summaryrefslogblamecommitdiffstats
path: root/satellit_installer/includes/10-script_dropper.inc
blob: 703ff2e94bb1041f8773d29a2300ea3c54e3c96a (plain) (tree) 
9aabe45



























cadac45 ^


9aabe45




























cadac45 ^



b0cc4da ^

cadac45 ^

9aabe45



cadac45 ^


9aabe45






3c60443 ^





09e39ce ^

11ffd1b ^







9aabe45

955e81f ^



09e39ce ^

fdc0eb3 ^

9aabe45

cadac45 ^



9aabe45










8352884 ^

9aabe45



8352884 ^

9aabe45



11ffd1b ^









8f930b8 ^


0cf778c ^


9268470 ^


51dc876 ^

9268470 ^

51dc876 ^



9268470 ^

0cf778c ^

9268470 ^








0cf778c ^

9268470 ^

8f930b8 ^


9268470 ^

8f930b8 ^




0cf778c ^

51dc876 ^








0cf778c ^



1b62fdc ^

0cf778c ^

9aabe45



7858b25 ^






9aabe45









1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

28
29

30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57

58
59
60

61

62

63
64
65

66
67

68
69
70
71
72
73

74
75
76
77
78

79

80
81
82
83
84
85
86

87

88
89
90

91

92

93

94
95
96

97
98
99
100
101
102
103
104
105
106

107

108
109
110

111

112
113
114

115
116
117
118
119
120
121
122
123

124
125

126
127

128
129

130

131

132
133
134

135

136

137
138
139
140
141
142
143
144

145

146

147
148

149

150
151
152
153

154

155
156
157
158
159
160
161
162

163
164
165

166

167

168
169
170

171
172
173
174
175
176

177
178
179
180
181
182
183
184
185



























                                                                                        

                                                                                     



























                                                                                                                                   


                                                
                                                                                                                                       
                                    


                        

                                                                               





                                                                                                                               




                                                                                   
                                                                        






                                                                                                           
 


                                                                                                       
                                                                
                                                                                            
 


                                                                                          









                                                                               
                                                                   


                                                                         
                                                                                   


                          








                                                                                      

                                                                                  

                                                                                         

                                                                                                      
                                                                                                                  
                                                                                                      


                                                                                                                        
 
                              







                                                                                                               
                               
                                                               

                                
                                                                                                               



                          
                                







                                                                                                                 


                                                                                                    
                                        
 


                                                                                   





                                                                         








                                         
patch_bashrc() {
	if [ $(grep -c $(echo "^${INSTALLDIR}.*first_run") /root/.bashrc) -gt 0 ]; then
		echo "# first_run script already in root's bashrc, doing nothing."
	else
		echo "# Patching root's bashrc...) "
		echo "${INSTALLDIR}/first_run" >> /root/.bashrc
	fi
}

copy_public_key() {
	cp -p "${BASEDIR}/static_files/finish_setup_public_key.pem" ${INSTALLDIR} \
		|| echo "Warning: Could not copy public key to ${INSTALLDIR}!"
}

drop_script() {
	cat >"${INSTALLDIR}/first_run"<<-EOF
	#!/bin/bash
	
	generate_password() {
        	local password="\$(< /dev/urandom tr -dc _A-Za-z0-9 | head -c${1:-16};)"
		echo "\$password"
	}

	LANG=en_US.UTF-8
	echo
	echo "Satellite server install post-install script"
	echo
	echo "This script will set safe password for root, the mysql root user,"
	echo 'two mysql user accounts (openslx and bwLehrpool) and debian-sys-maint.'
	echo
	echo "We recommend you choose a secure password for root. The other"
	echo "passwords will be auto generated."
	echo ""
	echo "Please set a secure password for root:"
	echo ""
	passwd
	echo 
	echo "Thank you."
	echo
	echo "Now we will auto-generate new passwords for the mentioned mysql users:"
	echo
	MYSQL_ROOT_PASS="\$(grep MYSQL_ROOT_PASS "$LOGDIR/config"|cut -f 2 -d "=")"
	umask 0066

