#!/bin/bash # This script configures a vRO appliance to meet the requirements of the SovLabs plugin. # Run this script on each of your vRO appliances. clear VMOPROPERTIES="/etc/vco/app-server/vmo.properties" JSIORIGHTS="/etc/vco/app-server/js-io-rights.conf" SETENV="/usr/lib/vco/app-server/bin/setenv.sh" KRB5="/usr/java/jre-vmware/lib/security/krb5.conf" STRUTSPROPERTIES="/var/lib/vco/configuration/webapps/vco-config/WEB-INF/classes/struts.properties" VCOCONFIGSETENV="/usr/lib/vco/configuration/bin/setenv.sh" VROCONFIGURE="/var/lib/vco/tools/configuration-cli/bin/vro-configure.sh" #DOMAINS=$1 if [ "$EUID" -ne 0 ] then echo "**This script must be run as root" exit 1 fi echo "#################################################################################################" echo "" echo "Welcome to the SovLabs Modules vRO pre-configuration utility." echo "Please be aware that this scipt will make modifications to several files on the vRO server and " echo "will require a restart of the vco-server service when complete." echo "" echo "#################################################################################################" read -p "Continue? y/n: " answer case $answer in [Yy]* ) ;; [Nn]* ) echo "**Exiting"; exit ;; * ) echo "**Please type y or n: " ;; esac echo "This script needs to create a file to enable Kerberos authentication. Please enter the information needed to create a valid KRB5 file." echo "" read -p "Please enter your default realm - this is usually the same as your domain name: " default_realm echo "" echo "Enter one or more KDCs for your default realm. You may enter the FQDNs of your Domain Controllers here, separated by colons. Alternatively, you may enter the domain and it will search the Domain for KDCs. This is a matter of choice, but we recommend the individual DCs here." read -p "Please enter one or more KDCs for your default realm. Separate multiple KDCs with colons: " default_realm_kdcs if [[ -z $default_realm_kdcs ]]; then default_realm_kdcs=$default_realm; fi num_realms=0 while true; do echo "" read -p "Configure another realm? y/n : " answer case $answer in [Yy]* ) read -p "Please enter realm name: " realm; read -p "Please enter one or more KDCs for realm. Separate multiple kdcs with colons: " realm_kdcs; MOREDOMAINS[$num_realms]="$realm:$realm_kdcs"; ((num_realms++)) ; ;; [Nn]* ) break ;; * ) echo "**Please type y or n: " ;; esac done DOMAINS="$default_realm:$default_realm_kdcs" echo "DOMAINS=$DOMAINS" if [[ $num_realms -ge 1 ]]; then max=${num_realms} count=0 while [[ $count -le $max ]]; do DOMAINS="$DOMAINS,${MOREDOMAINS[${count}]}" ((count++)) done fi if [ -f $KRB5 ] then echo "" echo "$KRB5 already exists. Making backup copy ${KRB5}.bak" cp -i $KRB5 ${KRB5}.bak echo "" > $KRB5 else echo "" echo "$KRB5 does not exist. Creating it." touch $KRB5 echo "" echo "Changing permissions on new $KRB5 file" chmod 644 $KRB5 fi if [ ! -z "$DOMAINS" ] then OIFS="$IFS" IFS=',' read -a domainsArray <<< "${DOMAINS}" IFS="$OIFS" if [ -f $KRB5 ] then echo "[libdefaults]" >> $KRB5 printf " default_realm = %s\n" "$(echo "${domainsArray[0]}" | cut -d ':' -f1 | tr '[:lower:]' '[:upper:]')" >> $KRB5 echo " udp_preferences_limit = 1" >> $KRB5 echo " [realms]" >> $KRB5 for i in "${domainsArray[@]}" do OIFS="$IFS" IFS=':' read -a domainInfoArray <<< "${i}" IFS="$OIFS" printf " %s = {\n" "$(echo "${domainInfoArray[0]}" | tr '[:lower:]' '[:upper:]')" >> $KRB5 for ((k=1; k < ${#domainInfoArray[@]}; k++)) do printf " kdc = %s\n" "$(echo "${domainInfoArray[$k]}" | tr '[:upper:]' '[:lower:]')" >> $KRB5 done printf " default_domain = %s\n" "$(echo "${domainInfoArray[0]}" | tr '[:upper:]' '[:lower:]')" >> $KRB5 echo " }" >> $KRB5 unset domainInfoArray done echo "[domain_realm]" >> $KRB5 for i in "${domainsArray[@]}" do printf " .