summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSimon Rettberg2023-10-19 13:22:27 +0200
committerSimon Rettberg2023-10-19 13:22:27 +0200
commitf3ce2e1cbf6368a0e3bd176c59f0d0ab7cadd6c7 (patch)
tree64e31708c54461caf65710578d3fd1dc037bf266
parent[SSPS] issue: lightred for better readablity on black background (diff)
downloadsetup-scripts-f3ce2e1cbf6368a0e3bd176c59f0d0ab7cadd6c7.tar.gz
setup-scripts-f3ce2e1cbf6368a0e3bd176c59f0d0ab7cadd6c7.tar.xz
setup-scripts-f3ce2e1cbf6368a0e3bd176c59f0d0ab7cadd6c7.zip
[SSPS] Modernize; switch default user to openslx + sudo
-rw-r--r--satellit_installer/includes/00-dirs.inc27
-rw-r--r--satellit_installer/includes/00-variables.inc5
-rw-r--r--satellit_installer/includes/10-functions_mysql.inc (renamed from satellit_installer/includes/10-handle_mysql.inc)0
-rw-r--r--satellit_installer/includes/10-handle_users.inc2
-rw-r--r--satellit_installer/includes/10-password_helper.inc22
-rw-r--r--satellit_installer/includes/10-script_dropper.inc27
-rw-r--r--satellit_installer/includes/20-prerequisites.inc42
-rw-r--r--satellit_installer/includes/50-add_mysql_dbs_users.inc4
-rw-r--r--satellit_installer/includes/50-add_users_groups.inc5
-rw-r--r--satellit_installer/includes/70-write_versionstring.inc2
-rw-r--r--satellit_installer/includes/90-patch_misc_files.inc40
-rw-r--r--satellit_installer/includes/90-setup_slxadmin.inc (renamed from satellit_installer/includes/90-patch_slxadmin.inc)4
-rwxr-xr-xsatellit_installer/satellit_installer22
-rw-r--r--satellit_installer/static_files/system/etc/sudoers.d/openslx-overrides1
-rw-r--r--satellit_installer/static_files/system/etc/systemd/system/firstboot.service7
-rw-r--r--satellit_installer/static_files/system/etc/tmate.conf (renamed from satellit_installer/static_files/system/root/.tmate.conf)0
-rw-r--r--satellit_installer/static_files/system/etc/vim/vimrc.local7
-rw-r--r--satellit_installer/static_files/system/opt/openslx/bashrc.inc13
-rwxr-xr-xsatellit_installer/static_files/system/opt/openslx/firstboot.sh (renamed from satellit_installer/static_files/system/root/installer/rclocal_script.sh)53
-rwxr-xr-xsatellit_installer/static_files/system/opt/openslx/firstrun.sh52
-rwxr-xr-xsatellit_installer/static_files/system/root/installer/firstrun_script.sh59
-rwxr-xr-xsatellit_installer/static_files/system/usr/local/bin/netsetup (renamed from satellit_installer/static_files/system/usr/local/sbin/netsetup)5
-rw-r--r--satellit_installer/static_files/taskmanager/opt/taskmanager/config/environment3
-rw-r--r--satellit_upgrader/updater.template.sh3
24 files changed, 197 insertions, 208 deletions
diff --git a/satellit_installer/includes/00-dirs.inc b/satellit_installer/includes/00-dirs.inc
index cd6d383..3ad0f9a 100644
--- a/satellit_installer/includes/00-dirs.inc
+++ b/satellit_installer/includes/00-dirs.inc
@@ -1,15 +1,14 @@
-# Do not rename this file, it is copied later on by the script dropper
-export CONFIGDIR="$BASEDIR/config"
-export DMSDDIR="/opt/dmsd/"
-export DNBD3DIR="/opt/openslx/dnbd3/"
-export TASKMANDIR="/opt/taskmanager/"