	MYSQL_ROOT_NEW=\$(generate_password)
	mysqladmin -u root -p\${MYSQL_ROOT_PASS} password \${MYSQL_ROOT_NEW} 
	echo "MYSQL_ROOT_PASS=\$MYSQL_ROOT_NEW" > /root/new_passwords
	echo "Mysql root password,"

	MYSQL_BWLEHRPOOL_NEW=\$(generate_password)
	echo "SET PASSWORD FOR 'bwLehrpool'@'localhost' = PASSWORD('\$MYSQL_BWLEHRPOOL_NEW');" | mysql -u root -p\${MYSQL_ROOT_NEW}
	echo "MYSQL_BWLEHRPOOL_PASS=\$MYSQL_BWLEHRPOOL_NEW" >> /root/new_passwords
	echo "Mysql bwLehrpool password,"

	MYSQL_OPENSLX_NEW=\$(generate_password)
	echo "SET PASSWORD FOR 'openslx'@'localhost' = PASSWORD('\$MYSQL_OPENSLX_NEW');" | mysql -u root -p\${MYSQL_ROOT_NEW}
	echo "MYSQL_OPENSLX_PASS=\$MYSQL_OPENSLX_NEW" >> /root/new_passwords
	echo "mysql openslx password,"

	MYSQL_SYSMAINT_NEW=\$(generate_password)
	echo "SET PASSWORD FOR 'debian-sys-maint'@'localhost' = PASSWORD('\$MYSQL_SYSMAINT_NEW');" | mysql -u root -p\${MYSQL_ROOT_NEW}
	echo "and debian-sys-maint."

	echo "... done."
	echo
	echo "Now we will save the newly set passwords (save debian-sys-maint)"
	echo "in an encrypted file..."

	cat /root/new_passwords | openssl rsautl -encrypt -pubin -inkey ${BASEDIR}/static_files/finish_setup_public_key.pem > \
		${BASEDIR}/static_files/new_passwords.encrypted
	rm -f /root/new_passwords 2>/dev/null
	echo "...ok."

	echo "And due to popular demand we will save the mysql root password also "
	echo "in the file /root/mysqlpass (and set it to 600, of course)... "
	echo "\$MYSQL_ROOT_NEW" > /root/mysqlpass
	chmod 600 /root/mysqlpass

	# Patching bwLehrpool-mysql-userpass into bwSuite Server config:
	sed -i "s/%MYSQL_BWLEHRPOOL_PASS%/\$MYSQL_BWLEHRPOOL_NEW/g" "$INSTALLDIR/Server_Config.ini"

	# Patching bwLehrpool-mysql-userpass into pureftpd config:
	sed -i "s/MYSQLPassword.*$/MYSQLPassword    \$MYSQL_BWLEHRPOOL_NEW/g" /etc/pure-ftpd/db/mysql.conf

	# Patching bwLehrpool-mysql-userpass into satellite-daemon config:
	sed -i "s/%MYSQL_BWLEHRPOOL_PASS%/\$MYSQL_BWLEHRPOOL_NEW/g" /opt/syncdaemon/config/mysql.properties

	# Patching bwLehrpool-mysql-userpass into vmchooser list.php:
	sed -i "s/%MYSQL_BWLEHRPOOL_PASS%/\$MYSQL_BWLEHRPOOL_NEW/g" /srv/openslx/www/vmchooser/list.php

	# Patching openslx-mysql-userpass into slx-admin config:
	sed -i "s/%MYSQL_OPENSLX_PASS%/\$MYSQL_OPENSLX_NEW/g" "$WWWDIR/slx-admin/config.php"

	# Patching debian-sys-maint password into /etc/mysql/debian.cnf:
	sed -i "s/password = .*/password = \$MYSQL_SYSMAINT_NEW/g" "/etc/mysql/debian.cnf"

