In yet another post in our automation series, we will share a bash script that automates the deployment of debian based load balancers (specifically with LVS / Linux Virtual Server project).
Even though the environments and systems you deploy may start to get more complicated such as with load balancers, there will always be a baseline level with which these systems can be brought to before further configuration and customization needs to be done.
There are many things that can be automated with this process, as you will see in the script below. In most round-robin load balancing scenarios, there wouldn’t be much more that needs to be done as far as configuration beyond what this script can do.
Obviously you will likely need to modify the script to suit your needs and requirements for the organization and standards therein.
Hopefully this will help you roll out many debian load balancers! May the load be split evenly between all your systems 
#!/bin/sh
# Debian LVS deployer script
# Version 1.0
PROGNAME="$0"
VERSION="1.0"
# working directory for deployer process.
WORKDIR="/root"
# tasks left (this is updated every step to accommodate recovery during
# the deployer process)
TASKS="./deploy-lvs.tasks"
init_tasks() {
# This function will write a new tasks file.
# it's called from the main body of the script if a tasks file does not exist.
cat > $TASKS<<EOS || return 1
nopasswd_ssh
add_pkgs
get_lvs
configure_lvs
set_hostname
EOS
return 0
}
installer_splash() {
echo "[+] LVS deployer script starting..."
echo " Version: $VERSION"
echo
return 0
}
nopasswd_ssh() {
# disable passwd auth on SSH
echo "[+] Disabling password authentication for SSH... "
perl -pi -e 's/^PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config
perl -pi -e 's/^#PermitRootLogin yes/PermitRootLogin without-password/g' /etc/ssh/sshd_config
/etc/init.d/ssh restart
return 0
}
add_pkgs() {
PKGS="libssl0.9.7 exim4 iproute ethtool tcpdump snmpd pciutils less python"
echo "[+] Installing packages: $PKGS... "
apt-get -y install $PKGS || return 1
return 0
}
get_lvs() {
echo "[+] Downloading packages... "
# download the latest version of the Client firewall package.
wget --no-check-certificate http://your.domain.com/lvs.tgz -O /tmp/firewall.tgz || return 1
# unpack firewall scripts
tar --no-same-owner --no-same-permissions --directory / -zxvf /tmp/firewall.tgz || return 1
rm /tmp/firewall.tgz || return 1
return 0
}
configure_lvs() {
# time to configure the FW
KAD=/etc/keepalived/keepalived.conf
FW=/etc/network/firewall
COMMIT=/usr/local/bin/lvs-commit.sh
HOSTS=/etc/hosts
INTERFACES=/etc/network/interfaces
NRPE=/etc/nagios/nrpe_local.cfg
EXIM=/etc/exim4/update-exim4.conf.conf
CONFIGURE_LVS=/etc/network/configure-lvs.pl
echo "[+] Configuring LVS..."
perl $CONFIGURE_LVS
if [ $? -ne 0 ]; then
echo "[!] ERROR: Configuring LVS script failed!"
return 1
fi
echo "[+] Moving files into place..."
rm ${KAD}-template || return 1
rm ${FW}-template || return 1
rm ${COMMIT}-template || return 1
rm ${CONFIGURE_LVS}
mv ${HOSTS}.new ${HOSTS} || return 1
mv ${INTERFACES}.new ${INTERFACES} || return 1
mv ${NRPE}.new ${NRPE} || return 1
mv ${EXIM}.new ${EXIM} || return 1
chmod 700 ${FW}
chmod 700 ${COMMIT}
update-rc.d keepalived defaults || return 1
update-exim4.conf || return 1
# for compatibility
echo "[+] Generating RSA Keys"
ssh-keygen -t rsa -f ~/.ssh/id_rsa -P '' || return 1
return 0
}
clean_up_and_reboot() {
# remove:
# -- temp task file
rm $TASKS
# remove self from .bashrc
if [ -f /root/.bashrc.orig ]; then
mv /root/.bashrc.orig /root/.bashrc
fi
if [ -z /root/.bashrc ]
then
rm /root/.bashrc
fi
# delete self
rm $0
# and reboot.
echo "[+] Please reboot system."
#reboot -n
exit 0
}
debug_quit() {
# hard exit the script in appropriately referenced files
# so that no reboot happens.
echo "debug_quit seen in tasks file, exiting."
exit 0
}
set_hostname() {
echo "[+] Setting LVS hostname... "
echo `hostname` > /etc/hostname
echo `hostname` > /etc/mailname
return 0
}
usage() {
echo "[+] Usage: $PROGNAME"
echo
return 0
}
###############################
### MAIN SCRIPT STARTS HERE ###
###############################
# installer_splash
installer_splash
# fix working dir.
cd $WORKDIR
# does our installer file exist? if not, initalize it.
if [ ! -f $TASKS ]
then
echo "[+] No task file found, installation will start from beginning."
init_tasks
if (($? != 0))
then
echo "[!] ERROR: Cannot create tasks file. Installation will not continue."
exit 1
fi
else
echo "[+] Tasks file located - starting where you left off."
fi
# start popping off tasks from the task list and running them.
# pop first step off of the list
STEP=`head -n 1 $TASKS`
while [ ! -z $STEP ]
do
# execute the function.
echo -e "\n\n###################################"
echo "[+] Running step: $STEP"
echo -e "###################################\n\n"
$STEP
if (($? != 0))
then
# command failed.
echo "[!] ERROR: Step $STEP failed!"
