Lets summarizes the issue:
Need to modify an working Infra bundle (consist of .sh, .config, .nonfig, .py files) which is working on Amazon Linux 1 but fail to run on Amazon Linux 2 as it has different architecture. Modifying existing Infra build to run on Amazon Linux 2 and facing following issue in one of the script i.e. lxbase.sh:
Full script is like:
#!/bin/bash
# Scaled down version of original lxbase.sh script
# Parts had already been disabled
# Access keys no longer required as console access through Systems Manager has replaced
# the old bastion host solution
# More tidying upp possible, but good enough for now
export PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin"
VERBOSE=1
# General variables
DATE=$(date +%Y-%m-%d_%H-%M)
# RPMS
YUM="yum -e 0 -q -y "
[[ $VERBOSE -eq 1 ]] && YUM="yum -y "
RPMS=(sysstat
jq)
#python-27pip
# Fix the locale issue
echo -e "LANG=en_US.utf-8\nLC_ALL=en_US.utf-8" >> /etc/environment
getMetadata() {
METADATA_URL="http://169.254.169.254/latest/meta-data"
local __outvar="${1}"
local key="${2}"
value=$(curl -s ${METADATA_URL}/${key})
printf $__outvar="${value}\n"
}
createFirstboot() {
touch /opt/IKEA/scripts/firstboot.sh
chmod 700 /opt/IKEA/scripts/firstboot.sh
echo "if [ -e /opt/IKEA/scripts/firstboot.sh ];then">>/etc/rc.d/rc.local
echo " sh /opt/IKEA/scripts/firstboot.sh > /opt/IKEA/scripts/firstboot.log 2>&1">>/etc/rc.d/rc.local
echo "fi">>/etc/rc.d/rc.local
}
configureProfile() {
sed -i 's/HISTSIZE=.*/HISTSIZE=1000000/;/HISTSIZE=.*/a HISTFILESIZE=1000000 \nHISTFILE=~/.bash_history\nHISTTIMEFORMAT="%F %T "\n' /etc/profile
}
setupHostname() {
# This snippet ought to handle ip address as well... (if public-ipv4 then ... else private-ipv4 ... )
printf "Current: " && getMetadata instance-id instance-id
cat << 'EOF' > /opt/IKEA/scripts/ec2-hostname.sh
#!/bin/bash
INSTANCE_ID=$(curl --silent
http://169.254.169.254/latest/meta-data/instance-id)
LOCAL_IP=$(curl --silent
http://169.254.169.254/latest/meta-data/local-ipv4)
# Here we are checking if we are in ikeadt.com (10.228) or ikea.com (10.229)
two_octets=$(hostname -I | awk -F. '{ print $1 "." $2 }')
#Added 172.31 subnet as well
if [[ "$two_octets" != "10.229" ]]
then
DOMAIN="ikeadt.com"
elif [[ "$two_octets" = "10.229" ]]
then
DOMAIN="ikea.com"
else
DOMAIN=$(grep 'search' /etc/resolv.conf | awk '{ print $2 }')
fi
echo $INSTANCE_ID.$DOMAIN > /etc/hostname
hostname --file /etc/hostname
echo "127.0.0.1 $INSTANCE_ID localhost $INSTANCE_ID.localdomain localhost.localdomain" > /etc/hosts
echo "$LOCAL_IP $INSTANCE_ID.$DOMAIN" >> /etc/hosts
sed -i "s/HOSTNAME=.*/HOSTNAME=$INSTANCE_ID.$DOMAIN/" /etc/sysconfig/network
# Update hosts file as DNS isn't working properly | 20160728 johaw1
echo "10.59.244.47 tripwire.ikea.com" >> /etc/hosts
echo "10.230.184.13 tripwire.ikeadt.com" >> /etc/hosts
echo "10.59.231.3 splunk.ikea.com" >> /etc/hosts
echo "10.230.170.155 splunk.ikeadt.com" >> /etc/hosts
echo "10.59.244.53 splunkds.ikea.com" >> /etc/hosts
echo "10.59.59.131 smtp-gw.ikea.com" >> /etc/hosts
echo "10.59.231.1 mailrelay.ikea.com" >> /etc/hosts
echo "10.59.244.52 itseelm-lx4496.ikea.com" >> /etc/hosts
echo "10.59.243.66 itseelm-lx4497.ikea.com" >> /etc/hosts