	# inittab-entry dmsd:
	if [ \$(grep -c "dmsd.*respawn" /etc/inittab) -gt 0 ]; then
		echo "bwLehrpool Suite inittab entry detected, doing nothing. "
	else
		echo -n "bwLehrpool Suite: patching inittab..."
		echo "dmsd:2345:respawn:$INSTALLDIR/dmsd.sh" >> /etc/inittab
		echo "ok."
	fi

	# inittab-entry taskmanager:
	if [ \$(grep -c "tman.*respawn" /etc/inittab) -gt 0 ]; then
		echo "Taskmanager inittab entry detected, doing nothing."
	else
		echo -n "bwLehrpool Suite: patching inittab..."
		echo "tman:2345:respawn:$TASKMANDIR/taskmanager.sh" >> /etc/inittab
		echo "ok."
	fi

	# inittab-entry syncdaemon:
	if [ \$(grep -c "synd.*respawn" /etc/inittab) -gt 0 ]; then
		echo "syncdaemon inittab entry detected, doing nothing. "
	else
		echo -n "syncdaemon: patching inittab..."
		echo "synd:2345:respawn:/opt/syncdaemon/syncdaemon.sh" >> /etc/inittab
		echo "ok."
	fi

	echo "Now, nearing the end, we generate new sshd identities for root."
	echo "Old identity files id_rsa and id_rsa.pub will be backed up to .bak."
	echo "These keys will not carry a passphrase. Delete it if you do not want this."
	echo "Generating keys... "

	[ -f /etc/ssh/ssh_host_rsa_key ] && mv /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_rsa_key.bak
	[ -f /etc/ssh/ssh_host_rsa_key.pub ] && mv /etc/ssh/ssh_host_rsa_key.pub /etc/ssh/ssh_host_rsa_key.pub.bak
	[ -f /etc/ssh/ssh_host_dsa_key ] && mv /etc/ssh/ssh_host_dsa_key /etc/ssh/ssh_host_dsa_key.bak
	[ -f /etc/ssh/ssh_host_dsa_key.pub ] && mv /etc/ssh/ssh_host_dsa_key.pub /etc/ssh/ssh_host_dsa_key.pub.bak
	[ -f /etc/ssh/ssh_host_ecdsa_key ] && mv /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_ecdsa_key.bak
	[ -f /etc/ssh/ssh_host_ecdsa_key.pub ] && mv /etc/ssh/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub.bak

	echo -n "... RSA ... "
	ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N "" -t rsa -q
	ERR=\$?
	if [ \$ERR -ne 0 ]; then
		echo "Error while generating sshd rsa host key. Please check and generate manually, if wanted."
	else
		echo "ok."
	fi

	echo -n "... DSA ... " 
	ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N "" -t dsa -q
	ERR=\$?
	if [ \$ERR -ne 0 ]; then
		echo "Error while generating sshd dsa host key. Please check and generate manually, if wanted."
	else
		echo "ok."
	fi

	echo -n "... ECDSA ... "
	ssh-keygen -f /etc/ssh/ssh_host_ecdsa -N "" -t ecdsa -q
	ERR=\$?
	if [ \$ERR -ne 0 ]; then
		echo "Error while generating sshd ecdsa host key. Please check and generate manually, if wanted."
	else
		echo "ok."
	fi

	echo
	echo "Due to popular demand we will now start a script to configure a static IP, if wanted."
	echo
	/usr/local/sbin/config_static_ip

	echo "Last thing to is to delete the script starter from root's .bashrc..."
	sed -i "/first_run/d" /root/.bashrc
	echo "...done."
	echo
	echo "Please reboot the server. Do you want me to reboot it now?"
	echo
	echo "(Press 'y' to reboot, any other key to end script)"
	read REBOOT
	[[ "\$REBOOT" == "y" ]] && reboot
	EOF
	chmod u+x ${INSTALLDIR}/first_run
}

script_dropper () {
	copy_public_key
	patch_bashrc
	drop_script
}
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2024-06-21 22:37:04 +0200