File size: 1,562 Bytes
c33a7ce | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 | #!/bin/bash
set -o errexit
eval $(grep VERSION_ID /etc/os-release)
tee /etc/yum.repos.d/google-cloud.repo << EOF
[google-compute-engine]
name=Google Compute Engine
baseurl=https://packages.cloud.google.com/yum/repos/google-compute-engine-el${VERSION_ID/.*}-x86_64-stable
enabled=1
gpgcheck=1
repo_gpgcheck=0
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg
https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
EOF
mv /etc/selinux /etc/selinux.tmp
dnf install -y --nobest \
acpid \
cloud-init \
google-compute-engine \
google-osconfig-agent \
langpacks-en \
rng-tools \
timedatex \
tuned \
vim
mv /etc/selinux.tmp /etc/selinux
# The current version of google-cloud-ops-agent is impacted by a CVE: https://access.redhat.com/security/cve/CVE-2024-41110
# It will be disable for the meantime
#
# # Install Google Ops Agent
# curl -sSo /tmp/add-google-cloud-ops-agent-repo.sh https://dl.google.com/cloudagents/add-google-cloud-ops-agent-repo.sh
# bash /tmp/add-google-cloud-ops-agent-repo.sh --also-install --remove-repo
# rm /tmp/add-google-cloud-ops-agent-repo.sh
# rpm-state is needed to remove microcode_ctl
mkdir /var/lib/rpm-state
dnf remove -y \
irqbalance \
microcode_ctl
rmdir /var/lib/rpm-state
rm -f /etc/yum.repos.d/google-cloud.repo
# Chrony configuration
sed -i \
-e '/^pool /c\server metadata.google.internal iburst' \
/etc/chrony.conf
# sshd configuration
cat << EOF >> /etc/ssh/sshd_config
PermitRootLogin no
PasswordAuthentication no
ClientAliveInterval 420
EOF
|