diff options
author | Simon Rettberg | 2023-10-19 13:22:27 +0200 |
---|---|---|
committer | Simon Rettberg | 2023-10-19 13:22:27 +0200 |
commit | f3ce2e1cbf6368a0e3bd176c59f0d0ab7cadd6c7 (patch) | |
tree | 64e31708c54461caf65710578d3fd1dc037bf266 | |
parent | [SSPS] issue: lightred for better readablity on black background (diff) | |
download | setup-scripts-f3ce2e1cbf6368a0e3bd176c59f0d0ab7cadd6c7.tar.gz setup-scripts-f3ce2e1cbf6368a0e3bd176c59f0d0ab7cadd6c7.tar.xz setup-scripts-f3ce2e1cbf6368a0e3bd176c59f0d0ab7cadd6c7.zip |
[SSPS] Modernize; switch default user to openslx + sudo
24 files changed, 197 insertions, 208 deletions
diff --git a/satellit_installer/includes/00-dirs.inc b/satellit_installer/includes/00-dirs.inc index cd6d383..3ad0f9a 100644 --- a/satellit_installer/includes/00-dirs.inc +++ b/satellit_installer/includes/00-dirs.inc @@ -1,15 +1,14 @@ -# Do not rename this file, it is copied later on by the script dropper -export CONFIGDIR="$BASEDIR/config" -export DMSDDIR="/opt/dmsd/" -export DNBD3DIR="/opt/openslx/dnbd3/" -export TASKMANDIR="/opt/taskmanager/" -export OPENSLXDIR="/opt/openslx/" -export OPENSLXSRVDIR="/srv/openslx/" -export LDADPDIR="/opt/ldadp/" -export TFTPDIR="$OPENSLXSRVDIR/tftp" -export WWWDIR="$OPENSLXSRVDIR/www" -export PATH_SLXADMIN="$WWWDIR/slx-admin" -export IPXEDIR="$OPENSLXDIR/ipxe" -export SLXADMINCACHE="/var/cache/slx-admin" -readonly CONFIGDIR DMSDDIR DNBD3DIR TASKMANDIR OPENSLXDIR OPENSLXSRVDIR LDADPDIR SYNCDAEMONDIR TFTPDIR WWWDIR PATH_SLXADMIN +CONFIG_FILE="/opt/openslx/config.install" +DMSDDIR="/opt/dmsd/" +DNBD3DIR="/opt/openslx/dnbd3/" +TASKMANDIR="/opt/taskmanager/" +OPENSLXDIR="/opt/openslx/" +OPENSLXSRVDIR="/srv/openslx/" +LDADPDIR="/opt/ldadp/" +TFTPDIR="$OPENSLXSRVDIR/tftp" +WWWDIR="$OPENSLXSRVDIR/www" +SLXADMINDIR="$WWWDIR/slx-admin" +IPXEDIR="$OPENSLXDIR/ipxe" +SLXADMINCACHE="/var/cache/slx-admin" +readonly CONFIG_FILE DMSDDIR DNBD3DIR TASKMANDIR OPENSLXDIR OPENSLXSRVDIR LDADPDIR SYNCDAEMONDIR TFTPDIR WWWDIR SLXADMINDIR diff --git a/satellit_installer/includes/00-variables.inc b/satellit_installer/includes/00-variables.inc index a826ad7..e22ed94 100644 --- a/satellit_installer/includes/00-variables.inc +++ b/satellit_installer/includes/00-variables.inc @@ -9,6 +9,11 @@ export DEBIAN_FRONTEND="noninteractive" # Part of keeping apt quiet export LANG="en_US.UTF-8" +# Default password for the openslx system user, user is forced to change this on first boot +DEFAULT_OPENSLX_PASSWORD="aendermichsofort" +# This will only be used to install the slx-admin db scheme and changed on first boot +TEMP_DB_PASS="geheim" + ### Needed Packages: # Set list of needed packages (scripting needs) - remember, Debian-specific so far. PACKAGELIST_SCRIPT=" diff --git a/satellit_installer/includes/10-handle_mysql.inc b/satellit_installer/includes/10-functions_mysql.inc index 5b99719..5b99719 100644 --- a/satellit_installer/includes/10-handle_mysql.inc +++ b/satellit_installer/includes/10-functions_mysql.inc diff --git a/satellit_installer/includes/10-handle_users.inc b/satellit_installer/includes/10-handle_users.inc index 9063a40..48dd148 100644 --- a/satellit_installer/includes/10-handle_users.inc +++ b/satellit_installer/includes/10-handle_users.inc @@ -30,7 +30,7 @@ kill_user() { userdel -r -f $( < /etc/passwd awk -F: '$3 == 1000 {print $1}' ) || perror "# could not kill userid ${1}!" } -check_users() { +kill_existing_users() { echo "#" echo "# Checking for users to kill with id>=1000: " for userid in $( < /etc/passwd cut -f 3 -d ":" | sort -n ); do diff --git a/satellit_installer/includes/10-password_helper.inc b/satellit_installer/includes/10-password_helper.inc deleted file mode 100644 index 0f52185..0000000 --- a/satellit_installer/includes/10-password_helper.inc +++ /dev/null @@ -1,22 +0,0 @@ -generate_password() { - local password="$(< /dev/urandom tr -dc A-Za-z0-9_ | head -c${1:-16};)" - echo "$password" -} - -# This routine has to be used only in conjunction with the prepare_firstrun-script, which -# will enforce the setting of good passwords on first root login after server start. -set_passwords() { - echo -n "# Setting passwords..." - OPENSLX_PASS="$(generate_password)" - MYSQL_OPENSLX_PASS="$(generate_password)" - MYSQL_SAT_PASS="$(generate_password)" - - # Keep in mind the passwords stored here will be valid only temporary, - # as they will be changed by the dropper script. - # If you need the permanently valid password, you will need to - # decrypt static_files/new_passwords.encrypted. - echo "OPENSLX_PASS=$OPENSLX_PASS" > "$CONFIGDIR"/config - echo "MYSQL_OPENSLX_PASS=$MYSQL_OPENSLX_PASS" >> "$CONFIGDIR"/config - echo "MYSQL_SAT_PASS=$MYSQL_SAT_PASS" >> "$CONFIGDIR"/config - echo "ok." -} diff --git a/satellit_installer/includes/10-script_dropper.inc b/satellit_installer/includes/10-script_dropper.inc index 62d1b58..a991f28 100644 --- a/satellit_installer/includes/10-script_dropper.inc +++ b/satellit_installer/includes/10-script_dropper.inc @@ -1,24 +1,21 @@ -patch_profile() { - local script="/root/installer/firstrun_script.sh" +fb_enable_firstrun() { + local script="/opt/openslx/firstrun.sh" [ -x "$script" ] || perror "Firstrun script not found ($script)" - if grep -qF "$script" /root/.profile; then - echo "# first_run script already in root's .profile, doing nothing." - else - echo "# Patching root's .profile" - echo "$script" >> /root/.profile + if ! grep -qF "$script" "/home/openslx/.profile"; then + echo "# Patching openslx's .profile" + echo "[ -t 0 ] && $script" >> "/home/openslx/.profile" + chown openslx:openslx "/home/openslx/.profile" fi } -drop_script() { - mkdir -p "/root/installer" - # So we know all the paths and the mysql password - cat "${BASEDIR}/includes/00-dirs.inc" "${CONFIGDIR}/config" > "/root/installer/config" - chmod 0600 /root/installer/config +fb_write_config() { + # So we know all the paths + declare -p DMSDDIR TASKMANDIR SLXADMINDIR VERSION >> "$CONFIG_FILE" } -drop_firstrun_script () { - patch_profile - drop_script +enable_firstrun_script () { + fb_enable_firstrun + fb_write_config systemctl daemon-reload systemctl enable firstboot.service || perror "Could not enable firstboot service" } diff --git a/satellit_installer/includes/20-prerequisites.inc b/satellit_installer/includes/20-prerequisites.inc index e0dc9e0..90189d8 100644 --- a/satellit_installer/includes/20-prerequisites.inc +++ b/satellit_installer/includes/20-prerequisites.inc @@ -1,29 +1,25 @@ prerequisites() { - mkdir -p -m 700 "$BASEDIR"/config # No point in testing. - mkdir -p -m 700 "$BASEDIR"/temp + mkdir -p -m 700 "$BASEDIR/temp" + mkdir -p "/opt/openslx" - # Old debugging config file there? - [ -f "$CONFIGDIR/config" ] && cp -p "$CONFIGDIR/config" "$CONFIGDIR/config.prerun" 2>/dev/null + # Enable en_US locale + # Already there? Do