Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- # Bohdan_Hulka
- # MAIN LOOP
- main() {
- setup_java
- setup_maven
- setup_spark
- setup_jupyter
- setup_zeppelin
- setup_nginx
- }
- # FUNCTIONS
- setup_java() {
- yum -y install git java-1.8.0-openjdk java-1.8.0-openjdk-devel
- export JAVA_HOME=/usr/lib/jvm/java
- echo "export JAVA_HOME=/usr/lib/jvm/java" >> /root/.bash_profile
- echo "export JAVA_HOME=/usr/lib/jvm/java" >> /home/ec2-user/.bash_profile
- echo "export JAVA_HOME=/usr/lib/jvm/java" >> /home/scientist/.bash_profile
- }
- setup_maven() {
- cd /opt
- wget http://www.eu.apache.org/dist/maven/maven-3/3.3.9/binaries/apache-maven-3.3.9-bin.tar.gz
- tar -xzf apache-maven-3.3.9-bin.tar.gz
- rm -f apache-maven-3.3.9-bin.tar.gz
- mv apache-maven-3.3.9 maven-3.3.9
- ln -s ./maven-3.3.9/ /opt/maven
- cd
- }
- setup_spark() {
- cd /opt/
- wget http://apache.ip-connect.vn.ua/spark/spark-1.6.0/spark-1.6.0-bin-hadoop2.6.tgz
- tar zxf spark-1.6.0-bin-hadoop2.6.tgz
- rm spark-1.6.0-bin-hadoop2.6.tgz
- ln -s /opt/spark-1.6.0-bin-hadoop2.6 /usr/local/spark
- ln -s /opt/spark-1.6.0-bin-hadoop2.6 /opt/spark
- mv /opt/spark/conf/spark-env.sh.template /opt/spark/conf/spark-env.sh
- echo "export HADOOP_CONF_DIR=/srv/hadoopconf/CLUSTER_NAME" >> /opt/spark/conf/spark-env.sh
- mkdir -p /opt/jars/lib/native
- aws s3 sync s3://bdcc-dsa-poc-hadoop-parts/jars /opt/jars
- # COPY FILES FROM "/usr/lib/hadoop-lzo/lib/native" and "/usr/lib/hadoop/lib/native" DIRECTORIES ON THE EMR CLUSTER TO THE "/opt/jars/lib/native" DIRECTORY ON THE NOTEBOOK SERVER
- cat <<EOF > /opt/spark/conf/spark-defaults.conf
- spark.driver.extraClassPath /opt/jars/*
- spark.driver.extraLibraryPath /opt/jars/lib/native/
- EOF
- }
- setup_jupyter() {
- #running as root
- export -f config_jupyter
- useradd jupyter
- yum -y update
- yum -y groupinstall 'Development Tools'
- pip install jupyter
- pip install --upgrade pip
- /usr/local/bin/pip install ipython[all]
- /usr/local/bin/pip install toree
- mkdir /opt/jupyter
- mkdir /srv/
- mkdir /srv/hadoopconf
- /usr/local/bin/jupyter toree install
- chown jupyter:jupyter /opt/jupyter
- chown jupyter:jupyter -R /usr/local/share/jupyter
- chown jupyter:jupyter -R /srv
- echo -e "su jupyter -c 'cd && nohup /usr/bin/python2.7 /usr/local/bin/jupyter-notebook &'" >> /etc/rc.local
- config_authorized_keys
- su jupyter -c "bash -c config_jupyter"
- }
- config_jupyter(){
- #Assuming that were operating as "jupyter" user
- /usr/bin/python2.7 /usr/local/bin/jupyter-notebook --generate-config
- sed -i.bak "s@\# c.NotebookApp.base_url = '/'@c.NotebookApp.base_url = '/jupyter/'@g" ~/.jupyter/jupyter_notebook_config.py