echo "10.59.244.7 itseelm-lx4636.ikea.com" >> /etc/hosts
echo "10.59.243.72 itseelm-lx4641.ikea.com" >> /etc/hosts
echo "10.59.244.62 itseelm-lx4747.ikea.com" >> /etc/hosts
echo "10.59.244.63 itseelm-lx4748.ikea.com" >> /etc/hosts
echo "10.59.244.64 itseelm-lx4749.ikea.com" >> /etc/hosts
echo "10.59.244.65 itseelm-lx4750.ikea.com" >> /etc/hosts
echo "10.59.244.66 itseelm-lx4751.ikea.com" >> /etc/hosts
echo "10.59.243.78 itseelm-lx4757.ikea.com" >> /etc/hosts
echo "10.59.243.79 itseelm-lx4758.ikea.com" >> /etc/hosts
echo "10.59.243.80 itseelm-lx4759.ikea.com" >> /etc/hosts
echo "10.59.243.81 itseelm-lx4760.ikea.com" >> /etc/hosts
echo "10.59.222.114 itseelm-lx41261.ikea.com" >> /etc/hosts
echo "10.59.222.245 itseelm-lx41262.ikea.com" >> /etc/hosts
echo "10.59.222.246 itseelm-lx41263.ikea.com" >> /etc/hosts
echo "10.59.111.18 itseelm-lx41209.ikea.com" >> /etc/hosts
echo "10.59.110.1 itseelm-lx41205.ikea.com" >> /etc/hosts
echo "10.59.222.117 itseelm-lx41265.ikea.com" >> /etc/hosts
echo "10.59.222.116 itseelm-lx41259.ikea.com" >> /etc/hosts
echo "10.59.111.19 itseelm-lx41210.ikea.com" >> /etc/hosts
echo "10.59.110.2 itseelm-lx41206.ikea.com" >> /etc/hosts
echo "10.59.111.23 itseelm-lx41216.ikea.com" >> /etc/hosts
echo "10.59.222.244 itseelm-lx41266.ikea.com" >> /etc/hosts
echo "10.59.111.22 itseelm-lx41214.ikea.com" >> /etc/hosts
echo "10.59.222.115 itseelm-lx41260.ikea.com" >> /etc/hosts
echo "10.59.111.20 itseelm-lx41211.ikea.com" >> /etc/hosts
echo "10.59.244.15 itseelm-lx6257.ikea.com" >> /etc/hosts
echo "10.34.76.251 itsgsng-lx4036.ikea.com" >> /etc/hosts
echo "10.34.76.250 itsgsng-lx4037.ikea.com" >> /etc/hosts
echo "10.27.13.218 itusphi-lx4034.ikea.com" >> /etc/hosts
echo "10.27.4.3 itusphi-lx4035.ikea.com" >> /etc/hosts
EOF
chmod 755 /opt/IKEA/scripts/ec2-hostname.sh
echo "/opt/IKEA/scripts/ec2-hostname.sh" > /opt/IKEA/scripts/firstboot.sh
# Execute it right away as well..
/opt/IKEA/scripts/ec2-hostname.sh
}
# Create directories needed
makeDirectories() {
[[ ! -d /opt/IKEA ]] && mkdir -p /opt/IKEA/scripts
[[ ! -d /var/spool/IKEA ]] && mkdir -p /var/spool/IKEA
}
serverHardening() {
# Disable IPv6
if [[ $(</etc/sysconfig/network grep IPV6 | cut -f2 -d=) = "" ]]; then
echo NETWORKING_IPV6=no >> /etc/sysconfig/network
fi
echo -en "\n#Disable IPv6\nnet.ipv6.conf.all.disable_ipv6 = 1\nnet.ipv6.conf.default.disable_ipv6 = 1\nnet.ipv6.conf.lo.disable_ipv6 = 1" >>/etc/sysctl.conf
sed -i '/::1/d' /etc/hosts
# Disable IPv6 DHCP Client to avoid spamming in /var/log/messages with "XMT: Solicit on eth0" entries
if grep -Fxq DHCPV6C=yes /etc/sysconfig/network-scripts/ifcfg-eth0
then
sed -i "s/DHCPV6C=yes/DHCPV6C=no/" /etc/sysconfig/network-scripts/ifcfg-eth0
fi
# Turn OFF services
for SERVICE in iptables rhsmcertd rpcbind ip6tables ypbind smartd autofs netfs psacct nfslock; do
if [ -f /etc/rc.d/init.d/$SERVICE ]; then
/etc/rc.d/init.d/$SERVICE stop
/sbin/chkconfig $SERVICE off
fi
done
sudo yum install ntp
sudo yum install rsyslog
# Turn ON services
for SERVICE in ntpd rsyslog; do
if [ -f /etc/rc.d/init.d/$SERVICE ]; then
/sbin/chkconfig $SERVICE on
else
printf "Error: $SERVICE not installed, but it is a part of Linux Base."
