${opchome}/.bash_profile" fi ;; 8) CompilePutty >> $logfile ;; esac fi # Install scripts (if not installed) if [ "$transfer" = "" ]; then WriteLog "Installing admin scripts." "/tmp/$scriptsfile" >> $logfile DeleteFile "${opchome}/.bash_profile.old" if [ -f /etc/profile.d/alx.sh ]; then mkdir /etc/profile.d/unused mv -f /etc/profile.d/alx.sh /etc/profile.d/unused fi cp -f "${opchome}/.bash_profile" /root/ echo "get-platform --output line name,codename,version_id,machine,fqdn,ip_v4" >> "${opchome}/.bash_profile" else echo "Admin scripts already installed." >> $logfile fi # Install tools (if not installed) if [ "$rclone" = "" ]; then DownloadFile "$toolsfile" "latest" >> $logfile 2>&1 stat=$? if [ $stat -eq 0 ]; then WriteLog "Installing tools." "/tmp/$toolsfile" >> $logfile fi else echo "Tools already installed. Update with 'setup-tools update' if needed." >> $logfile fi # Check if sudo is enabled for ocarun ocaruncmdfile="/etc/sudoers.d/101-oracle-cloud-agent-run-command" if [ ! -f "$ocaruncmdfile" ]; then echo 'ocarun ALL=NOPASSWD: /sbin/bootstrap, /sbin/maintenance' > $ocaruncmdfile chmod 440 $ocaruncmdfile fi # Check sshd config CheckConfig >> $logfile # Update OS, if specified if [ "$updatetype" != "" -a "$instcmd" != "" ]; then if [ "$updatetype" = "Full" ]; then # Update admin scripts and tools echo "yes" | setup-tools update >> $logfile fi if [ "$ID_LIKE" = "debian" ]; then # Get latest repo infos $instcmd update >> $logfile 2>&1 if [ "$updatetype" = "Security" ]; then unattended-upgrade >> $logfile 2>&1 else if [ "$updatetype" = "Full" ]; then $instcmd -y upgrade >> $logfile 2>&1 fi fi else if [ "$ID_LIKE" = "fedora" ]; then if [ "$updatetype" = "Security" ]; then $instcmd -y update --security >> $logfile 2>&1 else if [ "$updatetype" = "Full" ]; then $instcmd -y update >> $logfile 2>&1 fi fi fi fi fi # Install software for bastion services if [ "$PARAM" = "bastion" -a "$VERSION_GT_7" = "true" ]; then if [ "$vncpasswd" = "" ]; then # vncpasswd (coming with tigervnc) isn't installed yet - do it now InstallBastionAddons >> $logfile else echo "Bastion software already installed." >> $logfile fi fi else echo "Could not install extra tools." >> $logfile exitcode=5 fi fi fi fi fi # Cleanup and exit Cleanup exit $exitcode