blob: 703ff2e94bb1041f8773d29a2300ea3c54e3c96a (
plain) (
tree)
|
|
patch_bashrc() {
if [ $(grep -c $(echo "^${INSTALLDIR}.*first_run") /root/.bashrc) -gt 0 ]; then
echo "# first_run script already in root's bashrc, doing nothing."
else
echo "# Patching root's bashrc...) "
echo "${INSTALLDIR}/first_run" >> /root/.bashrc
fi
}
copy_public_key() {
cp -p "${BASEDIR}/static_files/finish_setup_public_key.pem" ${INSTALLDIR} \
|| echo "Warning: Could not copy public key to ${INSTALLDIR}!"
}
drop_script() {
cat >"${INSTALLDIR}/first_run"<<-EOF
#!/bin/bash
generate_password() {
local password="\$(< /dev/urandom tr -dc _A-Za-z0-9 | head -c${1:-16};)"
echo "\$password"
}
LANG=en_US.UTF-8
echo
echo "Satellite server install post-install script"
echo
echo "This script will set safe password for root, the mysql root user,"
echo 'two mysql user accounts (openslx and bwLehrpool) and debian-sys-maint.'
echo
echo "We recommend you choose a secure password for root. The other"
echo "passwords will be auto generated."
echo ""
echo "Please set a secure password for root:"
echo ""
passwd
echo
echo "Thank you."
echo
echo "Now we will auto-generate new passwords for the mentioned mysql users:"
echo
MYSQL_ROOT_PASS="\$(grep MYSQL_ROOT_PASS "$LOGDIR/config"|cut -f 2 -d "=")"
umask 0066
MYSQL_ROOT_NEW=\$(generate_password)
mysqladmin -u root -p\${MYSQL_ROOT_PASS} password \${MYSQL_ROOT_NEW}
echo "MYSQL_ROOT_PASS=\$MYSQL_ROOT_NEW" > /root/new_passwords
echo "Mysql root password,"
MYSQL_BWLEHRPOOL_NEW=\$(generate_password)
echo "SET PASSWORD FOR 'bwLehrpool'@'localhost' = PASSWORD('\$MYSQL_BWLEHRPOOL_NEW');" | mysql -u root -p\${MYSQL_ROOT_NEW}
echo "MYSQL_BWLEHRPOOL_PASS=\$MYSQL_BWLEHRPOOL_NEW" >> /root/new_passwords
echo "Mysql bwLehrpool password,"
MYSQL_OPENSLX_NEW=\$(generate_password)
echo "SET PASSWORD FOR 'openslx'@'localhost' = PASSWORD('\$MYSQL_OPENSLX_NEW');" | mysql -u root -p\${MYSQL_ROOT_NEW}
echo "MYSQL_OPENSLX_PASS=\$MYSQL_OPENSLX_NEW" >> /root/new_passwords
echo "mysql openslx password,"
MYSQL_SYSMAINT_NEW=\$(generate_password)
echo "SET PASSWORD FOR 'debian-sys-maint'@'localhost' = PASSWORD('\$MYSQL_SYSMAINT_NEW');" | mysql -u root -p\${MYSQL_ROOT_NEW}
echo "and debian-sys-maint."
echo "... done."
echo
echo "Now we will save the newly set passwords (save debian-sys-maint)"
echo "in an encrypted file..."
cat /root/new_passwords | openssl rsautl -encrypt -pubin -inkey ${BASEDIR}/static_files/finish_setup_public_key.pem > \
${BASEDIR}/static_files/new_passwords.encrypted
rm -f /root/new_passwords 2>/dev/null
echo "...ok."