nothing + grep -q '^\s*en_US.UTF-8' /etc/locale.gen && return 0 + # Try to enable + sed 's/^#\s*en_US.UTF-8/en_US.UTF-8/g' /etc/locale.gen - # Let's look whether an english locale is alread active (we choose en_US.UTF-8) - if [[ $(grep "en_US.UTF-8" /etc/locale.gen|cut -f 1 -d " ") == "#" ]]; then - echo -n "# Generating an english UTF-8 based locale (this may take some time)..." - # Backing up never hurts: - cp -p /etc/locale.gen /etc/locale.gen.orig - # Now patch the localization file: - sed -i 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/g' /etc/locale.gen - dpkg-reconfigure locales 2>/dev/null 1>&2 - if [ "$ERR" -ne 0 ]; then - echo - echo "# WARNING: Could not reconfigure locales. This is annoying, as" - echo "# it will yield some mixed languages, perhaps." - echo "# Please make sure thy system has an UTF-8 based" - echo "# character set." - else - echo " ok." - fi + if ! grep -q '^\s*en_US.UTF-8' /etc/locale.gen; then + # Still not there, add + echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen + fi - else - echo "# English locale detected; all is well." + # Regenerate + dpkg-reconfigure locales + if [ "$?" -ne 0 ]; then + echo "#" + echo "# WARNING: Could not reconfigure locales. This is annoying, as" + echo "# it will yield some mixed languages, perhaps." + echo "# Please make sure thy system has an UTF-8 based" + echo "# character set." fi } diff --git a/satellit_installer/includes/50-add_mysql_dbs_users.inc b/satellit_installer/includes/50-add_mysql_dbs_users.inc index 755e1b3..fccba99 100644 --- a/satellit_installer/includes/50-add_mysql_dbs_users.inc +++ b/satellit_installer/includes/50-add_mysql_dbs_users.inc @@ -4,8 +4,8 @@ add_mysql_dbs_users() { mysql_add_db sat # $1=user, $2=database, $3=privileges, $4=password - mysql_add_user sat sat "DELETE, INSERT, SELECT, UPDATE, ALTER, CREATE, DROP" "$MYSQL_SAT_PASS" - mysql_add_user openslx openslx ALL "$MYSQL_OPENSLX_PASS" + mysql_add_user sat sat "DELETE, INSERT, SELECT, UPDATE, ALTER, CREATE, DROP" "$RANDOM" + mysql_add_user openslx openslx "ALL" "$TEMP_DB_PASS" # $1=user, $2=database, $3=privileges mysql_add_privs "openslx" "sat.*" "ALL" mysql_add_privs "sat" "openslx.location" "SELECT, CREATE" diff --git a/satellit_installer/includes/50-add_users_groups.inc b/satellit_installer/includes/50-add_users_groups.inc index 840362a..e6f92f1 100644 --- a/satellit_installer/includes/50-add_users_groups.inc +++ b/satellit_installer/includes/50-add_users_groups.inc @@ -15,4 +15,9 @@ add_users_groups() { add_user_nohome dnbd3 10002 10002 adduser www-data adm # So the webif can read /var/log stuff adduser dnbd3 images # Put dnbd3 user into images group so it can write the NFS share + adduser openslx sudo # openslx is the main user, as we disallow ssh login as root + + echo "# disable root login, set default password for openslx" + usermod -p "*" root + echo "openslx:$DEFAULT_OPENSLX_PASSWORD" | chpasswd } diff --git a/satellit_installer/includes/70-write_versionstring.inc b/satellit_installer/includes/70-write_versionstring.inc index 397df2f..eb359c4 100644 --- a/satellit_installer/includes/70-write_versionstring.inc +++ b/satellit_installer/includes/70-write_versionstring.inc @@ -3,5 +3,5 @@ write_versionstring() { # is just the date of script run time VERS=$(date +%Y%j%H) - echo "$VERS" > "${PATH_SLXADMIN}/version" + echo "$VERS" > "${SLXADMINDIR}/version" } diff --git a/satellit_installer/includes/90-patch_misc_files.inc b/satellit_installer/includes/90-patch_misc_files.inc index 45c220f..90b00da 100644 --- a/satellit_installer/includes/90-patch_misc_files.inc +++ b/satellit_installer/includes/90-patch_misc_files.inc @@ -3,29 +3,17 @@ patch_bashrc() { echo "# As one of the last things here we will set a new prompt to distinguish" echo "# the bwLehrpool satellite server from other servers. To accomplish this" echo "# we will set a very classy prompt. This will take effect at next root login." - local ifname=$( ifconfig | grep -oEm1 '^e\w+' ) - echo "# Setting prompt..." - if grep -q '^IP=' /root/.bashrc; then - echo "...already done." - else - sed "s/%ifname%/$ifname/g" >> /root/.bashrc <<-"ENDO" - IP=$( ip -4 a show "%ifname%" 2>/dev/null | grep '^\s*inet\s' | awk -F ' ' '{print $2}' ) - [ -z "$IP" ] && IP=$(ip -4 a | grep '^\s*inet\s'| grep -v '127.0.0' | head -n 1 | awk -F ' ' '{print $2}') - IP=${IP%/*} - [ -z "$IP" ] && IP="noip???" - PS1="\[\033[01;31m\]\u\[\033[00m\]@\[\033[01;32m\]\h \[\033[00m\]($IP) - \[\033[01;34m\]\w\[\033[00m\] # " - ENDO - fi - # aliases, dircolors - sed -i -r 's/# *(alias|export LS|eval ")/\1/' /root/.bashrc -} - -patch_vim() { - sed -i -r 's/" *(syntax|set showmatch|set smartcase|set incsearch)/\1/' /etc/vim/vimrc - echo "set autoindent" >> /etc/vim/vimrc - echo "set smartindent" >> /etc/vim/vimrc + for f in /root/ /home/*/; do + [ -d "$f" ] || continue # Not dir + f="$f/.bashrc" + [ -f "$f" ] || cp /etc/skel/.bashrc "$f" # Make sure default exists + grep -qF '/opt/openslx/bashrc.inc' "$f" && continue # Already patched + # This include will set our two-line prompt including the IP address + echo ". /opt/openslx/bashrc.inc" >> "$f" + # enable aliases, dircolors + sed -i -r 's/^(\s*)#\s*(alias|export LS|export GCC|eval )/\1\2/' "$f" + done } patch_ldapsearch() { @@ -37,11 +25,5 @@ patch_ldapsearch() { patch_java() { # Fix svg renderer: # java.awt.AWTError: Assistive Technology not found: org.GNOME.Accessibility.AtkWrapper - sed -i -e '/^assistive_technologies=/s/^/#/' /etc/java-*-openjdk/accessibility.properties &> /dev/null -} - -set_version_string() { - echo -n "# Setting version string..." - echo 'VERSION="'$VERSION'"' >> "$CONFIGDIR"/config - echo "ok." + sed -i -e '/^assistive_technologies=/s/^/#/' /etc/java-*/accessibility.properties &> /dev/null } diff --git a/satellit_installer/includes/90-patch_slxadmin.inc b/satellit_installer/includes/90-setup_slxadmin.inc index 69afbcb..0220bdc 100644 --- a/satellit_installer/includes/90-patch_slxadmin.inc +++ b/satellit_installer/includes/90-setup_slxadmin.inc @@ -1,5 +1,5 @@ # Prepare files and symlinks in slx-admin www dir -patch_slxadmin_dir () { +enable_slxadmin_modules () { # Create modules directory and link modules from modules-available according to slxadmin module list (SLXADMIN_MODULES): mkdir -p "$WWWDIR/slx-admin/modules" cd "$WWWDIR/slx-admin/modules" || perror "Cannot cd to slxadmin/modules" @@ -14,7 +14,7 @@ patch_slxadmin_dir () { install_slxadmin_db () { # Prepare temporary config install_files "slxadmin" - sed -i "s/%MYSQL_OPENSLX_PASS%/${MYSQL_OPENSLX_PASS}/" "$WWWDIR/slx-admin/config.php" || perror "Could not write temporary DB password to config.php" + sed -i "s/%MYSQL_OPENSLX_PASS%/${TEMP_DB_PASS}/" "$WWWDIR/slx-admin/config.php" || perror "Could not write temporary DB password to config.php" # Install