blob: fe75c1df18452a218399da6e1bc50c442878fe51 (
plain) (
tree)
|
|
#!/bin/bash
MY_PID=$$
conf="/opt/openslx/config.install"
# Logfile
exec &>> /opt/openslx/firstboot.log
perror() {
echo "[ERROR] $*"
[ "$MY_PID" != "$$" ] && kill "$MY_PID"
if ! grep -q "firstboot.sh has thrown an error" /etc/motd; then
cat <<-EOF >> /etc/motd
WARNING!
firstboot.sh has thrown an error!
Please read /opt/openslx/firstboot.log and take appropriate measures!
This server may not work correctly!
EOF
fi
exit 5
}
if ! [ -e "$conf" ]; then
# First time this script runs, it will delete the config at the end; this
# means this has to be the second bootup, after the user finished the
# firstrun.sh script on first login as "bwlp".
# Completely delete the script now, and also firstrun.sh
unlink "/opt/openslx/firstrun.sh"
unlink "/opt/openslx/firstboot.sh"
unlink "/etc/systemd/system/firstboot.service"
unlink "/etc/systemd/system/multi-user.target.wants/firstboot.service"
# Only now enable the web interface, so the user cannot login via browser
# before finishing the firstrun.sh script via ssh/tty login
systemctl enable lighttpd.service || perror "Konnte systemd-Service lighttpd nicht aktivieren!"
systemctl --no-block start lighttpd.service
# Also activate our issue that hints at the webif URL
mv /etc/issue.disabled /etc/issue
exit 0
fi
echo "+++ $(basename "$0") gestartet: $(date "+%Y-%m-%d %H:%m:%S")"
[ -s "$conf" ] || perror "Config file $conf missing"
bash -n "$conf" || perror "Config file $conf has errors"
. "$conf"
generate_password() {
tr -dc _A-Za-z0-9 < /dev/urandom 2> /dev/null | head -c 16
}
patchfiles() {
# <find> <replace> <file1> <file2> ... <fileN>
# Warning: does not escape!
local FIND="$1"
local REPLACE="$2"
shift 2
while [ $# -gt 0 ]; do
sed -i "s/${FIND}/${REPLACE}/g" "$1"
shift
done
}
echo "+++ Lösche alte ssh-Schlüssel ..."
rm -f -- /etc/ssh/ssh_host_*key* 2>/dev/null
echo "+++ Generating new sshd keys..."
ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N "" -t rsa -q
ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N "" -t dsa -q
ssh-keygen -f /etc/ssh/ssh_host_ecdsa_key -N "" -t ecdsa -q
ssh-keygen -f /etc/ssh/ssh_host_ed25519_key -N "" -t ed25519 -q
echo "+++ Generiere intern genutzte Passwörter (z.B. MySQL-Zugänge) neu ..."
umask 0077
MYSQL_SAT_NEW=$(generate_password)
[ -z "$MYSQL_SAT_NEW" ] && perror "Error generating mysql password for dmsd"
echo "SET PASSWORD FOR 'sat'@'localhost' = PASSWORD('$MYSQL_SAT_NEW');" | mysql -u root || perror "Neusetzen des sat-MySQL-Passworts fehlgeschlagen."
MYSQL_OPENSLX_NEW=$(generate_password)
[ -z "$MYSQL_OPENSLX_NEW" ] && perror "Error generating mysql password for openslx"
echo "SET PASSWORD FOR 'openslx'@'localhost' = PASSWORD('$MYSQL_OPENSLX_NEW');" | mysql -u root || perror "Neusetzen des openslx-MySQL-Passworts fehlgeschlagen."
echo "+++ Konfigurationsdateien werden aktualisiert..."
# sat mysql pass
# Patch dmsd
patchfiles "%MYSQL_SAT_PASS%" "$MYSQL_SAT_NEW" "$DMSDDIR/config.properties"
# openslx mysql pass
# Patching openslx-mysql-userpass into slx-admin config:
patchfiles "%MYSQL_OPENSLX_PASS%" "$MYSQL_OPENSLX_NEW" "$SLXADMINDIR/config.php"
# taskmanager password
TASKMANAGER_PASS=$(generate_password)
patchfiles "%TM_OPENSLX_PASS%" "$TASKMANAGER_PASS" "$SLXADMINDIR/config.php" "$TASKMANDIR/config/config"
echo "+++ Dienste werden aktiviert..."
# Enable bwLehrpool related services
for i in dmsd.service taskmanager.service; do
systemctl enable "$i" || perror "Konnte systemd-Service $i nicht aktivieren!"
systemctl --no-block start "$i"
done
# root ssh key
echo ""
echo "Erzeuge SSH Schlüsselpaar für root"
echo ""
KEY=~/.ssh/id_rsa
rm -f -- "$KEY" "${KEY}.pub"
ssh-keygen -q -N "" -f "$KEY" \
|| echo "Achtung: Erzeugung Schlüsselpaar $KEY fehlgeschlagen."
# Write MOTD
cat > /etc/motd <<THEREDOC
> *** bwLehrpool Satellitenserver, Version $VERSION ***
> Eingerichtet am $(date)
>
> Wenn Sie sich als 'bwlp' eingeloggt haben, haben Sie nun folgende Optionen:
> netsetup - Konfiguriert das Netzwerk-Interface neu (DHCP oder statisch)
> sudo reboot - System neustarten
> sudo poweroff - System herunterfahren
>
> Andere Modifikationen am System sind in der Regel nicht notwendig.
>
THEREDOC
echo "+++ Daten des Firstrun-Scripts werden aufgeräumt..."
unlink "$conf"
exit 0
|