enakai00 · December 27, 2015 19:49
diff --git a/f18_bokan_setup.sh b/f18_bokan_setup.sh
 #!/bin/bash -x

 LANG=C
 basepass="XXXXXXXX"
 reposerver="xxx.xxx.xxx.xxx"

 function prep_network {
    set -x
    yum -y update
    yum -y groupinstall "Gnome Desktop"
    yum -y install cinnamon virt-manager virt-viewer virt-top tigervnc-server expect openssh-askpass iptables-services libvirt-daemon-kvm busybox  libvirt-daemon-lxc lxc system-config-kickstart

    systemctl stop firewalld.service
    systemctl mask firewalld.service
    systemctl stop iptables.service
    
    cat <<'EOF' > /etc/sysconfig/iptables
 *filter
 :INPUT DROP [0:0]
 :FORWARD ACCEPT [0:0]
 :OUTPUT ACCEPT [0:0]
 -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
 -A INPUT -i lo -j ACCEPT
 -A INPUT -p icmp -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 4567 -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 5901:5999 -j ACCEPT
 -A INPUT -m limit --limit 3/hour -j LOG --log-prefix "[INPUT Dropped] "
 COMMIT
 EOF
    
    systemctl enable iptables.service
    systemctl start iptables.service

    if ! grep -q reposerver /etc/hosts; then
        echo "$reposerver    reposerver.localdomain reposerver" >> /etc/hosts
    fi


    if [[ ! -f /root/.ssh/id_rsa ]]; then
        yes "" | ssh-keygen -N ""
        touch /root/.ssh/authorized_keys
        chmod 600 /root/.ssh/authorized_keys
    fi
    
    echo "options kvm-intel nested=1" > /etc/modprobe.d/kvm-intel.conf
    systemctl enable libvirtd.service
    systemctl start libvirtd.service
    sleep 5
    
    cat <<'EOF' >external01.xml
 <network>
  <name>external01</name>
  <forward mode='nat'/>
  <bridge name='virbr100' stp='off' delay='0' />
  <ip address='172.16.0.1' netmask='255.255.0.0'>
    <dhcp>
      <range start='172.16.0.100' end='172.16.0.254' />
    </dhcp>
  </ip>
 </network>
 EOF

    cat <<'EOF' >default.xml
 <network>
  <name>default</name>
  <forward mode='nat'/>
  <bridge name='virbr0' stp='off' delay='0' />
  <ip address='192.168.122.1' netmask='255.255.255.0'>
    <dhcp>
      <range start='192.168.122.2' end='192.168.122.254' />
    </dhcp>
  </ip>
 </network>
 EOF
    
    if virsh net-info default >/dev/null 2>&1; then
        virsh net-destroy default
        virsh net-autostart default --disable
        virsh net-undefine default
    fi

    if ! virsh net-info default >/dev/null 2>&1; then
        virsh net-define default.xml
        virsh net-start default
        virsh net-autostart default
    fi
    
    if ! virsh net-info external01 >/dev/null 2>&1; then
        virsh net-define external01.xml
        virsh net-start external01
        virsh net-autostart external01
    fi

    if [[ ! -d /mnt/images ]]; then
        cp -a /var/lib/libvirt/images /mnt/images
        rm -rf /var/lib/libvirt/images
        ln -s /mnt/images /var/lib/libvirt/images
    fi

    systemctl restart libvirtd.service
 }

 function prep_vncserver {
    set -x
    cat <<'EOF' > /etc/systemd/system/[email protected]
 [Unit]
 Description=Remote desktop service (VNC)
 After=syslog.target network.target

 [Service]
 Type=simple
 ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill :$(echo %I | cut -f2 -d:) > /dev/null 2>&1 || :'
 ExecStart=/bin/sh -c '/sbin/runuser -l $(echo %I | cut -f1 -d:) -c "/usr/bin/vncserver -fg -geometry 1024x768 :$(echo %I | cut -f2 -d:)" || :'
 ExecStop=/bin/sh -c '/sbin/runuser -l $(echo %I | cut -f1 -d:) -c "/usr/bin/vncserver -kill :$(echo %I | cut -f2 -d:)" || :'
 Restart=always

 [Install]
 WantedBy=multi-user.target
 EOF
    systemctl daemon-reload


    cat <<'EOF' >/usr/local/bin/resetvnc
 #!/bin/sh
 user=$USER
 if ! echo $user | grep -qE "^user0[1-7]$"; then
    echo "Invalid user: $user"
    exit 1
 fi
 console=${user#user0}
 echo "Restarting VNC service for $user"
 echo "Wait a second..."
 ssh root@localhost systemctl kill -s9 vncserver@${user}:${console}
 ssh root@localhost systemctl start vncserver@${user}:${console}
 echo "Done."
 EOF
    chmod ugo+x /usr/local/bin/resetvnc