echo " Installation will now abort - you can pick it up after fixing the problem"
echo
exit 1
fi
# throw up a newline just so things don't look so crowded
echo
# remove function from function list.
perl -pi -e "s/$STEP\n?//" $TASKS || exit 1
STEP=`head -n 1 $TASKS`
done
# clean_up_and_reboot
echo "[+] Installation finished - cleaning up."
clean_up_and_reboot
# script is done now - termination should happen with clean_up_and_reboot.
echo "[!] Should not be here!"
exit 1
# Debian LVS deployer script
# Version 1.0
PROGNAME="$0"
VERSION="1.0"
# working directory for deployer process.
WORKDIR="/root"
# tasks left (this is updated every step to accommodate recovery during
# the deployer process)
TASKS="./deploy-lvs.tasks"
init_tasks() {
# This function will write a new tasks file.
# it's called from the main body of the script if a tasks file does not exist.
cat > $TASKS<<EOS || return 1
nopasswd_ssh
add_pkgs
get_lvs
configure_lvs
set_hostname
EOS
return 0
}
installer_splash() {
echo "[+] LVS deployer script starting..."
echo " Version: $VERSION"
echo
return 0
}
nopasswd_ssh() {
# disable passwd auth on SSH
echo "[+] Disabling password authentication for SSH... "
perl -pi -e 's/^PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config
perl -pi -e 's/^#PermitRootLogin yes/PermitRootLogin without-password/g' /etc/ssh/sshd_config
/etc/init.d/ssh restart
return 0
}
add_pkgs() {
PKGS="libssl0.9.7 exim4 iproute ethtool tcpdump snmpd pciutils less python"
echo "[+] Installing packages: $PKGS... "
apt-get -y install $PKGS || return 1
return 0
}
get_lvs() {
echo "[+] Downloading packages... "
# download the latest version of the Client firewall package.
wget --no-check-certificate http://your.domain.com/lvs.tgz -O /tmp/firewall.tgz || return 1
# unpack firewall scripts
tar --no-same-owner --no-same-permissions --directory / -zxvf /tmp/firewall.tgz || return 1
rm /tmp/firewall.tgz || return 1
return 0
}
configure_lvs() {
# time to configure the FW
KAD=/etc/keepalived/keepalived.conf
FW=/etc/network/firewall
COMMIT=/usr/local/bin/lvs-commit.sh
HOSTS=/etc/hosts
INTERFACES=/etc/network/interfaces
NRPE=/etc/nagios/nrpe_local.cfg
EXIM=/etc/exim4/update-exim4.conf.conf
CONFIGURE_LVS=/etc/network/configure-lvs.pl
echo "[+] Configuring LVS..."
perl $CONFIGURE_LVS
if [ $? -ne 0 ]; then
echo "[!] ERROR: Configuring LVS script failed!"
return 1
fi
echo "[+] Moving files into place..."
rm ${KAD}-template || return 1
rm ${FW}-template || return 1
rm ${COMMIT}-template || return 1
rm ${CONFIGURE_LVS}
mv ${HOSTS}.new ${HOSTS} || return 1
mv ${INTERFACES}.new ${INTERFACES} || return 1
mv ${NRPE}.new ${NRPE} || return 1
mv ${EXIM}.new ${EXIM} || return 1
chmod 700 ${FW}
chmod 700 ${COMMIT}
update-rc.d keepalived defaults || return 1
update-exim4.conf || return 1
# for compatibility
echo "[+] Generating RSA Keys"
ssh-keygen -t rsa -f ~/.ssh/id_rsa -P '' || return 1
return 0
}
clean_up_and_reboot() {
# remove:
# -- temp task file
rm $TASKS
# remove self from .bashrc
if [ -f /root/.bashrc.orig ]; then
mv /root/.bashrc.orig /root/.bashrc
fi
if [ -z /root/.bashrc ]
then
rm /root/.bashrc
fi
# delete self
rm $0
# and reboot.
echo "[+] Please reboot system."
#reboot -n
exit 0
}
debug_quit() {
# hard exit the script in appropriately referenced files
# so that no reboot happens.
echo "debug_quit seen in tasks file, exiting."
exit 0
}
set_hostname() {
echo "[+] Setting LVS hostname... "
echo `hostname` > /etc/hostname
echo `hostname` > /etc/mailname
return 0
}
usage() {
echo "[+] Usage: $PROGNAME"
echo
return 0
}
###############################
### MAIN SCRIPT STARTS HERE ###
###############################
# installer_splash
installer_splash
# fix working dir.
cd $WORKDIR
# does our installer file exist? if not, initalize it.
if [ ! -f $TASKS ]
then
echo "[+] No task file found, installation will start from beginning."
init_tasks
if (($? != 0))
then
echo "[!] ERROR: Cannot create tasks file. Installation will not continue."
exit 1
fi
else
echo "[+] Tasks file located - starting where you left off."
fi
# start popping off tasks from the task list and running them.
# pop first step off of the list
STEP=`head -n 1 $TASKS`
while [ ! -z $STEP ]
do
# execute the function.
echo -e "\n\n###################################"
echo "[+] Running step: $STEP"
echo -e "###################################\n\n"
$STEP
if (($? != 0))
then
# command failed.
echo "[!] ERROR: Step $STEP failed!"
echo " Installation will now abort - you can pick it up after fixing the problem"
echo
exit 1
fi
# throw up a newline just so things don't look so crowded
echo
# remove function from function list.
perl -pi -e "s/$STEP\n?//" $TASKS || exit 1
STEP=`head -n 1 $TASKS`
done
# clean_up_and_reboot
echo "[+] Installation finished - cleaning up."
clean_up_and_reboot
# script is done now - termination should happen with clean_up_and_reboot.
echo "[!] Should not be here!"
exit 1