slx-admin DB cd "$WWWDIR/slx-admin" || perror "Cannot cd to $WWWDIR" echo "# Installing slx-admin database" diff --git a/satellit_installer/satellit_installer b/satellit_installer/satellit_installer index 8d3fde9..2a29cf4 100755 --- a/satellit_installer/satellit_installer +++ b/satellit_installer/satellit_installer @@ -88,10 +88,6 @@ uninstall_packages mpt-status prerequisites # config directory, locales -# query_passwords -set_passwords # only to be used within certain circumstances - - # see includes/query_user. - set_version_string # Writing version string for rc.local-script install_packages NOREC "$PACKAGELIST_SERVER" # Packages needed for server installable without @@ -99,8 +95,8 @@ install_packages NOREC "$PACKAGELIST_SERVER" # Packages needed for server insta install_packages RECOM "$PACKAGELIST_WITH_RECOMMENDS" # Packages where installation of recommended # packages is necessary, so opt. RECOM is set. -check_users # Meet interesting users with uid>=1000 and kill them. - # user 65534/sync will be ignored. +kill_existing_users # delete all users uid >= 1000 + add_users_groups # Adding necessary users and groups install_ipxe "$IPXEDIR" @@ -136,15 +132,10 @@ config_nfs install_system_scripts -# color prompt, aliases -patch_bashrc -# vim config -patch_vim - install_timesync # cheap HTTP based timesync on boot -# Remove translation from menu etc., enable required modules -patch_slxadmin_dir +# enable required modules +enable_slxadmin_modules # Check dir and file permissions: set_directory_permissions || perror "Setting up general directory permissions failed" @@ -155,6 +146,9 @@ set_links # Create tables, fill with predefined stuff install_slxadmin_db +# color prompt, aliases +patch_bashrc + tar -z -c -T /dev/null -f /opt/openslx/empty.tgz # Mark vmstore as not mounted @@ -169,7 +163,7 @@ end_message # This part drops a script and anchors it's execution within root's .profile # Do this at the end so it's not there if something failed -drop_firstrun_script +enable_firstrun_script finalize # Cleaning script; finalize script will delete itself. diff --git a/satellit_installer/static_files/system/etc/sudoers.d/openslx-overrides b/satellit_installer/static_files/system/etc/sudoers.d/openslx-overrides new file mode 100644 index 0000000..6123bfd --- /dev/null +++ b/satellit_installer/static_files/system/etc/sudoers.d/openslx-overrides @@ -0,0 +1 @@ +openslx ALL=(root) NOPASSWD: /usr/local/bin/netsetup diff --git a/satellit_installer/static_files/system/etc/systemd/system/firstboot.service b/satellit_installer/static_files/system/etc/systemd/system/firstboot.service index a21ad61..f19b51a 100644 --- a/satellit_installer/static_files/system/etc/systemd/system/firstboot.service +++ b/satellit_installer/static_files/system/etc/systemd/system/firstboot.service @@ -1,11 +1,12 @@ [Unit] Description=Initialization of bwLehrpool on first boot -ConditionFileIsExecutable=/root/installer/rclocal_script.sh -After=network.target mysql.service +ConditionFileIsExecutable=/opt/openslx/firstboot.sh +After=network.target mysql.service mariadb.service +Before=ssh.service lighttpd.service dmsd.service taskmanager.service [Service] Type=oneshot -ExecStart=/root/installer/rclocal_script.sh +ExecStart=/opt/openslx/firstboot.sh RemainAfterExit=yes RefuseManualStart=yes diff --git a/satellit_installer/static_files/system/root/.tmate.conf b/satellit_installer/static_files/system/etc/tmate.conf index 537f52c..537f52c 100644 --- a/satellit_installer/static_files/system/root/.tmate.conf +++ b/satellit_installer/static_files/system/etc/tmate.conf diff --git a/satellit_installer/static_files/system/etc/vim/vimrc.local b/satellit_installer/static_files/system/etc/vim/vimrc.local new file mode 100644 index 0000000..8e09d96 --- /dev/null +++ b/satellit_installer/static_files/system/etc/vim/vimrc.local @@ -0,0 +1,7 @@ +syntax on +set showmatch +set smartcase +set incsearch +set mouse= +set autoindent +set smartindent diff --git a/satellit_installer/static_files/system/opt/openslx/bashrc.inc b/satellit_installer/static_files/system/opt/openslx/bashrc.inc new file mode 100644 index 0000000..98711d4 --- /dev/null +++ b/satellit_installer/static_files/system/opt/openslx/bashrc.inc @@ -0,0 +1,13 @@ +ifname="$( ifconfig | grep -oEm1 '^e\w+' )" +slxip="$( ip -4 a show "$ifname" 2>/dev/null | grep -m1 '^\s*inet ' | awk '{print $2}' )" +[ -z "$slxip" ] && slxip="$( ip -4 a | grep '^\s*inet '| grep -vFm1 ' 127.' | awk '{print $2}' )" +slxip=${slxip%/*} +[ -z "$slxip" ] && read -r _ _ slxip _ <<<"$SSH_CONNECTION" +[ -z "$slxip" ] && slxip="noip???" +slxcol=32 +(( UID == 0 )) && slxcol=31 +PS1="\[\033[01;${slxcol}m\]\u\[\033[00m\]@\[\033[01;32m\]\h \[\033[00m\]($slxip) +\[\033[01;34m\]\w\[\033[00m\] # " +unset ifname slxip slxcol +# We always want to run this as root; sudo is a noop in case we already are. +alias tmate='sudo tmate' diff --git a/satellit_installer/static_files/system/root/installer/rclocal_script.sh b/satellit_installer/static_files/system/opt/openslx/firstboot.sh index 577a743..7ef2bfc 100755 --- a/satellit_installer/static_files/system/root/installer/rclocal_script.sh +++ b/satellit_installer/static_files/system/opt/openslx/firstboot.sh @@ -5,13 +5,13 @@ perror() { echo "[ERROR] $*" [ "$MY_PID" != "$$" ] && kill "$MY_PID" - if ! grep -q "rclocal_script.sh has thrown an error" /etc/motd; then + if ! grep -q "firstboot.sh has thrown an error" /etc/motd; then cat <<-EOF >> /etc/motd WARNING! - rclocal_script.sh has thrown an error! - Please read /root/init.log and take appropriate measures! + firstboot.sh has thrown an error! + Please read /opt/openslx/firstrun.log and take appropriate measures! This server may not work correctly! EOF @@ -20,13 +20,14 @@ perror() { } # Logfile -exec &> /root/init.log +exec &> /opt/openslx/firstrun.log echo "+++ $(basename "$0") gestartet: $(date "+%Y-%m-%d %H:%m:%S")" -[ -r "/root/installer/config" ] || perror "Installationsfehler: Keine firstrun-config gefunden!" - -source "/root/installer/config" || perror "Fehler beim Sourcen der firstrun-config." +conf="/opt/openslx/config.install" +[ -s "$conf" ] || perror "Config file $conf missing" +bash -n "$conf" || perror "Config file $conf has errors" +. "$conf" generate_password() { tr -dc _A-Za-z0-9 < /dev/urandom | head -c 16 @@ -47,7 +48,7 @@ patchfiles() { echo "+++ Lösche alte ssh-Schlüssel ..." rm -f -- /etc/ssh/ssh_host_*key* 2>/dev/null -echo "+++ Generating new ssh keys..." +echo "+++ Generating new sshd keys..." ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N "" -t rsa -q ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N "" -t dsa -q ssh-keygen -f /etc/ssh/ssh_host_ecdsa_key -N "" -t ecdsa -q @@ -82,27 +83,37 @@ echo "+++ Dienste werden aktiviert..." # Enable bwLehrpool related services for i in dmsd.service taskmanager.service; do - systemctl enable "$i" || echo "Warnung - konnte systemd-Service $i nicht aktivieren!" + systemctl enable "$i" || perror "Konnte systemd-Service $i nicht aktivieren!" systemctl --no-block start "$i" done -# Write MOTD -cat > /etc/motd <<THEREDOC - *** bwLehrpool Satelliten-Server, Version $VERSION *** - Eingerichtet am $(date) - -Wenn Sie sich als root eingeloggt haben, haben Sie nun folgende Optionen: -netsetup - Konfiguriert das Netzwerk-Interface neu (DHCP oder statisch) -reboot - System neustarten -poweroff - System herunterfahren +# root ssh key +echo "" +echo "Erzeuge SSH Schlüsselpaar für root" +echo "" -Andere Modifikationen am System sind in der Regel nicht notwendig. +KEY=~/.ssh/id_rsa +rm -f -- "$KEY" "${KEY}.pub" +ssh-keygen -q -N "" -f "$KEY" \ + || echo "Achtung: Erzeugung Schlüsselpaar $KEY fehlgeschlagen." +# Write MOTD +cat > /etc/motd <<THEREDOC +> *** bwLehrpool Satelliten-Server, Version $VERSION *** +> Eingerichtet am $(date) +> +> Wenn Sie sich als 'openslx' eingeloggt haben, haben Sie nun folgende Optionen: +> netsetup - Konfiguriert das Netzwerk-Interface neu (DHCP oder statisch) +> sudo reboot - System neustarten +> sudo poweroff - System herunterfahren +> +> Andere Modifikationen am System sind in der Regel nicht notwendig. +> THEREDOC echo "+++ Daten des Firstrun-Scripts werden aufgeräumt..." -unlink "/root/installer/config" -unlink "/root/installer/rclocal_script.sh" +unlink "/opt/openslx/firstboot.sh" +unlink "$conf" unlink "/etc/systemd/system/firstboot.service" unlink "/etc/systemd/system/multi-user.target.wants/firstboot.service" diff --git a/satellit_installer/static_files/system/opt/openslx/firstrun.sh b/satellit_installer/static_files/system/opt/openslx/firstrun.sh new file mode 100755 index 0000000..fc22959 --- /dev/null +++ b/satellit_installer/static_files/system/opt/openslx/firstrun.sh @@ -0,0 +1,52 @@ +#!/bin/bash + +cat <<-HEREDOC +> +> Willkommen zur Grundkonfiguration des bwLehrpool-Satellitenservers. +> +> Diese einmalige Konfiguration dient dazu, das Passwort des System-Users +> "openslx" zu ändern (für Terminal, SSH), sowie ggf. die +> Netzwerkkonfiguration des Servers anzupassen. +> +HEREDOC + +while ! passwd; do + echo "> Das hat nicht geklappt. Bitte noch einmal versuchen:" +done + +cat <<-SUPPE +> +> Erzeuge SSH Schlüsselpaar +> +SUPPE + +KEY=~/.ssh/id_rsa + +rm -f -- "$KEY" "${KEY}.pub" +ssh-keygen -q -N "" -f "$KEY" \ + || echo "> Achtung: Erzeugung Schlüsselpaar $KEY fehlgeschlagen." + +cat <<-HERRR +> +> Abschließend können Sie festlegen, ob der Server seine IP-Konfiguration +> per DHCP erhält, oder eine statische Konfiguration verwendet wird. +> +HERRR + +netsetup + +cat <<YONDERDOC +> +> Damit ist die Einrichtung abgeschlossen. Die weitere Konfiguration des +> bwLehrpool-Systems erfolgt über die Webschnittstelle, die über die +> IP-Addresse oder den Hostnamen des Servers erreichbar ist. +> +> Bitte geben Sie zum Abschluss noch einmal das oben neu festgelegte +> Passwort ein. Der Server wird sich daraufhin neustarten und ist +> dann betriebsbereit. +> +YONDERDOC + +unlink /opt/openslx/firstrun.sh + +sudo reboot diff --git a/satellit_installer/static_files/system/root/installer/firstrun_script.sh b/satellit_installer/static_files/system/root/installer/firstrun_script.sh deleted file mode 100755 index 343be4d..0000000 --- a/satellit_installer/static_files/system/root/installer/firstrun_script.sh +++ /dev/null @@ -1,59 +0,0 @@ -#!