 }


 function peruser_settings {
    set -x
    for i in $(seq 0 7); do
        if [[ $i -eq 0 ]]; then
            user="sysadm"
            i=99
        else
            user=$( printf "user%02d" $i )
        fi

        if id $user >/dev/null 2>&1; then
            echo "$user already exists. skipping..." 
            continue
        fi

        priv_net=$( printf "internal%02d" $i )
        cat <<EOF >${priv_net}.xml
 <network>
  <name>${priv_net}</name>
  <bridge name='virbr${i}' stp='off' delay='0' />
 </network>
 EOF

        if ! virsh net-info ${priv_net} >/dev/null 2>&1; then
            virsh net-define ${priv_net}.xml
            virsh net-start ${priv_net}
            virsh net-autostart ${priv_net}
        fi

        adduser $user
        su - $user -c 'yes "" | ssh-keygen -N ""'
        cat /home/${user}/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys

        echo "$user  ALL=(root)  NOPASSWD: /bin/virt-install" > /etc/sudoers.d/$user
        chmod 440 /etc/sudoers.d/$user

        password="${basepass}${user}"
        expect -c "
            spawn passwd $user
            expect \"New password:\"        { send \"$password\n\" }
            expect \"Retype new password:\" { send \"$password\n\" }
            expect eof                      { exit 0 }
 "
        su - $user -c " expect -c \"
            spawn vncpasswd
            expect \\\"Password:\\\" { send \\\"$password\n\\\" }
            expect \\\"Verify:\\\"   { send \\\"$password\n\\\" }
            expect eof               { exit 0 }
        \"
 "

        su - $user -c " expect -c \"
            spawn ssh root@localhost hostname 
            expect \\\"(yes/no)?\\\" { send \\\"yes\n\\\" }
            expect eof               { exit 0 }
        \"
 "
        xc=/home/$user/.Xclients
        cat <<'EOF' >$xc
 #!/bin/bash

 GSESSION="$(type -p gnome-session)"
 if [[ ! -z "$GSESSION" ]]; then
    dconf write /org/gnome/desktop/screensaver/lock-enabled false
    dconf write /org/gnome/desktop/session/idle-delay 'uint32 0'
    exec "$GSESSION" --session=cinnamon
 fi

 # fallback to default
 /etc/X11/xinit/Xclients
 EOF
        chown $user.$user $xc
        chmod u+x $xc

        systemctl enable  "vncserver@${user}:${i}.service"
        systemctl restart "vncserver@${user}:${i}.service"
        sleep 5

        params=( \
 "--type int --set /apps/virt-manager/manager_window_height 470" \
 "--type int --set /apps/virt-manager/manager_window_width 670" \
 "--type list --list-type string --set /apps/virt-manager/connections/autoconnect '[qemu+ssh://root@localhost/system]'" \
 "--type list --list-type string --set /apps/virt-manager/connections/uris '[qemu+ssh://root@localhost/system]'" \
 "--type bool --set /apps/virt-manager/stats/enable-disk-poll true" \
 "--type bool --set /apps/virt-manager/stats/enable-net-poll true" \
 "--type bool --set /apps/virt-manager/vmlist-fields/cpu_usage true" \
 "--type bool --set /apps/virt-manager/vmlist-fields/network_traffic true" \
 "--type bool --set /apps/virt-manager/vmlist-fields/disk_usage true" \
 )
        for param in "${params[@]}"; do 
            su - $user -c "gconftool-2 $param"
        done

        systemctl restart "vncserver@${user}:${i}.service"
    done
 }


 function prep_httpd {
    set -x
    yum -y install httpd
    sed -i 's/UserDir disabled/#UserDir disabled/' /etc/httpd/conf.d/userdir.conf
    sed -i 's/#UserDir public_html/UserDir public_html/' /etc/httpd/conf.d/userdir.conf
    systemctl enable httpd.service
    systemctl restart httpd.service
    setsebool -P httpd_enable_homedirs true
 }


 function prep_files {
    set -x
    mkdir -p /var/www/html/files

    cat <<'EOF' >/var/www/html/files/fedora.repo
 [fedora]
 name=Fedora $releasever - $basearch
 baseurl=http://reposerver/repo/Fedora18/fedora
 enabled=1
 gpgcheck=1
 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch

 [updates]
 name=Fedora $releasever - $basearch - Updates
 baseurl=http://reposerver/repo/Fedora18/updates
 enabled=1
 gpgcheck=1
 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch
 EOF

    cat <<'EOF' >/var/www/html/files/rdo.repo
 [openstack-grizzly]
 name=OpenStack Grizzly Repository
 baseurl=http://reposerver/repo/rdo/fedora-18
 enabled=1
 gpgcheck=0
 EOF

    cat <<'EOF' >/var/www/html/files/opst0.ks
 install
 url --url="http://reposerver/repo/Fedora18/os/"
 network --bootproto=static --hostname=opst0-_USER_ --device=eth0 --gateway=172.16.0.1  --ip=172.16._USER_.10 --nameserver=172.16.0.1 --netmask=255.255.0.0 --activate
 network --device=eth1 --onboot=no
 rootpw --iscrypted $1$9GDUyF5b$b5SFhqDVlvCXWff7IgbvS.
 graphical
 firstboot --disable
 keyboard jp106
 lang en_US
 reboot
 timezone --isUtc Asia/Tokyo
 bootloader --location=mbr
 zerombr
 clearpart --all --initlabel 
 part /boot --asprimary --fstype="ext4" --size=512
 part swap --fstype="swap" --size=4096
 part / --fstype="ext4" --grow --size=1
 part pv.1 --size=20480
 volgroup cinder-volumes pv.1

 %packages
 @core
 @standard
 %end
 EOF

    cat <<'EOF' >/var/www/html/files/opst1.ks
 install
 url --url="http://reposerver/repo/Fedora18/os/"
 network --bootproto=static --hostname=opst1-_USER_ --device=eth0 --gateway=172.16.0.1 --ip=172.16._USER_.11 --nameserver=172.16.0.1 --netmask=255.255.0.0 --activate
 network --device=eth1 --onboot=no
 network --device=eth2 --onboot=no
 rootpw --iscrypted $1$9GDUyF5b$b5SFhqDVlvCXWff7IgbvS.
 graphical
 firstboot --disable
 keyboard jp106
 lang en_US
 reboot
 timezone --isUtc Asia/Tokyo
 bootloader --location=mbr
 zerombr
 clearpart --all --initlabel 
 part /boot --asprimary --fstype="ext4" --size=512
 part swap --fstype="swap" --size=4096
 part / --fstype="ext4" --grow --size=1
 part pv.1 --size=20480
 volgroup cinder-volumes pv.1

 %packages
 @core
 @standard
 %end
 EOF

    cat <<'EOF' >/var/www/html/files/opst2.ks
 install
 url --url="http://reposerver/repo/Fedora18/os/"
 network --bootproto=static --hostname=opst2-_USER_ --device=eth0 --gateway=172.16.0.1 --ip=172.16._USER_.12 --nameserver=172.16.0.1 --netmask=255.255.0.0 --activate
 network --device=eth1 --onboot=no
 rootpw --iscrypted $1$9GDUyF5b$b5SFhqDVlvCXWff7IgbvS.
 graphical
 firstboot --disable
 keyboard jp106
 lang en_US
 reboot
 timezone --isUtc Asia/Tokyo
 bootloader --location=mbr
 zerombr
 clearpart --all --initlabel 
 part /boot --asprimary --fstype="ext4" --size=512
 part swap --fstype="swap" --size=4096
 part / --fstype="ext4" --grow --size=1

 %packages
 @core
 @standard
 %end
 EOF

    cat <<'EOF' >/var/www/html/files/apache.pp
 package { 'httpd':
  ensure => latest,
 }

 service { 'httpd':
  ensure     => running,
  enable     => true,
  hasrestart => true,
  hasstatus  => true,
 }
 
 file { '/var/www/html/index.html':
  owner   => 'apache',
  group   => 'apache',
  mode    => '0600',
  content => "<h1>This is $hostname.</h1>",
 }

 exec { 'fw-http':
  path    => '/usr/bin',
  command => 'firewall-cmd --add-service=http',
 }

 Package['httpd']
  -> File['/var/www/html/index.html']
  -> Service['httpd']
  -> Exec['fw-http']
 EOF

    cat <<'EOF' >/var/www/html/files/pgsql.pp
 class pgsql_install {
  package { 'postgresql-server':
    ensure => latest,
  }   
 }

 class pgsql_service {
  service { 'postgresql':
    ensure     => running,
    hasrestart => true,
    hasstatus  => true,
    enable     => true,
  }
 }

 class pgsql_init {
  file { '/var/lib/pgsql/data/pg_hba.conf':
    owner   => 'postgres',
    group   => 'postgres',
    mode    => '0600',
    source  => "$manifest_dir/pg_hba.conf",
    require => [Exec['initdb'], Exec['init_pw']],
  }

  exec {
    'initdb':
      path      => ['/sbin', '/bin'],
      command   => 'postgresql-setup initdb',
      logoutput => true,
      creates   => '/var/lib/pgsql/data/PG_VERSION',
      notify    => Exec['init_pw'],
    ;