%s=%s\n" "$(echo "$i" | cut -d ':' -f1 | tr '[:upper:]' '[:lower:]')" "$(echo "$i" | cut -d ':' -f1 | tr '[:lower:]' '[:upper:]')" >> $KRB5 printf " %s=%s\n" "$(echo "$i" | cut -d ':' -f1 | tr '[:upper:]' '[:lower:]')" "$(echo "$i" | cut -d ':' -f1 | tr '[:lower:]' '[:upper:]')" >> $KRB5 done echo "[logging]" >> $KRB5 echo " kdc = FILE:/var/log/krb5/krb5kdc.log" >> $KRB5 echo " admin_server = FILE:/var/log/krb5/kadmin.log" >> $KRB5 echo " default = SYSLOG:NOTICE:DAEMON" >> $KRB5 else echo "**Error: $KRB5 does not exist." fi echo "##########################" echo "The new $KRB5 file: " echo "##########################" echo "" cat $KRB5 read -p "Write this file? Answer n to discard all changes and exit: y/n: " answer case $answer in [Yy]* ) ;; [Nn]* ) echo "**Reverting $KRB5 and exiting."; mv ${KRB5}.bak $KRB5 ; exit ;; * ) echo "**Please type y or n: " ;; esac fi #echo "Domains: $DOMAINS" if [ -f $VMOPROPERTIES ] then echo "" echo "Adding com.vmware.js.allow-local-process=true to ${VMOPROPERTIES}" if ! grep -iq "com.vmware.js.allow-local-process=true" $VMOPROPERTIES; then TMPFILE='mktemp' || exit 1 cat $VMOPROPERTIES | grep -iv "^com.vmware.js.allow-local-process" > $TMPFILE cat $TMPFILE > $VMOPROPERTIES echo -e "\ncom.vmware.js.allow-local-process=true" >> $VMOPROPERTIES rm $TMPFILE else echo "Nothing to do" fi else echo "File ${VMOPROPERTIES} does not exist." fi if [ -f $JSIORIGHTS ] then echo "" echo "Adding +rwx /tmp to $JSIORIGHTS" if grep -iq "^+rwx /tmp" $JSIORIGHTS; then echo "Nothing to do" else echo -e "\n+rwx /tmp" >> $JSIORIGHTS chown vco:vco $JSIORIGHTS || echo "Error: could not change owner of $JSIORIGHTS" chmod 640 $JSIORIGHTS || echo "Error: could not change file permissions of $JSIORIGHTS" fi else echo "File $JSIORIGHTS not found." fi if [ -f $VROCONFIGURE ] then SYNCLOCALOPTIONEXISTS="$("$VROCONFIGURE" | echo "$(grep -c sync-local)")" else SYNCLOCALOPTIONEXISTS=0 fi echo "" if [[ $SYNCLOCALOPTIONEXISTS -gt 0 ]] then echo "Executing command \"$VROCONFIGURE sync-local\"" SYNCLOCALCMD="$VROCONFIGURE sync-local" $SYNCLOCALCMD >/dev/null 2>&1 if [ $? -eq 0 ] then echo "Command \"$VROCONFIGURE sync-local\" succeeded" else echo "Command \"$VROCONFIGURE sync-local\" failed" fi else echo "Command \"$VROCONFIGURE sync-local\" not available, skipping this step" fi if [ -f $STRUTSPROPERTIES ] then echo "" echo "Changing struts.multipart.maxSize - *vRO versions before 7 only." MAXSIZE=153621150 if ! grep -iq "struts.multipart.maxSize=${MAXSIZE}" $STRUTSPROPERTIES; then TMPFILE='mktemp' || exit 1 grep -iv "^struts.multipart.maxSize" $STRUTSPROPERTIES > $TMPFILE cat $TMPFILE > $STRUTSPROPERTIES echo -e "\nstruts.multipart.maxSize=${MAXSIZE}" >> $STRUTSPROPERTIES rm $TMPFILE else echo "Nothing to do" fi else echo "File $STRUTSPROPERTIES does not exist." fi if [ -f $VCOCONFIGSETENV ] then echo "" echo "Updating setenv.sh java -Xmx value for configurator (addresses Out of Memory error on Plugin installation)" grep -A4 "MEM_OPTS=" $VCOCONFIGSETENV echo "Above, you should see the -Xmx value for the configurator. If it's 512m or less, update it to 768m. Update the Xmx value? " read -p "Type Y to update or N to skip: " answer case $answer in [Yy]* ) read -p "Enter the current value of Xmx: " XMX read -p "Enter the desired new value of -Xmx in MB (suggested value: 768) " New_XMX #strip off any extra characters XMX_Stripped=`echo $XMX | sed 's/[^0-9]*//g'` New_XMX_Stripped=`echo $New_XMX | sed 's/[^0-9]*//g'` echo "Making backup copy of $VCOCONFIGSETENV ($VCOCONFIGSETENV.bak) " cp $VCOCONFIGSETENV $VCOCONFIGSETENV.bak echo "Creating new file ($VCOCONFIGSETENV.new) with updated -Xmx. " sed "s/-Xmx$XMX_Stripped/-Xmx$New_XMX_Stripped/g" $VCOCONFIGSETENV > $VCOCONFIGSETENV.new echo "" echo "Showing Diff of $VCOCONFIGSETENV and $VCOCONFIGSETENV.new" diff $VCOCONFIGSETENV $VCOCONFIGSETENV.new read -p "is this correct? Type Y to copy $VCOCONFIGSETENV.new to $VCOCONFIGSETENV: " answerc case $answerc in [Yy]* ) echo "Copying $VCOCONFIGSETENV.new to $VCOCONFIGSETENV and removing $VCOCONFIGSETENV.new." ; cp $VCOCONFIGSETENV.new $VCOCONFIGSETENV; rm -f $VCOCONFIGSETENV.new ;; [Nn]* ) echo "**Will not make -Xmx change. Exiting"; exit ;; * ) echo "**Please type y or n: " ;; esac;; [Nn]* ) echo "**Exiting" ;; * ) echo "**Please type y or n: " ;; esac fi echo "perform service vco-server restart to complete the configuration" echo "If -Xmx value was updated for configurator, also restart vco-configurator service."