API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 23rd, 2016
116
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.04 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/bash
  2.  
  3. # Bohdan_Hulka
  4.  
  5.  
  6. # MAIN LOOP
  7.  
  8. main() {
  9. setup_java
  10. setup_maven
  11. setup_spark
  12. setup_jupyter
  13. setup_zeppelin
  14. setup_nginx
  15. }
  16.  
  17. # FUNCTIONS
  18.  
  19. setup_java() {
  20. yum -y install git java-1.8.0-openjdk java-1.8.0-openjdk-devel
  21. export JAVA_HOME=/usr/lib/jvm/java
  22. echo "export JAVA_HOME=/usr/lib/jvm/java" >> /root/.bash_profile
  23. echo "export JAVA_HOME=/usr/lib/jvm/java" >> /home/ec2-user/.bash_profile
  24. echo "export JAVA_HOME=/usr/lib/jvm/java" >> /home/scientist/.bash_profile
  25. }
  26.  
  27. setup_maven() {
  28. cd /opt
  29. wget http://www.eu.apache.org/dist/maven/maven-3/3.3.9/binaries/apache-maven-3.3.9-bin.tar.gz
  30. tar -xzf apache-maven-3.3.9-bin.tar.gz
  31. rm -f apache-maven-3.3.9-bin.tar.gz
  32. mv apache-maven-3.3.9 maven-3.3.9
  33. ln -s ./maven-3.3.9/ /opt/maven
  34. cd
  35. }
  36.  
  37. setup_spark() {
  38. cd /opt/
  39. wget http://apache.ip-connect.vn.ua/spark/spark-1.6.0/spark-1.6.0-bin-hadoop2.6.tgz
  40. tar zxf spark-1.6.0-bin-hadoop2.6.tgz
  41. rm spark-1.6.0-bin-hadoop2.6.tgz
  42. ln -s /opt/spark-1.6.0-bin-hadoop2.6 /usr/local/spark
  43. ln -s /opt/spark-1.6.0-bin-hadoop2.6 /opt/spark
  44. mv /opt/spark/conf/spark-env.sh.template /opt/spark/conf/spark-env.sh
  45. echo "export HADOOP_CONF_DIR=/srv/hadoopconf/CLUSTER_NAME" >> /opt/spark/conf/spark-env.sh
  46. mkdir -p /opt/jars/lib/native
  47. aws s3 sync s3://bdcc-dsa-poc-hadoop-parts/jars /opt/jars
  48. # COPY FILES FROM "/usr/lib/hadoop-lzo/lib/native" and "/usr/lib/hadoop/lib/native" DIRECTORIES ON THE EMR CLUSTER TO THE "/opt/jars/lib/native" DIRECTORY ON THE NOTEBOOK SERVER
  49. cat <<EOF > /opt/spark/conf/spark-defaults.conf
  50. spark.driver.extraClassPath /opt/jars/*
  51. spark.driver.extraLibraryPath /opt/jars/lib/native/
  52. EOF
  53. }
  54.  
  55. setup_jupyter() {
  56.  
  57. #running as root
  58. export -f config_jupyter
  59. useradd jupyter
  60. yum -y update
  61. yum -y groupinstall 'Development Tools'
  62. pip install jupyter
  63. pip install --upgrade pip
  64. /usr/local/bin/pip install ipython[all]
  65. /usr/local/bin/pip install toree
  66. mkdir /opt/jupyter
  67. mkdir /srv/
  68. mkdir /srv/hadoopconf
  69. /usr/local/bin/jupyter toree install
  70. chown jupyter:jupyter /opt/jupyter
  71. chown jupyter:jupyter -R /usr/local/share/jupyter
  72. chown jupyter:jupyter -R /srv
  73. echo -e "su jupyter -c 'cd && nohup /usr/bin/python2.7 /usr/local/bin/jupyter-notebook &'" >> /etc/rc.local
  74. config_authorized_keys
  75. su jupyter -c "bash -c config_jupyter"
  76. }
  77. config_jupyter(){
  78. #Assuming that were operating as "jupyter" user
  79. /usr/bin/python2.7 /usr/local/bin/jupyter-notebook --generate-config
  80.  
  81. sed -i.bak "s@\# c.NotebookApp.base_url = '/'@c.NotebookApp.base_url = '/jupyter/'@g" ~/.jupyter/jupyter_notebook_config.py
  82.  