- sed -i.bak "s@\# c.NotebookApp.trust_xheaders = False@c.NotebookApp.trust_xheaders = True@g" ~/.jupyter/jupyter_notebook_config.py
- sed -i.bak "s@\# c.NotebookApp.notebook_dir = u''@c.NotebookApp.notebook_dir = u'/opt/jupyter'@g" ~/.jupyter/jupyter_notebook_config.py
- sed -i.bak "s@\# c.NotebookApp.open_browser = True@c.NotebookApp.open_browser = False@g" ~/.jupyter/jupyter_notebook_config.py
- cd
- nohup /usr/local/bin/jupyter-notebook &
- #echo -e "nohup /usr/local/bin/jupyter-notebook &" >> /etc/rc.local
- #nohup /usr/local/bin/jupyter-notebook --notebook-dir=/opt/jupyter --no-browser &
- #echo -e "nohup /usr/local/bin/jupyter-notebook --notebook-dir=/opt/jupyter --no-browser &" >> /etc/rc.local
- }
- config_authorized_keys() {
- cat <<EOF >> /home/ec2-user/.ssh/authorized_keys
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCbfLgipLCJFqTkfN1WiGkDOqdmUT7a7ffMV64IExY/ppB11L3u8+RIDv/LTMXpPVzKuGtpF2wE0fj/XHnxqkv/D2/e1XeWtTZryXMazYTyQF+oP2O6qKGY5kqmGg/2lQ7yApyhg+dIoeBadYu6RfUSzrecnJxZkVlA/fuDd/cg7HMU+1Yl5LvcMtpecndPfKt2ooeUN7KxlO6iDbusqTyIlrrHruUnuVOLZKYJtaaSnbMK/v5igteJbGCX/Jsg7C+vIH62BehC7dtEm7/5IKo3NDyLk8FRiZc7uuuhdjI8czqWnTWI6cQolx04j+0d26COHIcJjjErqDAUHZ8aAFXR BDCC-DSA-POC
- EOF
- # Purposed for hadoop integration.
- #useradd hadoop
- #useradd scientist
- }
- setup_zeppelin() {
- cd /opt
- ZEPPELIN_COMPILED='no'
- while [ $ZEPPELIN_COMPILED == 'no' ]
- do
- git clone https://github.com/apache/incubator-zeppelin
- mv incubator-zeppelin zeppelin-0.5.6
- ln -s /opt/zeppelin-0.5.6 /opt/zeppelin
- cd zeppelin
- /opt/maven/bin/mvn clean package -Pspark-1.6 -Ppyspark -Phadoop-2.6 -Pyarn -DskipTests
- if [ $? -eq 0 ]
- then
- ZEPPELIN_COMPILED='yes'
- else
- cd /opt
- rm -f zeppelin
- rm -rf zeppelin-0.5.6
- fi
- done
- mv conf/zeppelin-env.sh.template conf/zeppelin-env.sh
- echo "export JAVA_HOME=/usr/lib/jvm/java" >> /opt/zeppelin/conf/zeppelin-env.sh
- echo "export MASTER=yarn-client" >> /opt/zeppelin/conf/zeppelin-env.sh
- echo "export HADOOP_CONF_DIR=/srv/hadoopconf/CLUSTER_NAME" >> /opt/zeppelin/conf/zeppelin-env.sh
- echo "export SPARK_HOME=/opt/spark" >> /opt/zeppelin/conf/zeppelin-env.sh
- mv conf/zeppelin-site.xml.template conf/zeppelin-site.xml
- sed -i 's:0.0.0.0:127.0.0.1:' conf/zeppelin-site.xml
- useradd zeppelin
- chown -R zeppelin:zeppelin /opt/zeppelin-0.5.6/
- su zeppelin -c "/opt/zeppelin/bin/zeppelin-daemon.sh start"
- echo "su zeppelin -c \"/opt/zeppelin/bin/zeppelin-daemon.sh start\"" >> /etc/rc.local
- cd
- }
- setup_nginx() {
- yum install -y nginx httpd-tools
- user=sample_user
- pass='sample user password'
- ### Generating auth credentials
- htpasswd -cb /etc/nginx/.htpasswd $user "$pass"
- useradd nginx
- # Generating some safer keys.