fi
done
# Harden ssh
sed -i "/^PermitRootLogin/s/without-password/no/" /etc/ssh/sshd_config
# Turn off TCP timestamp in accordance with security audit recommendation
# 20160728 Carl Fagerlin
printf "\n# Disable TCP timestamp\nnet.ipv4.tcp_timestamps=0">>/etc/sysctl.conf
# Turn OFF ICMP redirect in accordance with vulnerability security audit recommendation
# 2016-08-16 Carl Fagerlin
printf "\n# Disable ICMP Redirect acceptance">>/etc/sysctl.conf
printf "\nnet.ipv4.conf.all.accept_redirects=0">>/etc/sysctl.conf
printf "\nnet.ipv4.conf.default.accept_redirects=0">>/etc/sysctl.conf
printf "\nnet.ipv4.conf.all.secure_redirects=0">>/etc/sysctl.conf
printf "\nnet.ipv4.conf.default.secure_redirects=0\n">>/etc/sysctl.conf
# Set GRUB password in accordance with vulnerability security audit recommendation
# 2016-08-16 Carl Fagerlin
GRUB_PASSWORD=$'openssl rand -base64 16'
printf "\n# Set grub password\npassword --md5 `$GRUB_PASSWORD`\n">>/boot/grub/grub.conf
}
setupEC2Tooling() {
curl https://amazon-ssm-$(/opt/aws/bin/ec2-metadata -z | grep -Po "(us|sa|eu|ap)-(north|south|central)?(east|west)?-[0-9]+").s3.amazonaws.com/latest/linux_amd64/amazon-ssm-agent.rpm -o /tmp/amazon-ssm-agent.rpm
yum install -y /tmp/amazon-ssm-agent.rpm
pip3 install --upgrade awscli
}
### ------------------------------------------------------ ###
# Add actions to be done when this script exits
finish() {
printf "\nI am now exiting lxbase successfully.\n"
}
trap finish EXIT
# Make sure only root can run our script
if [ "$(id -u)" != "0" ]; then
printf "This script must be run as root\n" 1>&2
exit 1
fi
# Check if this is the very first time that this script is running
if ([ ! -f /root/.lxbase.run ]) then
newLX=true
fi
# Execute functions if this is new instance
if ([ $newLX ]) then
[[ $VERBOSE -eq 1 ]] && printf "Creating directories\n"
makeDirectories "base"
[[ $VERBOSE -eq 1 ]] && printf "Creating firstboot script\n"
createFirstboot
[[ $VERBOSE -eq 1 ]] && printf "Setting up hostname\n"
setupHostname
[[ $VERBOSE -eq 1 ]] && printf "Setting up aws CLI\n"
setupEC2Tooling
[[ $VERBOSE -eq 1 ]] && printf "Setting default values for system services startup\n"
serverHardening
fi
# If it were new, add a run file so we won´t run again
if ([ $newLX ]) then
echo -n "" > /root/.lxbase.run
fi
Error that we are getting in ec2instance_setup.log:
1650261986954,"Error: ntpd not installed, but it is a part of Linux Base.Error: rsyslog not installed, but it is a part of Linux Base./cnc/.ebextensions/scripts/lxbase.sh: line 181: /boot/grub/grub.conf: No such file or director"