/bin/bash - -cat <<-HEREDOC -Willkommen zur Grundkonfiguration des bwLehrpool-Satellitenservers. - -Diese einmalige Konfiguration dient dazu, das root-Passwort des Servers -zu ändern, sowie ggf. die Netzwerkkonfiguration des Servers anzupassen. - -Aus Sicherheitsgründen ist es dringend zu empfehlen, das root-Passwort -im Produktivbetrieb zu ändern! - -HEREDOC - -ERR=1 -while [ "$ERR" -ne 0 ]; do - passwd - ERR=$? -done - -echo "Abschließend können Sie festlegen, ob der Server seine IP-Konfiguration" -echo "per DHCP erhält, oder eine statische Konfiguration verwendet wird." -/usr/local/sbin/netsetup - -cat <<SOMEWHEREDOC - -Nun fehlt nur noch das Setzen eines root-ssh-Schlüssels für tmate, -wenn noch nicht vorhanden. - -SOMEWHEREDOC - -KEY=$(awk '/^\s*IdentityFile\s+.+$/ {print $2}' /etc/ssh/ssh_config) -[ -z "$KEY" ] && KEY="/root/.ssh/id_rsa" - -if [ -f "$KEY" ]; then - echo "Schlüssel $KEY existiert bereits, keine weitere Aktion." -else - ssh-keygen -q -N "" -f "$KEY" - [ "$?" -ne 0 ] && echo "Achtung: Erzeugung Schlüsselpaar $KEY fehlgeschlagen." -fi - -cat <<YONDERDOC - -Damit ist die Einrichtung abgeschlossen. Die weitere Konfiguration des -bwLehrpool-Systems erfolgt über die Webschnittstelle, die über die -IP-Addresse oder den Hostnamen des Servers erreichbar ist. - -Bitte überprüfen Sie die Logdatei /root/init.log auf eventuelle Fehler! - -Der Server wird sich jetzt neustarten. - -YONDERDOC - -sleep 4 - -sed -i "/firstrun_script.sh/d" /root/.profile -unlink /root/installer/firstrun_script.sh -rmdir /root/installer 2>/dev/null || \ - echo "Achtung: Konnte Verzeichnis /root/installer nicht löschen - Verzeichnis nicht leer." -reboot diff --git a/satellit_installer/static_files/system/usr/local/sbin/netsetup b/satellit_installer/static_files/system/usr/local/bin/netsetup index 6616c50..a824739 100755 --- a/satellit_installer/static_files/system/usr/local/sbin/netsetup +++ b/satellit_installer/static_files/system/usr/local/bin/netsetup @@ -1,5 +1,10 @@ #!/bin/bash +if [ "$UID" != 0 ]; then + exec sudo "$0" "$@" + exit 1 +fi + DATUM=$(date +%Y%m%d_%H%M%S) INTERFACES="/etc/network/interfaces" ETHALIAS=$( ifconfig -a | grep -oEm1 '^e\w+' ) diff --git a/satellit_installer/static_files/taskmanager/opt/taskmanager/config/environment b/satellit_installer/static_files/taskmanager/opt/taskmanager/config/environment index 7de812c..ddc4681 100644 --- a/satellit_installer/static_files/taskmanager/opt/taskmanager/config/environment +++ b/satellit_installer/static_files/taskmanager/opt/taskmanager/config/environment @@ -1,6 +1,7 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin -LANG=C +LANG=C.UTF-8 LOGNAME USER LOGIN HOME +TZ diff --git a/satellit_upgrader/updater.template.sh b/satellit_upgrader/updater.template.sh index 87ecd63..8833f04 100644 --- a/satellit_upgrader/updater.template.sh +++ b/satellit_upgrader/updater.template.sh @@ -877,7 +877,8 @@ if ! which tmate &> /dev/null && (( MAJOR >= 9 )); then fi if (( MAJOR >= 11 )); then # Fingerprints now need to be SHA256, maybe an old sat got dist-upgraded and still has MD5s in that file - diffcp "system" "/root/.tmate.conf" "Updating tmate config..." + diffcp "system" "/etc/tmate.conf" "Updating tmate config..." + rm -f -- "/root/.tmate.conf" fi # ******************* make sure ssh keypair exists ********* |