-export OPENSLXDIR="/opt/openslx/"
-export OPENSLXSRVDIR="/srv/openslx/"
-export LDADPDIR="/opt/ldadp/"
-export TFTPDIR="$OPENSLXSRVDIR/tftp"
-export WWWDIR="$OPENSLXSRVDIR/www"
-export PATH_SLXADMIN="$WWWDIR/slx-admin"
-export IPXEDIR="$OPENSLXDIR/ipxe"
-export SLXADMINCACHE="/var/cache/slx-admin"
-readonly CONFIGDIR DMSDDIR DNBD3DIR TASKMANDIR OPENSLXDIR OPENSLXSRVDIR LDADPDIR SYNCDAEMONDIR TFTPDIR WWWDIR PATH_SLXADMIN
+CONFIG_FILE="/opt/openslx/config.install"
+DMSDDIR="/opt/dmsd/"
+DNBD3DIR="/opt/openslx/dnbd3/"
+TASKMANDIR="/opt/taskmanager/"
+OPENSLXDIR="/opt/openslx/"
+OPENSLXSRVDIR="/srv/openslx/"
+LDADPDIR="/opt/ldadp/"
+TFTPDIR="$OPENSLXSRVDIR/tftp"
+WWWDIR="$OPENSLXSRVDIR/www"
+SLXADMINDIR="$WWWDIR/slx-admin"
+IPXEDIR="$OPENSLXDIR/ipxe"
+SLXADMINCACHE="/var/cache/slx-admin"
+readonly CONFIG_FILE DMSDDIR DNBD3DIR TASKMANDIR OPENSLXDIR OPENSLXSRVDIR LDADPDIR SYNCDAEMONDIR TFTPDIR WWWDIR SLXADMINDIR
diff --git a/satellit_installer/includes/00-variables.inc b/satellit_installer/includes/00-variables.inc
index a826ad7..e22ed94 100644
--- a/satellit_installer/includes/00-variables.inc
+++ b/satellit_installer/includes/00-variables.inc
@@ -9,6 +9,11 @@
export DEBIAN_FRONTEND="noninteractive" # Part of keeping apt quiet
export LANG="en_US.UTF-8"
+# Default password for the openslx system user, user is forced to change this on first boot
+DEFAULT_OPENSLX_PASSWORD="aendermichsofort"
+# This will only be used to install the slx-admin db scheme and changed on first boot
+TEMP_DB_PASS="geheim"
+
### Needed Packages:
# Set list of needed packages (scripting needs) - remember, Debian-specific so far.
PACKAGELIST_SCRIPT="
diff --git a/satellit_installer/includes/10-handle_mysql.inc b/satellit_installer/includes/10-functions_mysql.inc
index 5b99719..5b99719 100644
--- a/satellit_installer/includes/10-handle_mysql.inc
+++ b/satellit_installer/includes/10-functions_mysql.inc
diff --git a/satellit_installer/includes/10-handle_users.inc b/satellit_installer/includes/10-handle_users.inc
index 9063a40..48dd148 100644
--- a/satellit_installer/includes/10-handle_users.inc
+++ b/satellit_installer/includes/10-handle_users.inc
@@ -30,7 +30,7 @@ kill_user() {
userdel -r -f $( < /etc/passwd awk -F: '$3 == 1000 {print $1}' ) || perror "# could not kill userid ${1}!"
}
-check_users() {
+kill_existing_users() {
echo "#"
echo "# Checking for users to kill with id>=1000: "
for userid in $( < /etc/passwd cut -f 3 -d ":" | sort -n ); do
diff --git a/satellit_installer/includes/10-password_helper.inc b/satellit_installer/includes/10-password_helper.inc
deleted file mode 100644
index 0f52185..0000000
--- a/satellit_installer/includes/10-password_helper.inc
+++ /dev/null
@@ -1,22 +0,0 @@
-generate_password() {
- local password="$(< /dev/urandom tr -dc A-Za-z0-9_ | head -c${1:-16};)"
- echo "$password"
-}
-
-# This routine has to be used only in conjunction with the prepare_firstrun-script, which
-# will enforce the setting of good passwords on first root login after server start.
-set_passwords() {
- echo -n "# Setting passwords..."
- OPENSLX_PASS="$(generate_password)"
- MYSQL_OPENSLX_PASS="$(generate_password)"
- MYSQL_SAT_PASS="$(generate_password)"
-
- # Keep in mind the passwords stored here will be valid only temporary,
- # as they will be changed by the dropper script.
- # If you need the permanently valid password, you will need to
- # decrypt static_files/new_passwords.encrypted.
- echo "OPENSLX_PASS=$OPENSLX_PASS" > "$CONFIGDIR"/config
- echo "MYSQL_OPENSLX_PASS=$MYSQL_OPENSLX_PASS" >> "$CONFIGDIR"/config
- echo "MYSQL_SAT_PASS=$MYSQL_SAT_PASS" >> "$CONFIGDIR"/config
- echo "ok."
-}
diff --git a/satellit_installer/includes/10-script_dropper.inc b/satellit_installer/includes/10-script_dropper.inc
index 62d1b58..a991f28 100644
--- a/satellit_installer/includes/10-script_dropper.inc
+++ b/satellit_installer/includes/10-script_dropper.inc
@@ -1,24 +1,21 @@
-patch_profile() {
- local script="/root/installer/firstrun_script.sh"
+fb_enable_firstrun() {
+ local script="/opt/openslx/firstrun.sh"
[ -x "$script" ] || perror "Firstrun script not found ($script)"
- if grep -qF "$script" /root/.profile; then
- echo "# first_run script already in root's .profile, doing nothing."
- else
- echo "# Patching root's .profile"
- echo "$script" >> /root/.profile
+ if ! grep -qF "$script" "/home/openslx/.profile"; then
+ echo "# Patching openslx's .profile"
+ echo "[ -t 0 ] && $script" >> "/home/openslx/.profile"
+ chown openslx:openslx "/home/openslx/.profile"
fi
}
-drop_script() {
- mkdir -p "/root/installer"
- # So we know all the paths and the mysql password
- cat "${BASEDIR}/includes/00-dirs.inc" "${CONFIGDIR}/config" > "/root/installer/config"
- chmod 0600 /root/installer/config
+fb_write_config() {
+ # So we know all the paths
+ declare -p DMSDDIR TASKMANDIR SLXADMINDIR VERSION >> "$CONFIG_FILE"
}
-drop_firstrun_script () {
- patch_profile
- drop_script
+enable_firstrun_script () {
+ fb_enable_firstrun
+ fb_write_config
systemctl daemon-reload
systemctl enable firstboot.service || perror "Could not enable firstboot service"
}
diff --git a/satellit_installer/includes/20-prerequisites.inc b/satellit_installer/includes/20-prerequisites.inc
index e0dc9e0..90189d8 100644
--- a/satellit_installer/includes/20-prerequisites.inc
+++ b/satellit_installer/includes/20-prerequisites.inc
@@ -1,29 +1,25 @@
prerequisites() {
- mkdir -p -m 700 "$BASEDIR"/config # No point in testing.
- mkdir -p -m 700 "$BASEDIR"/temp
+ mkdir -p -m 700 "$BASEDIR/temp"
+ mkdir -p "/opt/openslx"
- # Old debugging config file there?
- [ -f "$CONFIGDIR/config" ] && cp -p "$CONFIGDIR/config" "$CONFIGDIR/config.prerun" 2>/dev/null
+ # Enable en_US locale
+ # Already there? Do nothing
+ grep -q '^\s*en_US.UTF-8' /etc/locale.gen && return 0
+ # Try to enable
+ sed 's/^#\s*en_US.UTF-8/en_US.UTF-8/g' /etc/locale.gen
- # Let's look whether an english locale is alread active (we choose en_US.UTF-8)
- if [[ $(grep "en_US.UTF-8" /etc/locale.gen|cut -f 1 -d " ") == "#" ]]; then
- echo -n "# Generating an english UTF-8 based locale (this may take some time)..."
- # Backing up never hurts:
- cp -p /etc/locale.gen /etc/locale.gen.orig
- # Now patch the localization file:
- sed -i 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/g' /etc/locale.gen
- dpkg-reconfigure locales 2>/dev/null 1>&2
- if [ "$ERR" -ne 0 ]; then
- echo
- echo "# WARNING: Could not reconfigure locales. This is annoying, as"
- echo "# it will yield some mixed languages, perhaps."
- echo "# Please make sure thy system has an UTF-8 based"
- echo "# character set."
- else
- echo " ok."
- fi
+ if ! grep -q '^\s*en_US.UTF-8' /etc/locale.gen; then
+ # Still not there, add
+ echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen
+ fi
- else
- echo "# English locale detected; all is well."
+ # Regenerate
+ dpkg-reconfigure locales
+ if [ "$?" -ne 0 ]; then
+ echo "#"
+ echo "# WARNING: Could not reconfigure locales. This is annoying, as"
+ echo "# it will yield some mixed languages, perhaps."
+ echo "# Please make sure thy system has an UTF-8 based"
+ echo "# character set."
fi
}
diff --git a/satellit_installer/includes/50-add_mysql_dbs_users.inc b/satellit_installer/includes/50-add_mysql_dbs_users.inc
index 755e1b3..fccba99 100644
--- a/satellit_installer/includes/50-add_mysql_dbs_users.inc
+++ b/satellit_installer/includes/50-add_mysql_dbs_users.inc
@@ -4,8 +4,8 @@ add_mysql_dbs_users() {
mysql_add_db sat
# $1=user, $2=database, $3=privileges, $4=password
- mysql_add_user sat sat "DELETE, INSERT, SELECT, UPDATE, ALTER, CREATE, DROP" "$MYSQL_SAT_PASS"
- mysql_add_user openslx openslx ALL "$MYSQL_OPENSLX_PASS"
+ mysql_add_user sat sat "DELETE, INSERT, SELECT, UPDATE, ALTER, CREATE, DROP" "$RANDOM"
+ mysql_add_user openslx openslx "ALL" "$TEMP_DB_PASS"
# $1=user, $2=database, $3=privileges
mysql_add_privs "openslx" "sat.*" "ALL"
mysql_add_privs "sat" "openslx.location" "SELECT, CREATE"
diff --git a/satellit_installer/includes/50-add_users_groups.inc b/satellit_installer/includes/50-add_users_groups.inc
index 840362a..e6f92f1 100644
--- a/satellit_installer/includes/50-add_users_groups.inc
+++ b/satellit_installer/includes/50-add_users_groups.inc
@@ -15,4 +15,9 @@ add_users_groups() {
add_user_nohome dnbd3 10002 10002
adduser www-data adm # So the webif can read /var/log stuff
adduser dnbd3 images # Put dnbd3 user into images group so it can write the NFS share
+ adduser openslx sudo # openslx is the main user, as we disallow ssh login as root
+
+ echo "# disable root login, set default password for openslx"
+ usermod -p "*" root
+ echo "openslx:$DEFAULT_OPENSLX_PASSWORD" | chpasswd
}
diff --git a/satellit_installer/includes/70-write_versionstring.inc b/satellit_installer/includes/70-write_versionstring.inc
index 397df2f..eb359c4 100644
--- a/satellit_installer/includes/70-write_versionstring.inc
+++ b/satellit_installer/includes/70-write_versionstring.inc
@@ -3,5 +3,5 @@ write_versionstring() {
# is just the date of script run time
VERS=$(date +%Y%j%H)
- echo "$VERS" > "${PATH_SLXADMIN}/version"
+ echo "$VERS" > "${SLXADMINDIR}/version"
}
diff --git a/satellit_installer/includes/90-patch_misc_files.inc b/satellit_installer/includes/90-patch_misc_files.inc
index 45c220f..90b00da 100644
--- a/satellit_installer/includes/90-patch_misc_files.inc
+++ b/satellit_installer/includes/90-patch_misc_files.inc
@@ -3,29 +3,17 @@ patch_bashrc() {
echo "# As one of the last things here we will set a new prompt to distinguish"
echo "# the bwLehrpool satellite server from other servers. To accomplish this"
echo "# we will set a very classy prompt. This will take effect at next root login."
- local ifname=$( ifconfig | grep -oEm1 '^e\w+' )
- echo "# Setting prompt..."
- if grep -q '^IP=' /root/.bashrc; then
- echo "...already done."
- else
- sed "s/%ifname%/$ifname/g" >> /root/.bashrc <<-"ENDO"
- IP=$( ip -4 a show "%ifname%" 2>/dev/null | grep '^\s*inet\s' | awk -F ' ' '{print $2}' )
- [ -z "$IP" ] && IP=$(ip -4 a | grep '^\s*inet\s'| grep -v '127.0.0' | head -n 1 | awk -F ' ' '{print $2}')
- IP=${IP%/*}
- [ -z "$IP" ] && IP="noip???"
- PS1="\[\033[01;31m\]\u\[\033[00m\]@\[\033[01;32m\]\h \[\033[00m\]($IP)
- \[\033[01;34m\]\w\[\033[00m\] # "
- ENDO
- fi
- # aliases, dircolors
- sed -i -r 's/# *(alias|export LS|eval ")/\1/' /root/.bashrc
-}
-
-patch_vim() {
- sed -i -r 's/" *(syntax|set showmatch|set smartcase|set incsearch)/\1/' /etc/vim/vimrc
- echo "set autoindent" >> /etc/vim/vimrc
- echo "set smartindent" >> /etc/vim/vimrc
+ for f in /root/ /home/*/; do
+ [ -d "$f" ] || continue # Not dir
+ f="$f/.bashrc"
+ [ -f "$f" ] || cp /etc/skel/.bashrc "$f" # Make sure default exists
+ grep -qF '/opt/openslx/bashrc.inc' "$f" && continue # Already patched
+ # This include will set our two-line prompt including the IP address
+ echo ". /opt/openslx/bashrc.inc" >> "$f"
+ # enable aliases, dircolors
+ sed -i -r 's/^(\s*)#\s*(alias|export LS|export GCC|eval )/\1\2/' "$f"
+ done
}
patch_ldapsearch() {
@@ -37,11 +25,5 @@ patch_ldapsearch() {
patch_java() {
# Fix svg renderer:
# java.awt.AWTError: Assistive Technology not found: org.GNOME.Accessibility.AtkWrapper
- sed -i -e '/^assistive_technologies=/s/^/#/' /etc/java-*-openjdk/accessibility.properties &> /dev/null
-}
-
-set_version_string() {
- echo -n "# Setting version string..."
- echo 'VERSION="'$VERSION'"' >> "$CONFIGDIR"/config
- echo "ok."
+ sed -i -e '/^assistive_technologies=/s/^/#/' /etc/java-*/accessibility.properties &> /dev/null
}
diff --git a/satellit_installer/includes/90-patch_slxadmin.inc b/satellit_installer/includes/90-setup_slxadmin.inc
index 69afbcb..0220bdc 100644
--- a/satellit_installer/includes/90-patch_slxadmin.inc
+++ b/satellit_installer/includes/90-setup_slxadmin.inc
@@ -1,5 +1,5 @@
# Prepare files and symlinks in slx-admin www dir
-patch_slxadmin_dir () {
+enable_slxadmin_modules () {
# Create modules directory and link modules from modules-available according to slxadmin module list (SLXADMIN_MODULES):
mkdir -p "$WWWDIR/slx-admin/modules"
cd "$WWWDIR/slx-admin/modules" || perror "Cannot cd to slxadmin/modules"
@@ -14,7 +14,7 @@ patch_slxadmin_dir () {
install_slxadmin_db () {
# Prepare temporary config
install_files "slxadmin"
- sed -i "s/%MYSQL_OPENSLX_PASS%/${MYSQL_OPENSLX_PASS}/" "$WWWDIR/slx-admin/config.php" || perror "Could not write temporary DB password to config.php"
+ sed -i "s/%MYSQL_OPENSLX_PASS%/${TEMP_DB_PASS}/" "$WWWDIR/slx-admin/config.php" || perror "Could not write temporary DB password to config.php"
# Install slx-admin DB
cd "$WWWDIR/slx-admin" || perror "Cannot cd to $WWWDIR"
echo "# Installing slx-admin database"
diff --git a/satellit_installer/satellit_installer b/satellit_installer/satellit_installer
index 8d3fde9..2a29cf4 100755
--- a/satellit_installer/satellit_installer
+++ b/satellit_installer/satellit_installer
@@ -88,10 +88,6 @@ uninstall_packages mpt-status
prerequisites # config directory, locales
-# query_passwords
-set_passwords # only to be used within certain circumstances -
- # see includes/query_user.
-
set_version_string # Writing version string for rc.local-script
install_packages NOREC "$PACKAGELIST_SERVER" # Packages needed for server installable without
@@ -99,8 +95,8 @@ install_packages NOREC "$PACKAGELIST_SERVER" # Packages needed for server insta
install_packages RECOM "$PACKAGELIST_WITH_RECOMMENDS" # Packages where installation of recommended
# packages is necessary, so opt. RECOM is set.
-check_users # Meet interesting users with uid>=1000 and kill them.
- # user 65534/sync will be ignored.
+kill_existing_users # delete all users uid >= 1000
+
add_users_groups # Adding necessary users and groups
install_ipxe "$IPXEDIR"
@@ -136,15 +132,10 @@ config_nfs
install_system_scripts
-# color prompt, aliases
-patch_bashrc
-# vim config
-patch_vim
-
install_timesync # cheap HTTP based timesync on boot
-# Remove translation from menu etc., enable required modules
-patch_slxadmin_dir
+# enable required modules
+enable_slxadmin_modules
# Check dir and file permissions:
set_directory_permissions || perror "Setting up general directory permissions failed"
@@ -155,6 +146,9 @@ set_links
# Create tables, fill with predefined stuff
install_slxadmin_db
+# color prompt, aliases
+patch_bashrc
+
tar -z -c -T /dev/null -f /opt/openslx/empty.tgz
# Mark vmstore as not mounted
@@ -169,7 +163,7 @@ end_message
# This part drops a script and anchors it's execution within root's .profile
# Do this at the end so it's not there if something failed
-drop_firstrun_script
+enable_firstrun_script
finalize # Cleaning script; finalize script will delete itself.