    'init_pw':
      path        => ['/sbin', '/bin'],
      command     => 'service postgresql start && \
                      su - postgres -c "psql -w -c \
        \"ALTER USER postgres encrypted password \'pas4pgsql\'\"" && \
                      service postgresql stop',
      logoutput   => true,
      refreshonly => true,
    ;
  }
 }

 include 'pgsql_install'
 include 'pgsql_init'
 include 'pgsql_service'

 Class['pgsql_install'] -> Class['pgsql_init'] ~> Class['pgsql_service']
 Class['pgsql_install'] ~> Class['pgsql_service']
 EOF

    cat <<'EOF' >/var/www/html/files/pg_hba.conf
 # TYPE  DATABASE    USER        CIDR-ADDRESS          METHOD
 local   all         all                               md5
 host    all         all         127.0.0.1/32          md5
 host    all         all         ::1/128               md5
 EOF

    wget -O /var/www/html/files/fedora-19.x86_64.qcow2 http://cloud.fedoraproject.org/fedora-19.x86_64.qcow2
 }

 function prep_repos {
    set -x
    if ! grep -q Fedora-18-x86_64-DVD.iso /etc/fstab; then
        if [[ ! -f /var/lib/libvirt/images/Fedora-18-x86_64-DVD.iso ]]; then
            cp /root/setup/Fedora-18-x86_64-DVD.iso /var/lib/libvirt/images/
        fi
        echo "/var/lib/libvirt/images/Fedora-18-x86_64-DVD.iso /var/www/html/repo/Fedora18/os iso9660 defaults,_netdev 0 0" >> /etc/fstab
        mkdir -p /var/www/html/repo/Fedora18/os
        mount /var/www/html/repo/Fedora18/os
    fi

    if ! grep -q CentOS-6.4-x86_64-bin-DVD1.iso /etc/fstab; then
        if [[ ! -f /var/lib/libvirt/images/CentOS-6.4-x86_64-bin-DVD1.iso ]]; then
            cp /root/setup/CentOS-6.4-x86_64-bin-DVD1.iso /var/lib/libvirt/images/
        fi
        echo "/var/lib/libvirt/images/CentOS-6.4-x86_64-bin-DVD1.iso /var/www/html/repo/CentOS64 iso9660 defaults,_netdev 0 0" >> /etc/fstab
        mkdir -p /var/www/html/repo/CentOS64
        mount /var/www/html/repo/CentOS64
    fi

    if [[ ! -a /var/www/html/repo/rdo ]]; then
        ln -s /mnt/repo/rdo /var/www/html/repo/rdo
    fi

    if [[ ! -a /var/www/html/repo/Fedora18/fedora ]]; then
        ln -s /mnt/repo/Fedora18/fedora /var/www/html/repo/Fedora18/fedora
    fi

    if [[ ! -a /var/www/html/repo/Fedora18/updates ]]; then
        ln -s /mnt/repo/Fedora18/updates /var/www/html/repo/Fedora18/updates
    fi

    chcon -R -t httpd_sys_content_t /mnt/repo
 }

 # main

 localectl set-locale LANG="ja_JP.UTF-8"
 localectl set-keymap jp106

 prep_network
 prep_vncserver
 prep_httpd
 peruser_settings
 #prep_repos
 #prep_files


 # Before prep_repo, do the following:

 # Download the following iso's 
 #  /root/setup/Fedora-18-x86_64-DVD.iso
 #  /root/setup/CentOS-6.4-x86_64-bin-DVD1.iso

 # Official repos should be reposynced with reposync/wget to:
 #    /mnt/repo/Fedora18/fedora
 #    /mnt/repo/Fedora18/updates
 #    /mnt/repo/rdo/fedora-18

 # How to download rdo and Fedora repo
 # mkdir -p /mnt/repo/rdo && cd /mnt/repo/rdo && wget -r -nH -np http://repos.fedorapeople.org/repos/openstack/openstack-grizzly/fedora-18/
 # mv repos/openstack/openstack-grizzly/fedora-18 ./
 # rm -rf repos
 # mkdir -p /mnt/repo/Fedora18 && cd /mnt/repo/Fedora18 && reposync -n
 # createrepo fedora
 # createrepo updates
	#!/bin/bash -x

	LANG=C
	basepass="XXXXXXXX"
	reposerver="xxx.xxx.xxx.xxx"

	function prep_network {
	set -x
	yum -y update
	yum -y groupinstall "Gnome Desktop"
	yum -y install cinnamon virt-manager virt-viewer virt-top tigervnc-server expect openssh-askpass iptables-services libvirt-daemon-kvm busybox libvirt-daemon-lxc lxc system-config-kickstart

	systemctl stop firewalld.service
	systemctl mask firewalld.service
	systemctl stop iptables.service

	cat <<'EOF' > /etc/sysconfig/iptables
	*filter
	:INPUT DROP [0:0]
	:FORWARD ACCEPT [0:0]
	:OUTPUT ACCEPT [0:0]
	-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
	-A INPUT -i lo -j ACCEPT
	-A INPUT -p icmp -j ACCEPT
	-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
	-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
	-A INPUT -p tcp -m tcp --dport 4567 -j ACCEPT
	-A INPUT -p tcp -m tcp --dport 5901:5999 -j ACCEPT
	-A INPUT -m limit --limit 3/hour -j LOG --log-prefix "[INPUT Dropped] "
	COMMIT
	EOF

	systemctl enable iptables.service
	systemctl start iptables.service

	if ! grep -q reposerver /etc/hosts; then
	echo "$reposerver reposerver.localdomain reposerver" >> /etc/hosts
	fi


	if [[ ! -f /root/.ssh/id_rsa ]]; then
	yes "" \| ssh-keygen -N ""
	touch /root/.ssh/authorized_keys
	chmod 600 /root/.ssh/authorized_keys
	fi

	echo "options kvm-intel nested=1" > /etc/modprobe.d/kvm-intel.conf
	systemctl enable libvirtd.service
	systemctl start libvirtd.service
	sleep 5

	cat <<'EOF' >external01.xml
	<network>
	<name>external01</name>
	<forward mode='nat'/>
	<bridge name='virbr100' stp='off' delay='0' />
	<ip address='172.16.0.1' netmask='255.255.0.0'>
	<dhcp>
	<range start='172.16.0.100' end='172.16.0.254' />
	</dhcp>
	</ip>
	</network>
	EOF

	cat <<'EOF' >default.xml
	<network>
	<name>default</name>
	<forward mode='nat'/>
	<bridge name='virbr0' stp='off' delay='0' />
	<ip address='192.168.122.1' netmask='255.255.255.0'>
	<dhcp>
	<range start='192.168.122.2' end='192.168.122.254' />
	</dhcp>
	</ip>
	</network>
	EOF

	if virsh net-info default >/dev/null 2>&1; then
	virsh net-destroy default
	virsh net-autostart default --disable
	virsh net-undefine default
	fi

	if ! virsh net-info default >/dev/null 2>&1; then
	virsh net-define default.xml
	virsh net-start default
	virsh net-autostart default
	fi

	if ! virsh net-info external01 >/dev/null 2>&1; then
	virsh net-define external01.xml
	virsh net-start external01
	virsh net-autostart external01
	fi

	if [[ ! -d /mnt/images ]]; then
	cp -a /var/lib/libvirt/images /mnt/images
	rm -rf /var/lib/libvirt/images
	ln -s /mnt/images /var/lib/libvirt/images
	fi

	systemctl restart libvirtd.service
	}

	function prep_vncserver {
	set -x
	cat <<'EOF' > /etc/systemd/system/[email protected]
	[Unit]
	Description=Remote desktop service (VNC)
	After=syslog.target network.target

	[Service]
	Type=simple
	ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill :$(echo %I \| cut -f2 -d:) > /dev/null 2>&1 \|\| :'
	ExecStart=/bin/sh -c '/sbin/runuser -l $(echo %I \| cut -f1 -d:) -c "/usr/bin/vncserver -fg -geometry 1024x768 :$(echo %I \| cut -f2 -d:)" \|\| :'
	ExecStop=/bin/sh -c '/sbin/runuser -l $(echo %I \| cut -f1 -d:) -c "/usr/bin/vncserver -kill :$(echo %I \| cut -f2 -d:)" \|\| :'
	Restart=always

	[Install]
	WantedBy=multi-user.target
	EOF
	systemctl daemon-reload


	cat <<'EOF' >/usr/local/bin/resetvnc
	#!/bin/sh
	user=$USER
	if ! echo $user \| grep -qE "^user0[1-7]$"; then
	echo "Invalid user: $user"
	exit 1
	fi
	console=${user#user0}
	echo "Restarting VNC service for $user"
	echo "Wait a second..."
	ssh root@localhost systemctl kill -s9 vncserver@${user}:${console}
	ssh root@localhost systemctl start vncserver@${user}:${console}
	echo "Done."
	EOF
	chmod ugo+x /usr/local/bin/resetvnc

	}


	function peruser_settings {
	set -x
	for i in $(seq 0 7); do
	if [[ $i -eq 0 ]]; then
	user="sysadm"
	i=99
	else
	user=$( printf "user%02d" $i )
	fi

	if id $user >/dev/null 2>&1; then
	echo "$user already exists. skipping..."
	continue
	fi

	priv_net=$( printf "internal%02d" $i )
	cat <<EOF >${priv_net}.xml
	<network>
	<name>${priv_net}</name>
	<bridge name='virbr${i}' stp='off' delay='0' />
	</network>
	EOF

	if ! virsh net-info ${priv_net} >/dev/null 2>&1; then
	virsh net-define ${priv_net}.xml
	virsh net-start ${priv_net}
	virsh net-autostart ${priv_net}
	fi

	adduser $user
	su - $user -c 'yes "" \| ssh-keygen -N ""'
	cat /home/${user}/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys

	echo "$user ALL=(root) NOPASSWD: /bin/virt-install" > /etc/sudoers.d/$user
	chmod 440 /etc/sudoers.d/$user

	password="${basepass}${user}"
	expect -c "
	spawn passwd $user
	expect \"New password:\" { send \"$password\n\" }
	expect \"Retype new password:\" { send \"$password\n\" }
	expect eof { exit 0 }
	"
	su - $user -c " expect -c \"
	spawn vncpasswd
	expect \\\"Password:\\\" { send \\\"$password\n\\\" }
	expect \\\"Verify:\\\" { send \\\"$password\n\\\" }
	expect eof { exit 0 }
	\"
	"

	su - $user -c " expect -c \"
	spawn ssh root@localhost hostname
	expect \\\"(yes/no)?\\\" { send \\\"yes\n\\\" }
	expect eof { exit 0 }
	\"
	"
	xc=/home/$user/.Xclients
	cat <<'EOF' >$xc
	#!/bin/bash

	GSESSION="$(type -p gnome-session)"
	if [[ ! -z "$GSESSION" ]]; then
	dconf write /org/gnome/desktop/screensaver/lock-enabled false
	dconf write /org/gnome/desktop/session/idle-delay 'uint32 0'
	exec "$GSESSION" --session=cinnamon
	fi

	# fallback to default
	/etc/X11/xinit/Xclients
	EOF
	chown $user.$user $xc
	chmod u+x $xc

	systemctl enable "vncserver@${user}:${i}.service"
	systemctl restart "vncserver@${user}:${i}.service"
	sleep 5

	params=( \
	"--type int --set /apps/virt-manager/manager_window_height 470" \
	"--type int --set /apps/virt-manager/manager_window_width 670" \
	"--type list --list-type string --set /apps/virt-manager/connections/autoconnect '[qemu+ssh://root@localhost/system]'" \
	"--type list --list-type string --set /apps/virt-manager/connections/uris '[qemu+ssh://root@localhost/system]'" \
	"--type bool --set /apps/virt-manager/stats/enable-disk-poll true" \
	"--type bool --set /apps/virt-manager/stats/enable-net-poll true" \
	"--type bool --set /apps/virt-manager/vmlist-fields/cpu_usage true" \
	"--type bool --set /apps/virt-manager/vmlist-fields/network_traffic true" \
	"--type bool --set /apps/virt-manager/vmlist-fields/disk_usage true" \
	)
	for param in "${params[@]}"; do
	su - $user -c "gconftool-2 $param"
	done

	systemctl restart "vncserver@${user}:${i}.service"
	done
	}


	function prep_httpd {
	set -x
	yum -y install httpd
	sed -i 's/UserDir disabled/#UserDir disabled/' /etc/httpd/conf.d/userdir.conf
	sed -i 's/#UserDir public_html/UserDir public_html/' /etc/httpd/conf.d/userdir.conf
	systemctl enable httpd.service
	systemctl restart httpd.service
	setsebool -P httpd_enable_homedirs true
	}


	function prep_files {
	set -x
	mkdir -p /var/www/html/files

	cat <<'EOF' >/var/www/html/files/fedora.repo
	[fedora]
	name=Fedora $releasever - $basearch
	baseurl=http://reposerver/repo/Fedora18/fedora
	enabled=1
	gpgcheck=1
	gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch

	[updates]
	name=Fedora $releasever - $basearch - Updates
	baseurl=http://reposerver/repo/Fedora18/updates
	enabled=1
	gpgcheck=1
	gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch
	EOF

	cat <<'EOF' >/var/www/html/files/rdo.repo
	[openstack-grizzly]
	name=OpenStack Grizzly Repository
	baseurl=http://reposerver/repo/rdo/fedora-18
	enabled=1
	gpgcheck=0
	EOF

	cat <<'EOF' >/var/www/html/files/opst0.ks
	install
	url --url="http://reposerver/repo/Fedora18/os/"
	network --bootproto=static --hostname=opst0-_USER_ --device=eth0 --gateway=172.16.0.1 --ip=172.16._USER_.10 --nameserver=172.16.0.1 --netmask=255.255.0.0 --activate
	network --device=eth1 --onboot=no
	rootpw --iscrypted $1$9GDUyF5b$b5SFhqDVlvCXWff7IgbvS.
	graphical
	firstboot --disable
	keyboard jp106
	lang en_US
	reboot
	timezone --isUtc Asia/Tokyo
	bootloader --location=mbr
	zerombr
	clearpart --all --initlabel
	part /boot --asprimary --fstype="ext4" --size=512
	part swap --fstype="swap" --size=4096
	part / --fstype="ext4" --grow --size=1
	part pv.1 --size=20480
	volgroup cinder-volumes pv.1

	%packages
	@core
	@standard
	%end
	EOF

	cat <<'EOF' >/var/www/html/files/opst1.ks
	install
	url --url="http://reposerver/repo/Fedora18/os/"
	network --bootproto=static --hostname=opst1-_USER_ --device=eth0 --gateway=172.16.0.1 --ip=172.16._USER_.11 --nameserver=172.16.0.1 --netmask=255.255.0.0 --activate
	network --device=eth1 --onboot=no
	network --device=eth2 --onboot=no
	rootpw --iscrypted $1$9GDUyF5b$b5SFhqDVlvCXWff7IgbvS.
	graphical
	firstboot --disable
	keyboard jp106
	lang en_US
	reboot
	timezone --isUtc Asia/Tokyo
	bootloader --location=mbr
	zerombr
	clearpart --all --initlabel
	part /boot --asprimary --fstype="ext4" --size=512
	part swap --fstype="swap" --size=4096
	part / --fstype="ext4" --grow --size=1
	part pv.1 --size=20480
	volgroup cinder-volumes pv.1

	%packages
	@core
	@standard
	%end
	EOF

	cat <<'EOF' >/var/www/html/files/opst2.ks
	install
	url --url="http://reposerver/repo/Fedora18/os/"
	network --bootproto=static --hostname=opst2-_USER_ --device=eth0 --gateway=172.16.0.1 --ip=172.16._USER_.12 --nameserver=172.16.0.1 --netmask=255.255.0.0 --activate
	network --device=eth1 --onboot=no
	rootpw --iscrypted $1$9GDUyF5b$b5SFhqDVlvCXWff7IgbvS.
	graphical
	firstboot --disable
	keyboard jp106
	lang en_US
	reboot
	timezone --isUtc Asia/Tokyo
	bootloader --location=mbr
	zerombr
	clearpart --all --initlabel
	part /boot --asprimary --fstype="ext4" --size=512
	part swap --fstype="swap" --size=4096
	part / --fstype="ext4" --grow --size=1

	%packages
	@core
	@standard
	%end
	EOF

	cat <<'EOF' >/var/www/html/files/apache.pp
	package { 'httpd':
	ensure => latest,
	}

	service { 'httpd':
	ensure => running,
	enable => true,
	hasrestart => true,
	hasstatus => true,
	}

	file { '/var/www/html/index.html':
	owner => 'apache',
	group => 'apache',
	mode => '0600',
	content => "<h1>This is $hostname.</h1>",
	}

	exec { 'fw-http':
	path => '/usr/bin',
	command => 'firewall-cmd --add-service=http',
	}

	Package['httpd']
	-> File['/var/www/html/index.html']
	-> Service['httpd']
	-> Exec['fw-http']
	EOF

	cat <<'EOF' >/var/www/html/files/pgsql.pp
	class pgsql_install {
	package { 'postgresql-server':
	ensure => latest,
	}
	}

	class pgsql_service {
	service { 'postgresql':
	ensure => running,
	hasrestart => true,
	hasstatus => true,
	enable => true,
	}
	}

	class pgsql_init {
	file { '/var/lib/pgsql/data/pg_hba.conf':
	owner => 'postgres',
	group => 'postgres',
	mode => '0600',
	source => "$manifest_dir/pg_hba.conf",
	require => [Exec['initdb'], Exec['init_pw']],
	}

	exec {
	'initdb':
	path => ['/sbin', '/bin'],
	command => 'postgresql-setup initdb',
	logoutput => true,
	creates => '/var/lib/pgsql/data/PG_VERSION',
	notify => Exec['init_pw'],
	;

