-
Notifications
You must be signed in to change notification settings - Fork 7
Expand file tree
/
Copy pathgg-prep-ec2.sh
More file actions
executable file
·104 lines (83 loc) · 2.78 KB
/
gg-prep-ec2.sh
File metadata and controls
executable file
·104 lines (83 loc) · 2.78 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
#!/bin/sh
#
# gg-prep-ec2.sh
# prepares an Amazon EC2 instance with Amazon Linux for
# use with AWS Greengrass
#
if ! uname -r |grep amzn ; then
echo "this seems not to be an Amazon Linux AMI, exiting"
exit 1
fi
if [ $(whoami) != "root" ]; then
echo "$0 must be run as root"
echo "try: sudo ./$0"
exit 1
fi
if [ ! -d /greengrass ]; then
echo "directory /greengrass does not exist"
echo "unpack the greengrass software first with the following command:"
echo "sudo tar -zxvf greengrass-platform-version.tar.gz -C /"
exit 1
fi
echo "-> ggc_user"
if ! getent passwd ggc_user; then
echo "adding ggc_user"
useradd -r ggc_user
fi
echo "------------------------------"
echo "-> ggc_group"
if ! getent group ggc_group; then
echo "adding ggc_group"
groupadd -r ggc_group
fi
echo "------------------------------"
echo "-> hardlink and symlink protection"
if [ -e /etc/sysctl.d/00-defaults.conf ]; then
if ! grep '^fs.protected_hardlinks\s*=\s*1' /etc/sysctl.d/00-defaults.conf; then
echo 'fs.protected_hardlinks = 1' >> /etc/sysctl.d/00-defaults.conf
fi
if ! grep '^fs.protected_symlinks\s*=\s*1' /etc/sysctl.d/00-defaults.conf; then
echo 'fs.protected_symlinks = 1' >> /etc/sysctl.d/00-defaults.conf
fi
else
echo '# AWS Greengrass' >> /etc/sysctl.d/00-defaults.conf
echo 'fs.protected_hardlinks = 1' >> /etc/sysctl.d/00-defaults.conf
echo 'fs.protected_symlinks = 1' >> /etc/sysctl.d/00-defaults.conf
fi
sysctl -p
echo "------------------------------"
echo "-> cgroup mount in /etc/fstab"
if ! grep '^cgroup\s*/sys/fs/cgroup\s*cgroup\s*defaults\s*0\s*0' /etc/fstab; then
echo "# AWS Greengrass" >> /etc/fstab
echo "cgroup /sys/fs/cgroup cgroup defaults 0 0" >> /etc/fstab
fi
echo "------------------------------"
cd /tmp/
echo "-> VeriSign root CA cert"
curl https://www.symantec.com/content/en/us/enterprise/verisign/roots/VeriSign-Class%203-Public-Primary-Certification-Authority-G5.pem > root-ca.pem
if [ -d /greengrass/configuration/certs/ ]; then
cp root-ca.pem /greengrass/configuration/certs/
fi
if [ -d /greengrass/certs/ ]; then
cp root-ca.pem /greengrass/certs/root.ca.pem
cd /greengrass/certs/ && ln -s root.ca.pem root-ca.pem
cd /tmp/
fi
echo "------------------------------"
echo "-> cgroupfs-mount"
curl https://raw.githubusercontent.com/tianon/cgroupfs-mount/master/cgroupfs-mount > cgroupfs-mount
chmod +x cgroupfs-mount
./cgroupfs-mount
echo "------------------------------"
echo "-> packages: sqlite, telnet, jq"
yum -y install sqlite telnet jq strace git tree
echo "-> upgrading pip, installing python packages"
PATH=$PATH:/usr/local/bin
pip install --upgrade pip
hash -r
pip install AWSIoTPythonSDK
pip install urllib3
echo "Reboot required!"
echo "Hit any key to reboot, Ctrl+C to abort"
read
init 6