echo "And due to popular demand we will save the mysql root password also "
echo "in the file /root/mysqlpass (and set it to 600, of course)... "
echo "\$MYSQL_ROOT_NEW" > /root/mysqlpass
chmod 600 /root/mysqlpass
# Patching bwLehrpool-mysql-userpass into bwSuite Server config:
sed -i "s/%MYSQL_BWLEHRPOOL_PASS%/\$MYSQL_BWLEHRPOOL_NEW/g" "$INSTALLDIR/Server_Config.ini"
# Patching bwLehrpool-mysql-userpass into pureftpd config:
sed -i "s/MYSQLPassword.*$/MYSQLPassword \$MYSQL_BWLEHRPOOL_NEW/g" /etc/pure-ftpd/db/mysql.conf
# Patching bwLehrpool-mysql-userpass into satellite-daemon config:
sed -i "s/%MYSQL_BWLEHRPOOL_PASS%/\$MYSQL_BWLEHRPOOL_NEW/g" /opt/syncdaemon/config/mysql.properties
# Patching bwLehrpool-mysql-userpass into vmchooser list.php:
sed -i "s/%MYSQL_BWLEHRPOOL_PASS%/\$MYSQL_BWLEHRPOOL_NEW/g" /srv/openslx/www/vmchooser/list.php
# Patching openslx-mysql-userpass into slx-admin config:
sed -i "s/%MYSQL_OPENSLX_PASS%/\$MYSQL_OPENSLX_NEW/g" "$WWWDIR/slx-admin/config.php"
# Patching debian-sys-maint password into /etc/mysql/debian.cnf:
sed -i "s/password = .*/password = \$MYSQL_SYSMAINT_NEW/g" "/etc/mysql/debian.cnf"
# inittab-entry dmsd:
if [ \$(grep -c "dmsd.*respawn" /etc/inittab) -gt 0 ]; then
echo "bwLehrpool Suite inittab entry detected, doing nothing. "
else
echo -n "bwLehrpool Suite: patching inittab..."
echo "dmsd:2345:respawn:$INSTALLDIR/dmsd.sh" >> /etc/inittab
echo "ok."
fi
# inittab-entry taskmanager:
if [ \$(grep -c "tman.*respawn" /etc/inittab) -gt 0 ]; then
echo "Taskmanager inittab entry detected, doing nothing."
else
echo -n "bwLehrpool Suite: patching inittab..."
echo "tman:2345:respawn:$TASKMANDIR/taskmanager.sh" >> /etc/inittab
echo "ok."
fi
# inittab-entry syncdaemon:
if [ \$(grep -c "synd.*respawn" /etc/inittab) -gt 0 ]; then
echo "syncdaemon inittab entry detected, doing nothing. "
else
echo -n "syncdaemon: patching inittab..."
echo "synd:2345:respawn:/opt/syncdaemon/syncdaemon.sh" >> /etc/inittab
echo "ok."
fi
echo "Now, nearing the end, we generate new sshd identities for root."
echo "Old identity files id_rsa and id_rsa.pub will be backed up to .bak."
echo "These keys will not carry a passphrase. Delete it if you do not want this."
echo "Generating keys... "
[ -f /etc/ssh/ssh_host_rsa_key ] && mv /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_rsa_key.bak
[ -f /etc/ssh/ssh_host_rsa_key.pub ] && mv /etc/ssh/ssh_host_rsa_key.pub /etc/ssh/ssh_host_rsa_key.pub.bak
[ -f /etc/ssh/ssh_host_dsa_key ] && mv /etc/ssh/ssh_host_dsa_key /etc/ssh/ssh_host_dsa_key.bak
[ -f /etc/ssh/ssh_host_dsa_key.pub ] && mv /etc/ssh/ssh_host_dsa_key.pub /etc/ssh/ssh_host_dsa_key.pub.bak
[ -f /etc/ssh/ssh_host_ecdsa_key ] && mv /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_ecdsa_key.bak
[ -f /etc/ssh/ssh_host_ecdsa_key.pub ] && mv /etc/ssh/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub.bak
echo -n "... RSA ... "
ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N "" -t rsa -q
ERR=\$?
if [ \$ERR -ne 0 ]; then
echo "Error while generating sshd rsa host key. Please check and generate manually, if wanted."
else
echo "ok."
fi
echo -n "... DSA ... "
ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N "" -t dsa -q
ERR=\$?
if [ \$ERR -ne 0 ]; then
echo "Error while generating sshd dsa host key. Please check and generate manually, if wanted."
else
echo "ok."
fi
echo -n "... ECDSA ... "
ssh-keygen -f /etc/ssh/ssh_host_ecdsa -N "" -t ecdsa -q
ERR=\$?
if [ \$ERR -ne 0 ]; then
echo "Error while generating sshd ecdsa host key. Please check and generate manually, if wanted."
else
echo "ok."
fi
echo
echo "Due to popular demand we will now start a script to configure a static IP, if wanted."
echo
/usr/local/sbin/config_static_ip
echo "Last thing to is to delete the script starter from root's .bashrc..."
sed -i "/first_run/d" /root/.bashrc
echo "...done."
echo
echo "Please reboot the server. Do you want me to reboot it now?"
echo
echo "(Press 'y' to reboot, any other key to end script)"
read REBOOT
[[ "\$REBOOT" == "y" ]] && reboot
EOF
chmod u+x ${INSTALLDIR}/first_run
}
script_dropper () {
copy_public_key
patch_bashrc
drop_script
}
|