	'init_pw':
	path => ['/sbin', '/bin'],
	command => 'service postgresql start && \
	su - postgres -c "psql -w -c \
	\"ALTER USER postgres encrypted password \'pas4pgsql\'\"" && \
	service postgresql stop',
	logoutput => true,
	refreshonly => true,
	;
	}
	}

	include 'pgsql_install'
	include 'pgsql_init'
	include 'pgsql_service'

	Class['pgsql_install'] -> Class['pgsql_init'] ~> Class['pgsql_service']
	Class['pgsql_install'] ~> Class['pgsql_service']
	EOF

	cat <<'EOF' >/var/www/html/files/pg_hba.conf
	# TYPE DATABASE USER CIDR-ADDRESS METHOD
	local all all md5
	host all all 127.0.0.1/32 md5
	host all all ::1/128 md5
	EOF

	wget -O /var/www/html/files/fedora-19.x86_64.qcow2 http://cloud.fedoraproject.org/fedora-19.x86_64.qcow2
	}

	function prep_repos {
	set -x
	if ! grep -q Fedora-18-x86_64-DVD.iso /etc/fstab; then
	if [[ ! -f /var/lib/libvirt/images/Fedora-18-x86_64-DVD.iso ]]; then
	cp /root/setup/Fedora-18-x86_64-DVD.iso /var/lib/libvirt/images/
	fi
	echo "/var/lib/libvirt/images/Fedora-18-x86_64-DVD.iso /var/www/html/repo/Fedora18/os iso9660 defaults,_netdev 0 0" >> /etc/fstab
	mkdir -p /var/www/html/repo/Fedora18/os
	mount /var/www/html/repo/Fedora18/os
	fi

	if ! grep -q CentOS-6.4-x86_64-bin-DVD1.iso /etc/fstab; then
	if [[ ! -f /var/lib/libvirt/images/CentOS-6.4-x86_64-bin-DVD1.iso ]]; then
	cp /root/setup/CentOS-6.4-x86_64-bin-DVD1.iso /var/lib/libvirt/images/
	fi
	echo "/var/lib/libvirt/images/CentOS-6.4-x86_64-bin-DVD1.iso /var/www/html/repo/CentOS64 iso9660 defaults,_netdev 0 0" >> /etc/fstab
	mkdir -p /var/www/html/repo/CentOS64
	mount /var/www/html/repo/CentOS64
	fi

	if [[ ! -a /var/www/html/repo/rdo ]]; then
	ln -s /mnt/repo/rdo /var/www/html/repo/rdo
	fi

	if [[ ! -a /var/www/html/repo/Fedora18/fedora ]]; then
	ln -s /mnt/repo/Fedora18/fedora /var/www/html/repo/Fedora18/fedora
	fi

	if [[ ! -a /var/www/html/repo/Fedora18/updates ]]; then
	ln -s /mnt/repo/Fedora18/updates /var/www/html/repo/Fedora18/updates
	fi

	chcon -R -t httpd_sys_content_t /mnt/repo
	}

	# main

	localectl set-locale LANG="ja_JP.UTF-8"
	localectl set-keymap jp106

	prep_network
	prep_vncserver
	prep_httpd
	peruser_settings
	#prep_repos
	#prep_files


	# Before prep_repo, do the following:

	# Download the following iso's
	# /root/setup/Fedora-18-x86_64-DVD.iso
	# /root/setup/CentOS-6.4-x86_64-bin-DVD1.iso

	# Official repos should be reposynced with reposync/wget to:
	# /mnt/repo/Fedora18/fedora
	# /mnt/repo/Fedora18/updates
	# /mnt/repo/rdo/fedora-18

	# How to download rdo and Fedora repo
	# mkdir -p /mnt/repo/rdo && cd /mnt/repo/rdo && wget -r -nH -np http://repos.fedorapeople.org/repos/openstack/openstack-grizzly/fedora-18/
	# mv repos/openstack/openstack-grizzly/fedora-18 ./
	# rm -rf repos
	# mkdir -p /mnt/repo/Fedora18 && cd /mnt/repo/Fedora18 && reposync -n
	# createrepo fedora
	# createrepo updates