- # This can take a long time. Really long. You've been warned.
- mkdir /etc/pki/nginx/
- openssl dhparam -out /etc/pki/nginx/dhparam.pem 4096
- # Resolve ip from AWS metadata server
- server_ip=`curl http://169.254.169.254/1.0/meta-data/local-ipv4`
- server_dns=`curl http://169.254.169.254/1.0/meta-data/hostname`
- ### Making directories for nginx ssl and certificates. (4096)
- ### And, of course, copying our certs to the needed dir!
- mkdir /etc/nginx/ssl
- # OUTPUT OF THE openssl_gen_crt.sh script
- cd /etc/nginx/ssl
- openssl genrsa -out nginx.key 4096
- openssl req -new -key nginx.key -sha256 -nodes -subj "/C=UA/ST=Bumswille/L=Idaho/O=End Point/OU=Hosting Team/CN=ZyXel Ping/emailAddress=/subjectAltName=DNS.1=$server_dns,IP.1=$server_IP" > nginx.csr
- openssl x509 -req -days 365 -in nginx.csr -signkey nginx.key -out nginx.crt
- #cp ./openssl/nginx.* /etc/nginx/ssl/
- proxy_cert=/etc/nginx/ssl/nginx.crt
- proxy_cert_key=/etc/nginx/ssl/nginx.key
- ####
- ### Hardened ssl includes new DH params with longer modus,
- ### session timeout less than 2 hours, excluded obsolete and
- ### potentially dangerous or vulnerable ciphers.
- ### (BEAST Vulnerability is inherent to SSLv3 and TLSv1.0/1.1)
- ### If a trusted CA signed cert is passed to such config
- ### the encryption rating on SSLlabs is about A/A+.
- ### Like PayPal.
- ####
- cat <<EOF| sudo tee /etc/nginx/conf.d/virtual.conf
- server {
- server_name ${server_ip} ${server_dns}
- listen 80;
- return 301 https://${server_ip};
- }
- server {
- server_name ${server_ip} ${server_dns};
- listen 443 ssl;
- auth_basic "Password? Or a 401 response";
- auth_basic_user_file /etc/nginx/.htpasswd;
- ssl on;
- ssl_certificate ${proxy_cert};
- ssl_certificate_key ${proxy_cert_key};
- ssl_dhparam /etc/pki/nginx/dhparam.pem;
- ssl_session_timeout 1h;
- ssl_session_cache shared:SSL:2m;
- ssl_protocols TLSv1.2;
- ssl_ciphers kEECDH+AES128:kEECDH:kEDH:-3DES:kRSA+AES128:kEDH+3DES:DES-CBC3-SHA:!RC4:!aNULL:!eNULL:!MD5:!EXPORT:!LOW:!SEED:!CAMELLIA:!IDEA:!PSK:!SRP:!SSLv2;
- ssl_prefer_server_ciphers on;
- location /jupyter {
- proxy_pass http://127.0.0.1:8888;
- proxy_set_header Host \$host;
- proxy_http_version 1.1;
- proxy_set_header Upgrade \$http_upgrade;
- proxy_set_header Connection "upgrade";
- }
- location /zeppelin/ {
- proxy_pass http://127.0.0.1:8080;
- rewrite /zeppelin/(.*) /\$1 break;
- proxy_http_version 1.1;
- proxy_set_header Upgrade \$http_upgrade;
- proxy_set_header Connection "upgrade";
- }
- }
- EOF
- kill -9 `netstat -apn | grep python | grep -v 8888 | awk '{print $7}' | cut -f 1 -d '/'`
- service nginx restart
- chkconfig nginx on
- }
- # SCRIPT EXECUTION
- main "$@"
- exit 0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement