Ubuntu 22.04 LTS – Setup with Google Cloud, OpenAI, WordPress and HA Cluster

Overview

When prompted, enter the local IP address that should be used in the Corosync configuration. The script will use this IP address for the bindnetaddr in the Corosync configuration.

This guide will help you set up a complete environment on Ubuntu, including:

• Removing unnecessary packages
• Applying system hardening measures
• Installing and configuring the LAMP stack
• Installing the OpenAI library
• Installing the Google Cloud SDK
• Setting up a high-availability cluster with Pacemaker and Corosync

Step-by-Step Guide

Below is the Bash script that performs all the tasks mentioned above. Save the script to a file, make it executable, and run it with superuser privileges on both nodes of your cluster.

# Prompt for local IP address
read -p "Enter the local IP address (e.g., 192.168.1.0): " local_ip

# Function to remove a package if it's installed
remove_package() {
    if dpkg -l | grep -q "^ii  $1 "; then
        echo "Removing $1..."
        sudo apt-get remove -y $1
    else
        echo "$1 is not installed."
    fi
}

# Update package list
sudo apt-get update

# Remove unnecessary packages
remove_package thunderbird
remove_package libreoffice-common
remove_package gnome-games
remove_package transmission-common
remove_package cheese
remove_package totem
remove_package shotwell
remove_package rhythmbox
remove_package empathy
remove_package brasero
remove_package aisleriot
remove_package remmina
remove_package simple-scan
remove_package gnome-mines
remove_package gnome-mahjongg
remove_package deja-dup
remove_package gnome-calendar
remove_package gnome-contacts
remove_package orca
remove_package yelp
remove_package gnome-dictionary
remove_package geary
remove_package gnome-weather
remove_package onboard
remove_package ubuntu-web-launcher
remove_package webbrowser-app
remove_package unity-webapps-common
remove_package gnome-maps
remove_package gnome-music
remove_package gnome-photos
remove_package usb-creator-common
remove_package usb-creator-gtk
remove_package snapd
remove_package zeitgeist-core
remove_package zeitgeist-datahub

# Clean up residual dependencies
sudo apt-get autoremove -y

# Clean up local repository of retrieved package files
sudo apt-get autoclean

# Upgrade installed packages
sudo apt-get upgrade -y

# Hardening steps

# 1. Enable automatic security updates
echo "Enabling automatic security updates..."
sudo apt-get install -y unattended-upgrades
sudo dpkg-reconfigure -plow unattended-upgrades

# 2. Install and configure UFW (Uncomplicated Firewall)
echo "Installing and configuring UFW..."
sudo apt-get install -y ufw
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw enable

# 3. Disable root login via SSH
echo "Disabling root login via SSH..."
sudo sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
sudo systemctl restart sshd

# 4. Disable unused network services
echo "Disabling unused network services..."
sudo systemctl disable avahi-daemon
sudo systemctl stop avahi-daemon

# 5. Install and configure Fail2Ban
echo "Installing and configuring Fail2Ban..."
sudo apt-get install -y fail2ban
sudo systemctl enable fail2ban
sudo systemctl start fail2ban

# 6. Set up password aging policies
echo "Setting up password aging policies..."
sudo sed -i 's/^PASS_MAX_DAYS.*/PASS_MAX_DAYS   90/' /etc/login.defs
sudo sed -i 's/^PASS_MIN_DAYS.*/PASS_MIN_DAYS   10/' /etc/login.defs
sudo sed -i 's/^PASS_WARN_AGE.*/PASS_WARN_AGE   7/' /etc/login.defs

# 7. Disable guest account
echo "Disabling guest account..."
sudo sh -c 'printf "[SeatDefaults]\nallow-guest=false\n" > /etc/lightdm/lightdm.conf.d/50-no-guest.conf'

# 8. Enable AppArmor
echo "Enabling AppArmor..."
sudo systemctl enable apparmor
sudo systemctl start apparmor

# 9. Install and configure auditd
echo "Installing and configuring auditd..."
sudo apt-get install -y auditd
sudo systemctl enable auditd
sudo systemctl start auditd

# 10. Restrict compilers for regular users
echo "Restricting compilers for regular users..."
sudo chmod o-rx /usr/bin/gcc /usr/bin/g++ /usr/bin/cc

# LAMP stack installation

# 1. Install Apache
echo "Installing Apache..."
sudo apt-get install -y apache2
sudo systemctl enable apache2
sudo systemctl start apache2

# 2. Install MySQL
echo "Installing MySQL..."
sudo apt-get install -y mysql-server
sudo systemctl enable mysql
sudo systemctl start mysql

# Secure MySQL installation
echo "Securing MySQL installation..."
sudo mysql_secure_installation

# 3. Install PHP
echo "Installing PHP..."
sudo apt-get install -y php libapache2-mod-php php-mysql

# Restart Apache to load PHP module
echo "Restarting Apache to load PHP module..."
sudo systemctl restart apache2

# Create a PHP info file to test PHP processing
echo "Creating PHP info file..."
echo "" | sudo tee /var/www/html/info.php

echo "LAMP stack has been installed and configured."

# OpenAI library installation

# Install Python 3 and pip
echo "Installing Python 3 and pip..."
sudo apt-get install -y python3 python3-pip python3-venv

# Create a directory for the project
PROJECT_DIR="openai_project"
mkdir $PROJECT_DIR
cd $PROJECT_DIR

# Create a virtual environment
echo "Creating a virtual environment..."
python3 -m venv venv

# Activate the virtual environment
echo "Activating the virtual environment..."
source venv/bin/activate

# Upgrade pip in the virtual environment
echo "Upgrading pip..."
pip install --upgrade pip

# Install the OpenAI library
echo "Installing the OpenAI library..."
pip install openai

# Deactivate the virtual environment
echo "Deactivating the virtual environment..."
deactivate

echo "OpenAI library installation is complete. To start using it, navigate to $PROJECT_DIR and activate the virtual environment using 'source venv/bin/activate'."

# Install Google Cloud SDK

# Add the Cloud SDK distribution URI as a package source
echo "Adding the Cloud SDK distribution URI as a package source..."
echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] http://packages.cloud.google.com/apt cloud-sdk main" | sudo tee -a /etc/apt/sources.list.d/google-cloud-sdk.list

# Import the Google Cloud public key
echo "Importing the Google Cloud public key..."
curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key --keyring /usr/share/keyrings/cloud.google.gpg add -

# Update and install the Cloud SDK
echo "Updating package list and installing the Google Cloud SDK..."
sudo apt-get update && sudo apt-get install -y google-cloud-sdk

# Initialize the Cloud SDK
echo "Initializing the Cloud SDK..."
gcloud init

# High-availability cluster setup with Pacemaker and Corosync

# Function to install packages for HA cluster
install_ha_packages() {
    sudo apt-get update
    sudo apt-get install -y pacemaker corosync
}

# Function to configure Corosync
configure_corosync() {
    sudo tee /etc/corosync/corosync.conf > /dev/null <