  83. sed -i.bak "s@\# c.NotebookApp.trust_xheaders = False@c.NotebookApp.trust_xheaders = True@g" ~/.jupyter/jupyter_notebook_config.py
  84.  
  85. sed -i.bak "s@\# c.NotebookApp.notebook_dir = u''@c.NotebookApp.notebook_dir = u'/opt/jupyter'@g" ~/.jupyter/jupyter_notebook_config.py
  86.  
  87. sed -i.bak "s@\# c.NotebookApp.open_browser = True@c.NotebookApp.open_browser = False@g" ~/.jupyter/jupyter_notebook_config.py
  88. cd
  89. nohup /usr/local/bin/jupyter-notebook &
  90. #echo -e "nohup /usr/local/bin/jupyter-notebook &" >> /etc/rc.local
  91. #nohup /usr/local/bin/jupyter-notebook --notebook-dir=/opt/jupyter --no-browser &
  92. #echo -e "nohup /usr/local/bin/jupyter-notebook --notebook-dir=/opt/jupyter --no-browser &" >> /etc/rc.local
  93.  
  94. }
  95.  
  96. config_authorized_keys() {
  97. cat <<EOF >> /home/ec2-user/.ssh/authorized_keys
  98. ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCbfLgipLCJFqTkfN1WiGkDOqdmUT7a7ffMV64IExY/ppB11L3u8+RIDv/LTMXpPVzKuGtpF2wE0fj/XHnxqkv/D2/e1XeWtTZryXMazYTyQF+oP2O6qKGY5kqmGg/2lQ7yApyhg+dIoeBadYu6RfUSzrecnJxZkVlA/fuDd/cg7HMU+1Yl5LvcMtpecndPfKt2ooeUN7KxlO6iDbusqTyIlrrHruUnuVOLZKYJtaaSnbMK/v5igteJbGCX/Jsg7C+vIH62BehC7dtEm7/5IKo3NDyLk8FRiZc7uuuhdjI8czqWnTWI6cQolx04j+0d26COHIcJjjErqDAUHZ8aAFXR BDCC-DSA-POC
  99. EOF
  100. # Purposed for hadoop integration.
  101. #useradd hadoop
  102. #useradd scientist
  103. }
  104.  
  105. setup_zeppelin() {
  106. cd /opt
  107. ZEPPELIN_COMPILED='no'
  108. while [ $ZEPPELIN_COMPILED == 'no' ]
  109. do
  110. git clone https://github.com/apache/incubator-zeppelin
  111. mv incubator-zeppelin zeppelin-0.5.6
  112. ln -s /opt/zeppelin-0.5.6 /opt/zeppelin
  113. cd zeppelin
  114. /opt/maven/bin/mvn clean package -Pspark-1.6 -Ppyspark -Phadoop-2.6 -Pyarn -DskipTests
  115. if [ $? -eq 0 ]
  116. then
  117. ZEPPELIN_COMPILED='yes'
  118. else
  119. cd /opt
  120. rm -f zeppelin
  121. rm -rf zeppelin-0.5.6
  122. fi
  123. done
  124. mv conf/zeppelin-env.sh.template conf/zeppelin-env.sh
  125. echo "export JAVA_HOME=/usr/lib/jvm/java" >> /opt/zeppelin/conf/zeppelin-env.sh
  126. echo "export MASTER=yarn-client" >> /opt/zeppelin/conf/zeppelin-env.sh
  127. echo "export HADOOP_CONF_DIR=/srv/hadoopconf/CLUSTER_NAME" >> /opt/zeppelin/conf/zeppelin-env.sh
  128. echo "export SPARK_HOME=/opt/spark" >> /opt/zeppelin/conf/zeppelin-env.sh
  129. mv conf/zeppelin-site.xml.template conf/zeppelin-site.xml
  130. sed -i 's:0.0.0.0:127.0.0.1:' conf/zeppelin-site.xml
  131. useradd zeppelin
  132. chown -R zeppelin:zeppelin /opt/zeppelin-0.5.6/
  133. su zeppelin -c "/opt/zeppelin/bin/zeppelin-daemon.sh start"
  134. echo "su zeppelin -c \"/opt/zeppelin/bin/zeppelin-daemon.sh start\"" >> /etc/rc.local
  135. cd
  136. }
  137.  
