#!/bin/bash usageHelp="Usage: ${0##*/}" hostHelp="-w " cpHelp="-c <1, 0> - enable or disable cPanel plugin." fwHelp="-f - must be 'apf', 'csf', 'iptables' or 'none'." dcHelp="-d - must be 'dc1', 'dc2', or 'dc3'" sectionHelp="-s - section number" iHelp="-i - backup interface (eth1, etc.)" function printHelpAndExit() { echo "" echo "$usageHelp" echo "$hostHelp" echo "$cpHelp" echo "$fwHelp" echo "$dcHelp" echo "$sectionHelp" echo "$iHelp" echo "" exit } function printErrorHelpAndExit() { printHelpAndExit 1 } target="" fwtype="" cpanel="" datacenter="" section="" backupif="" while getopts "hw:f:c:d:s:i:" optionName; do case "$optionName" in h) printHelpAndExit 0;; w) target="$OPTARG";; f) fwtype="$OPTARG";; c) cpanel="$OPTARG";; d) datacenter="$OPTARG";; s) section="$OPTARG";; i) backupif="$OPTARG";; [?]) printErrorHelpAndExit "$badOptionHelp";; esac done if [ "$target" == "" ] || [ "$fwtype" == "" ] || [ "$cpanel" == "" ] || [ "$datacenter" == "" ] || [ "$section" == "" ] || [ "$backupif" == "" ]; then echo "Please specify proper arguments. All options are required." printErrorHelpAndExit fi function installAgent() { /root/bin/upmykey ${target} ssh ${target} "mkdir /etc/nodename && touch /etc/nodename/$(hostname)" ssh ${target} mkdir -p /home/temp/guardian rsync -avHlx -e ssh /home/guardian/* root@${target}:/home/temp/guardian/ ARCH=$(ssh ${target} uname -m) if [ ${ARCH} == "i686" ]; then INSTALLER="/home/temp/guardian/linux-agent-32-1.70.1-generic.run" ssh ${target} chmod +x ${INSTALLER} ssh ${target} ${INSTALLER} -- --yes ssh ${target} cp -a /home/temp/guardian/server.allow/* /etc/buagent/server.allow/ else INSTALLER="/home/temp/guardian/linux-agent-64-1.70.1-generic.run" ssh ${target} chmod +x ${INSTALLER} ssh ${target} ${INSTALLER} -- --yes ssh ${target} cp -a /home/temp/guardian/server.allow/* /etc/buagent/server.allow/ fi # enable cpanel if needed if [ "$cpanel" == "1" ]; then ssh ${target} /usr/lib/buagent/control-panels/cpanel/cpanel-integrate.sh fi } installAgent # clean up ssh ${target} rm -rfv /home/temp/guardian case "$fwtype" in apf) if [ "$datacenter" == "dc1" ]; then ssh ${target} "echo 'tcp:in:d=1167:s=10.2.0.0/22' >> /etc/apf/allow_hosts.rules" ssh ${target} service apf restart elif [ "$datacenter" == "dc2" ]; then ssh ${target} "echo 'tcp:in:d=1167:s=10.4.0.0/22' >> /etc/apf/allow_hosts.rules" ssh ${target} service apf restart elif [ "$datacenter" == "dc3" ]; then ssh ${target} "echo 'tcp:in:d=1167:s=209.59.184.0/24' >> /etc/apf/allow_hosts.rules" ssh ${target} service apf restart else echo "DC not defined, skipping firewall changes." fi;; csf) if [ "$datacenter" == "dc1" ]; then ssh ${target} "echo 'tcp:in:d=1167:s=10.2.0.0/22' >> /etc/csf/csf.allow" ssh ${target} "echo 'tcp:out:d=1167:s=10.2.0.0/22' >> /etc/csf/csf.allow" ssh ${target} service csf restart elif [ "$datacenter" == "dc2" ]; then ssh ${target} "echo 'tcp:in:d=1167:s=10.4.0.0/22' >> /etc/csf/csf.allow" ssh ${target} "echo 'tcp:out:d=1167:s=10.4.0.0/22' >> /etc/csf/csf.allow" ssh ${target} service csf restart elif [ "$datacenter" == "dc3" ]; then ssh ${target} "echo 'tcp:in:d=1167:s=209.59.184.0/24' >> /etc/csf/csf.allow" ssh ${target} "echo 'tcp:out:s=1167:d=209.59.184.0/24' >> /etc/csf/csf.allow" ssh ${target} service csf restart else echo "DC not defined, skipping firewall changes." fi;; iptables) if [ "$datacenter" == "dc1" ]; then ssh ${target} echo "iptables -I INPUT -p tcp -s 10.2.0.0/22 --dport 1167 -i $backupif -j ACCEPT" ssh ${target} /etc/init.d/iptables save elif [ "$datacenter" == "dc2" ]; then ssh ${target} echo "iptables -I INPUT -p tcp -s 10.4.0.0/22 --dport 1167 -i $backupif -j ACCEPT" ssh ${target} /etc/init.d/iptables save elif [ "$datacenter" == "dc3" ]; then ssh ${target} echo "iptables -I INPUT -p tcp -s 209.59.184.0/24 --dport 1167 -i $backupif -j ACCEPT" fi;; none) echo "No firewall changes needed.";; esac if [ "$datacenter" == "dc3" ]; then ssh ${target} "echo \"209.59.184.0/24 via 10.30.${section}8.1 dev ${backupif}\" > /etc/sysconfig/network-scripts/route-${backupif}" ssh ${target} /etc/init.d/network restart else echo "No routing changes needed." fi echo "Agent installation complete. Please finish setup according to the wiki instructions." echo "See https://wiki.int.example.com/articles/Guardian_server_install for more details."