-
Notifications
You must be signed in to change notification settings - Fork 3
/
ctb-signoff.sh
executable file
·364 lines (304 loc) · 13.5 KB
/
ctb-signoff.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
#!/bin/bash
# +----+----+----+----+
# | | | | |
# Author: Mark David Scott Cunningham | M | D | S | C |
# +----+----+----+----+
# Created: 2016-08-31
# Updated: 2018-12-13
#
# Purpose: Quick rundown of CTB Activation checklist for hardware
#
# To Do: [x] Check for OS (Ubuntu, CentOS 6/7, etc)
# [x] Check for cPanel / not-cPanel
# [x] Check for RAID, and run appropriate hardware RAID Checks
# [x] Check link for all eth devices mentioned in dmesg
# [x] Corrected mysql drive lookup in Guardian section
# [x] Added check for CloudLinux bits 'n' pieces
# [x] Alert if cPanel license is still 15-day-test
# [x] No Color mode for emailing or other processing
div='--------------------------------------------------------------------------------';
# Taste the rainbow
BLACK=$(tput setaf 0); RED=$(tput setaf 1)
GREEN=$(tput setaf 2); YELLOW=$(tput setaf 3)
BLUE=$(tput setaf 4); PURPLE=$(tput setaf 5)
CYAN=$(tput setaf 6); WHITE=$(tput setaf 7)
BRIGHT=$(tput bold); NORMAL=$(tput sgr0)
BLINK=$(tput blink); REVERSE=$(tput smso)
UNDERLINE=$(tput smul)
if [[ $1 == '-n' ]]; then
# No color mode
info(){ echo -e "${1}"; }
alert(){ echo -e "${1}"; }
warning(){ echo -e "${1}"; }
else
# Colors for alerting
info(){ echo -e "${BRIGHT}${GREEN}${1}${NORMAL}"; }
alert(){ echo -e "${BRIGHT}${YELLOW}${1}${NORMAL}"; }
warning(){ echo -e "${BRIGHT}${RED}${1}${NORMAL}"; }
fi
#if [[ -x $(which ipmitool 2>/dev/null) ]]; then
#echo "Doing an IPMI reset to help ensure logins work..."
#(ipmitool mc reset cold &>/dev/null &)
#fi
echo -e "\n${div}\n $HOSTNAME\n${div}";
####################
# CPU and Operating System
##########
info "Base Setup"
echo "[ ]Order in Billing matches order in ticket – has setups signed off on the following for all servers in order:
[ ] SYENG account exists for each MES service (if any)
[ ] Naming scheme matches standard:
- https://wiki.int.liquidweb.com/articles/Standardized_Hostnames_for_Managed_Engineering_Servers_and_Services
[ ] Pricing has been set in billing and is not \$0"
info '\n [ ]CPU/Base Build';
grep model.name /proc/cpuinfo | head -1 | sed 's/^/\t/g'
echo -e "\t$(grep -c model.name /proc/cpuinfo) Cores"
info '\n [ ] CPUspeed is off';
if [[ -x /usr/bin/systemctl ]]; then
systemctl status cpuspeed | sed 's/^/\t/g'
else
/etc/init.d/cpuspeed status | sed 's/^/\t/g'
fi
info '\n [ ]OS';
if [[ $(grep -i cloud /etc/redhat-release 2>/dev/null) ]]; then #CloudLinux
cat /etc/redhat-release
# Force refresh of CL License
clnreg_ks --force
# Check for LVEManager
if [[ -x $(which lvectl) && -x $(which lveinfo) ]]; then info "LVE Manager appears to be installed"; else warning "LVE utilities appear to be missing"; fi
# Check for mod_hostinglimits
if [[ $(httpd -M 2>/dev/null| grep hostinglimits) ]]; then info "mod_hostinglimits installed"; else warning "mod_hostinglimits missing"; fi
# Check for LVE kernel
if [[ $(uname -r) =~ lve ]]; then info "Server is using an LVE kernel\n$(uname -r)"; else warning "Server is not running LVE kernel\n$(uname -r)"; fi
# Check for enabled Repos
if [[ $(grep 'enabled.*=.*1' /etc/yum.repos.d/cloudlinux*) ]]; then info "$(grep 'enabled.*=.*1' /etc/yum.repos.d/cloudlinux*)"; else warning "No cloudlinux repos enabled at this time"; fi
elif [[ -f /etc/redhat-release ]]; then # CentOS
cat /etc/redhat-release
uname -r
elif [[ -x /usr/bin/lsb_release ]]; then #Ubuntu
lsb_release -a
uname -r
fi | sed 's/^/\t/g'
####################
# RAID
##########
if [[ $(lspci | grep -i raid) ]]; then
info '\n [ ]RAID'
if [[ $(df | grep '/dev/md[0-9]') ]]; then
echo -e ' [ ] Software RAID'; fi
if [[ -x /opt/MegaRAID/MegaCli/MegaCli64 ]]; then
echo ' [ ] LSI RAID configuration'
echo ' [ ] LSI Controller Firmware version 12.12.0-0073 or higher to fix vpd r/w failed error.'
/opt/MegaRAID/MegaCli/MegaCli64 -AdpAllInfo -a0 | grep Package.Build | sed 's/^/\t\t/g';
echo " [ ] Solid State Drives"
echo " [ ] Disk Cache is enabled"
echo " [ ] Read Ahead caching disabled"
echo " [ ] SATA Drives"
echo " [ ] Read Ahead caching enabled"
/opt/MegaRAID/MegaCli/MegaCli64 -LDInfo -Lall -aAll | grep -E 'Size|Cache' | sed 's/^/\t\t/g'
fi
if [[ -x /usr/StorMan/arcconf ]]; then
echo -e ' [ ] Adaptec RAID controller Firmware version 7.4-0 build 30862 or higher for 71605E cards:'
/usr/StorMan/arcconf getconfig 1 | grep Controller.Model | column -t | sed 's/^/\t\t/g';
if [[ $(/usr/StorMan/arcconf getconfig 1 | grep ASR71605E) ]]; then
alert "Adaptec RAID 71605E Found:"
/usr/StorMan/arcconf getconfig 1 | egrep 'Firmware.*7.[0-9]' | awk '{ if ($4 > "(30861)") print "ASR71605E Firmware is up to date: " $4; else print "ASR71605E Build version is < 30862! **Please update!** " }' | sed 's/^/\t\t/g';
fi
fi
echo -e ' [ ] Raider is configured and working properly'
/usr/bin/raider --run-jobs
echo -e ' [ ] StorMan removed'
if [[ -x /usr/bin/systemctl ]]; then
systemctl stop stor_agent; systemctl disable stor_agent; systemctl status stor_agent
elif [[ -f /etc/init.d/stor_agent ]]; then
/etc/init.d/stor_agent stop; chkconfig stor_agent off; /etc/init.d/stor_agent status
fi
fi
####################
# Hardware
##########
info '\n [ ]RAM';
free -m | sed 's/^/\t/g'
info '\n [ ]Drive Size';
fdisk -l 2>/dev/null | grep -i disk./dev | sed 's/^/\t/g'
info '\n [ ]Partitioning';
lsblk | sed 's/^/\t/g'
if [[ $(uname -r | grep -i el6) ]]; then
alert '\n[ ]e1000e kmod update per wiki, if Cent6 and intel e1000e driver is in use.'
lsb_release -a|awk -F: '{
sub(/^[ \t\r\n]+/, "",$NF) ;
if($1 ~ /^Dis/) d=$2;
if($1 ~ /^Rel/) v=$2;
} END {
print "Checking OS Version... ";
if (tolower(d) ~ "centos|cloudlinux" && v ~ /6[.][0-9]+/) {
printf " Found: "d" "v"\nChecking for e1000e Driver...\n";
"dmesg|grep e1000e.*Driver"|getline o;
if (o) {
printf " Found: "o"\nChecking for kmod-e1000e...\n";
"yum list installed|grep kmod-e1000e"|getline k;
if(k) {
sub(/[ \t\r\n]+/," ",k);
print " Found: "k;
} else {
print " kmod-e10001 is NOT installed.\n Check the E1000E internal wiki for more information.";
};
} else {
print " e1000e Driver is not being used\n kmod-e1000e is not needed..";
} ;
} else {
print " "d,v,"is not CentOS 6x, aborting additional checks."
}
}'
fi
####################
# cPanel/CloudLinux
##########
if [[ -d /usr/local/cpanel/ ]]; then
info '\n[ x]Cpanel/Non-Cpanel'
echo -e '\n [ ] If cPanel, make sure the server has a full license.'
/usr/local/cpanel/cpkeyclt | sed 's/^/\t/g'
alert "\n License Type:"
MAINIP=$(curl -s ip.liquidweb.com)
LICENSE=$(curl -s https://verify.cpanel.net/app/verify?ip=$MAINIP | grep -Eio '>.*(LIQUIDWEB|TEST).*<' | tr -d '<>')
if [[ $LICENSE =~ LIQUIDWEB ]]; then
info $LICENSE | grep LIQUIDWEB
else
warning $LICENSE
fi | sed 's/^/\t/g'
alert "\n Backup Config:"
whmapi1 backup_config_get|grep -E "backup(_daily|_monthly|_weekly|days)" | sed 's/^/\t/g'
if [[ ! $(df | grep /backup) ]]; then
warning "\n No Backup Drive Found :: Make Sure Backups are Disabled"
echo -e ' [ ] Disable cPanel Backups if no backup drive was ordered.'
fi
if [[ $(ip a | egrep ' 192\.| 10\.') ]]; then
echo -e '\n [ ] Private IP addresses are marked as reserved.'
if [[ ! -s /etc/reservedips ]]; then
mkdir -p /root/bin;
wget -qO /root/bin/reserveips http://scripts.ent.liquidweb.com/reserveips;
chmod +x /root/bin/reserveips;
reserveips
else
cat /etc/reservedips | sed 's/^/\t/g'
fi
fi
if [[ $(ip a | grep ' 172\.') ]]; then
alert '\n [ ] If servers are behind hardware FW, make sure the UDP inspection policy is set to "maximum client auto" ** poke networking or check in NOC **'
fi
echo -e "\n [ ] RWHOIS open for cPanel API"
rwhois=$(iptables -nL | grep :4321)
if [[ $rwhois ]]; then
info "$rwhois" | sed 's/^/\t/g'
else
warning "Firewall not open for RWHOIS (port 4321)" | sed 's/^/\t/g'
fi
fi
####################
# Remote Access
##########
echo -e '\n[ ]Complex Root or User Passwords are setup
"pwgen -syn 15 1" or longer
[ ]Cable runs requested and acknowledged by Maintenance
[ ]IPMI - Verified working.'
# https://www.thomas-krenn.com/en/wiki/Configuring_IPMI_under_Linux_using_ipmitool
if [[ -x $(which ipmitool 2>/dev/null) ]]; then
ipmi_ip=$(ipmitool lan print 1 | awk '/IP Address.*10\./ {print $NF}');
subacct=$(cat /usr/local/lp/etc/lp-UID);
if [[ $(ip -o -4 a | egrep $ipmi_ip) ]]; then
warning "\tIPMI appears to be using an IP assigned to $(ip -o -4 a | grep $ipmi_ip | awk '{print $2}')"
elif [[ $ipmi_ip ]]; then
alert "\thttps://$ipmi_ip \neasyipmi $ipmi_ip $subacct";
info "\tIf you can't log in try running\n\t\tipmitool mc reset cold"
else
warning '\tIPMI does not appear to have an IP configured'
fi
else
warning '\tIPMItool is missing or not executable.'
fi
####################
# R1Soft Backups
##########
if [[ -f /usr/sbin/r1soft/log/cdp.log ]]; then
info '\nGuardian'
echo -e '[ ]buagent or cdp-agent is installed and running (/etc/init.d/cdp-agent status)'
/etc/init.d/cdp-agent status | sed 's/^/ /g'
echo -e '[ ]Port 1167 open/allowed in the software firewall.'
iptables -nL | grep :1167 | sed 's/^/ /g'
echo -e '[ ]Make sure the proper partitions are being backed up via the web interface.'
# Lookup the backup manager from the CDP config and the Guardian IP
alert " https://$(grep server.allow /usr/sbin/r1soft/log/cdp.log | tail -1 | awk -F/ '{print $NF}' | tr -d "'") :: $subacct"
echo -e '[ ]If there a Dedicated MySQL drive make sure it is setup to be backed up.'
mysqldata=$(mysql -Ne 'select @@datadir' | sed 's|/$||g')
if [[ $(grep $mysqldata /etc/fstab) ]]; then alert " Dedicated MySQL Drive :: Make sure to check this in Guardian"; fi
echo -e "[ ]Verify that backups complete"
echo -e "[ ]Make sure Guardian monitoring is enabled on the Guardian subaccount"
fi
####################
# Load Balancing
##########
echo -e "\n[ ]Remote IP override module installed or updated if applicable"
echo -e " [ ]mod_zeus if Apache 2.2"
if [[ $(httpd -v) =~ 2\.2\. ]]; then httpd -M 2> /dev/null | grep zeus ; fi
echo -e " [ ]mod_remoteip if Apache 2.4"
if [[ $(httpd -v) =~ 2\.4\. ]]; then httpd -M 2> /dev/null | grep remote; fi
echo -e " [ ]mod_cloudflare"
httpd -M 2>/dev/null | grep cloudflare
echo -e " [ ]mod_rpaf"
httpd -M 2>/dev/null | grep rpaf
####################
# Monitoring
##########
echo -e '\n[ ]SonarPush is installed and working properly'
ps aux | grep [S]onarPush
alert "https://monitor.liquidweb.com/summary.php?search=$(cat /usr/local/lp/etc/lp-UID)\n"
if [[ -f /usr/local/lp/etc/sonar_password ]]; then
echo 'Sonar is installed and configured. Check this using Radar link highlighted above.'
else
warning 'Sonar password file missing :: /usr/local/lp/etc/sonar_password'
alert 'Fix this if server is Managed. Ignore this if the server is Unmanaged'
fi
echo -e '\nMaintenance
[ x]Servers moved to correct building if necessary
[ x]Cable runs complete'
####################
# Networking
##########
info "\nNetworking"
echo -e "[ ]Public/NAT IPs Configured Correctly ***Consult the original CTB***"
for x in $(ip -o -4 a | awk '{print $2}' | uniq | grep -v lo); do
echo -n $(info "$x: "); ip -o -4 a | awk "/$x/"'{print $4}' | cut -d/ -f1 | tr '\n' ' '; echo;
done | sed 's/^/ /g';
# ip -o -4 a | grep -v ': lo' | sed 's/^/ /g';
echo -e "[ ]If required, verify that the servers are behind a FW."
if [[ $(ip -o -4 a | grep ' 172\.') ]]; then alert " Behind NAT Firewall"; fi
echo -e "[ ]Private Switch/Networking"
echo -e "[ ]Load Balancing"
httpd -M 2> /dev/null | egrep 'zeus|remote' | sed 's/^/ /g'
echo -e "[ ]IP Requests/VIPs"
echo -e "[ ]Confirm private network cables are plugged into switch/server (ip addr ls dev ethX)"
for x in $(dmesg | grep -o eth[0-9] | sort | uniq); do
(printf "$x :: "; ethtool $x | grep -i link.detect) | sed 's/^/ /g';
done
####################
# Core Managed
##########
if [[ ! -d /usr/local/cpanel ]]; then
echo -e "\nSupport (For Managed and CoreManaged Customers) – Do requested versions match customer request:"
echo -e "\n[ ]Apache"
if [[ -x $(which httpd) ]]; then httpd -v 2> /dev/null; elif [[ -x $(which apache2) ]]; then apache2 -v 2> /dev/null; fi | sed 's/^/ /g'
echo -e "\n[ ]MySQL"
if [[ -x $(which mysql) ]]; then
mysql --version | sed 's/^/ /g'
fi
echo -e '\n[ ]DNS/Nameservers as requested
[ ]ServerSecure
[ ]Email address for alerts is correct'
fi
echo -e "\nSpecial Software Requests
[ ] List any requests here. Example: FFMPEG, Tomcat, NGINX"
echo -e "\nMigrations
[ ]Migration ticket is open and owned by system-restore/migrations
[ ]Migration is scheduled and customer has been notified of time frame
[ ]Customer has confirmed that migration was successful"
echo -e "\n$div\n"