  138. setup_nginx() {
  139. yum install -y nginx httpd-tools
  140. user=sample_user
  141. pass='sample user password'
  142. ### Generating auth credentials
  143. htpasswd -cb /etc/nginx/.htpasswd $user "$pass"
  144. useradd nginx
  145. # Generating some safer keys.
  146. # This can take a long time. Really long. You've been warned.
  147. mkdir /etc/pki/nginx/
  148. openssl dhparam -out /etc/pki/nginx/dhparam.pem 4096
  149.  
  150. # Resolve ip from AWS metadata server
  151. server_ip=`curl http://169.254.169.254/1.0/meta-data/local-ipv4`
  152. server_dns=`curl http://169.254.169.254/1.0/meta-data/hostname`
  153.  
  154. ### Making directories for nginx ssl and certificates. (4096)
  155. ### And, of course, copying our certs to the needed dir!
  156. mkdir /etc/nginx/ssl
  157.  
  158. # OUTPUT OF THE openssl_gen_crt.sh script
  159. cd /etc/nginx/ssl
  160. openssl genrsa -out nginx.key 4096
  161. openssl req -new -key nginx.key -sha256 -nodes -subj "/C=UA/ST=Bumswille/L=Idaho/O=End Point/OU=Hosting Team/CN=ZyXel Ping/emailAddress=/subjectAltName=DNS.1=$server_dns,IP.1=$server_IP" > nginx.csr
  162.  
  163. openssl x509 -req -days 365 -in nginx.csr -signkey nginx.key -out nginx.crt
  164. #cp ./openssl/nginx.* /etc/nginx/ssl/
  165.  
  166. proxy_cert=/etc/nginx/ssl/nginx.crt
  167. proxy_cert_key=/etc/nginx/ssl/nginx.key
  168.  
  169. ####
  170. ### Hardened ssl includes new DH params with longer modus,
  171. ### session timeout less than 2 hours, excluded obsolete and
  172. ### potentially dangerous or vulnerable ciphers.
  173. ### (BEAST Vulnerability is inherent to SSLv3 and TLSv1.0/1.1)
  174. ### If a trusted CA signed cert is passed to such config
  175. ### the encryption rating on SSLlabs is about A/A+.
  176. ### Like PayPal.
  177. ####
  178.  
  179. cat <<EOF| sudo tee /etc/nginx/conf.d/virtual.conf
  180. server {
  181. server_name ${server_ip} ${server_dns}
  182. listen 80;
  183. return 301 https://${server_ip};
  184. }
  185. server {
  186. server_name ${server_ip} ${server_dns};
  187. listen 443 ssl;
  188. auth_basic "Password? Or a 401 response";
  189. auth_basic_user_file /etc/nginx/.htpasswd;
  190. ssl on;
  191. ssl_certificate ${proxy_cert};
  192. ssl_certificate_key ${proxy_cert_key};
  193. ssl_dhparam /etc/pki/nginx/dhparam.pem;
  194. ssl_session_timeout 1h;
  195. ssl_session_cache shared:SSL:2m;
  196. ssl_protocols TLSv1.2;
  197. ssl_ciphers kEECDH+AES128:kEECDH:kEDH:-3DES:kRSA+AES128:kEDH+3DES:DES-CBC3-SHA:!RC4:!aNULL:!eNULL:!MD5:!EXPORT:!LOW:!SEED:!CAMELLIA:!IDEA:!PSK:!SRP:!SSLv2;
  198. ssl_prefer_server_ciphers on;
  199. location /jupyter {
  200. proxy_pass http://127.0.0.1:8888;
  201. proxy_set_header Host \$host;
  202. proxy_http_version 1.1;
  203. proxy_set_header Upgrade \$http_upgrade;
  204. proxy_set_header Connection "upgrade";
  205. }
  206. location /zeppelin/ {
  207. proxy_pass http://127.0.0.1:8080;
  208. rewrite /zeppelin/(.*) /\$1 break;
  209. proxy_http_version 1.1;
  210. proxy_set_header Upgrade \$http_upgrade;
  211. proxy_set_header Connection "upgrade";
  212. }
  213. }
  214. EOF
  215. kill -9 `netstat -apn | grep python | grep -v 8888 | awk '{print $7}' | cut -f 1 -d '/'`
  216. service nginx restart
  217. chkconfig nginx on
  218. }
  219.  
  220. # SCRIPT EXECUTION
  221.  
  222. main "$@"
  223. exit 0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!