recipes | ||
.gitignore | ||
LICENSE | ||
README.md | ||
recipe_gentoo.sh | ||
vars.example |
recipe_gentoo
Check system configuration for a Gentoo machine (VM or PHYSICAL) based on GRIFON's architecture.
It's a Gentoo OS configuration recipe.
This script normally doesn't modify anything on the system.
To use (with root user) :
mv ./vars.example ./vars.sh
vim ./vars.sh # Edit all values which will be used by the script
./recipe_gentoo.sh [--physical]
If you cannot execute the script, add the 'x' permission for the user
chmod u+x ./recipe_gentoo.sh
Not finished, in progress....
TO DO :
- Check if host can join IPAM before test the API
- Test the recipe check auto-backup (OK, not fully tested)
- Others (script design, documentation...)
Checked points :
- User is root to run the script
- Check requirements
- Installed packages
- Hostname configuration
- DNS configuration (resolve external name, configured nameserver, check if all IPs (scope global) are configured in DNS and check if the hostname has A and AAAA recods in DNS)
- Ping external machine for IPv4 and IPv6
- If Admin IPs are configured
- Services status
- SSH configuration (PasswordAuthentication no, PermitRootLogin no, and ListenAddress only on Admin LAN)
- NRPE basic configuration (allowed_hosts, nrpe_user and nrpe_group)
- MUNIN basic configuration (allow and port)
- SNMP basic config (agentAddress, rocommunity, trap2sink, informsink, sysLocation and sysContact)
- Mail alias configuration (root and operator mail alias configured)
- Check postfix config (inet_protocols, mail_owner)
- Add to check service if they are enabled
- Check portage configuration (FEATURES, PORTAGE_BINHOST, ACCEPT_LICENSE, USE, CHOST, GRUB_PLATFORMS, CPU_FLAGS_X86 and if GENTOO_MIRRORS includes organization mirror)
- Check if IPs (scope global) are recorded in IPAM
- Check if the selected Gentoo profile is the expected profile
- Check if auto-update script is configured (presence, executable and if cron task is configured)
- Check if auto-backup script is configured (presence, executable, content, connection to remote service, if cron task is configured ...)
- Print additional manual verifications (send reporting mail, if /etc conf file need to be updated, if a new kernel can be installed, if server-side for Icinga / SNMP / Munin are configured)