diff --git a/satellit_installer/static_files/system/etc/sudoers.d/openslx-overrides b/satellit_installer/static_files/system/etc/sudoers.d/openslx-overrides
new file mode 100644
index 0000000..6123bfd
--- /dev/null
+++ b/satellit_installer/static_files/system/etc/sudoers.d/openslx-overrides
@@ -0,0 +1 @@
+openslx ALL=(root) NOPASSWD: /usr/local/bin/netsetup
diff --git a/satellit_installer/static_files/system/etc/systemd/system/firstboot.service b/satellit_installer/static_files/system/etc/systemd/system/firstboot.service
index a21ad61..f19b51a 100644
--- a/satellit_installer/static_files/system/etc/systemd/system/firstboot.service
+++ b/satellit_installer/static_files/system/etc/systemd/system/firstboot.service
@@ -1,11 +1,12 @@
[Unit]
Description=Initialization of bwLehrpool on first boot
-ConditionFileIsExecutable=/root/installer/rclocal_script.sh
-After=network.target mysql.service
+ConditionFileIsExecutable=/opt/openslx/firstboot.sh
+After=network.target mysql.service mariadb.service
+Before=ssh.service lighttpd.service dmsd.service taskmanager.service
[Service]
Type=oneshot
-ExecStart=/root/installer/rclocal_script.sh
+ExecStart=/opt/openslx/firstboot.sh
RemainAfterExit=yes
RefuseManualStart=yes
diff --git a/satellit_installer/static_files/system/root/.tmate.conf b/satellit_installer/static_files/system/etc/tmate.conf
index 537f52c..537f52c 100644
--- a/satellit_installer/static_files/system/root/.tmate.conf
+++ b/satellit_installer/static_files/system/etc/tmate.conf
diff --git a/satellit_installer/static_files/system/etc/vim/vimrc.local b/satellit_installer/static_files/system/etc/vim/vimrc.local
new file mode 100644
index 0000000..8e09d96
--- /dev/null
+++ b/satellit_installer/static_files/system/etc/vim/vimrc.local
@@ -0,0 +1,7 @@
+syntax on
+set showmatch
+set smartcase
+set incsearch
+set mouse=
+set autoindent
+set smartindent
diff --git a/satellit_installer/static_files/system/opt/openslx/bashrc.inc b/satellit_installer/static_files/system/opt/openslx/bashrc.inc
new file mode 100644
index 0000000..98711d4
--- /dev/null
+++ b/satellit_installer/static_files/system/opt/openslx/bashrc.inc
@@ -0,0 +1,13 @@
+ifname="$( ifconfig | grep -oEm1 '^e\w+' )"
+slxip="$( ip -4 a show "$ifname" 2>/dev/null | grep -m1 '^\s*inet ' | awk '{print $2}' )"
+[ -z "$slxip" ] && slxip="$( ip -4 a | grep '^\s*inet '| grep -vFm1 ' 127.' | awk '{print $2}' )"
+slxip=${slxip%/*}
+[ -z "$slxip" ] && read -r _ _ slxip _ <<<"$SSH_CONNECTION"
+[ -z "$slxip" ] && slxip="noip???"
+slxcol=32
+(( UID == 0 )) && slxcol=31
+PS1="\[\033[01;${slxcol}m\]\u\[\033[00m\]@\[\033[01;32m\]\h \[\033[00m\]($slxip)
+\[\033[01;34m\]\w\[\033[00m\] # "
+unset ifname slxip slxcol
+# We always want to run this as root; sudo is a noop in case we already are.
+alias tmate='sudo tmate'
diff --git a/satellit_installer/static_files/system/root/installer/rclocal_script.sh b/satellit_installer/static_files/system/opt/openslx/firstboot.sh
index 577a743..7ef2bfc 100755
--- a/satellit_installer/static_files/system/root/installer/rclocal_script.sh
+++ b/satellit_installer/static_files/system/opt/openslx/firstboot.sh
@@ -5,13 +5,13 @@ perror() {
echo "[ERROR] $*"
[ "$MY_PID" != "$$" ] && kill "$MY_PID"
- if ! grep -q "rclocal_script.sh has thrown an error" /etc/motd; then
+ if ! grep -q "firstboot.sh has thrown an error" /etc/motd; then
cat <<-EOF >> /etc/motd
WARNING!
- rclocal_script.sh has thrown an error!
- Please read /root/init.log and take appropriate measures!
+ firstboot.sh has thrown an error!
+ Please read /opt/openslx/firstrun.log and take appropriate measures!
This server may not work correctly!
EOF
@@ -20,13 +20,14 @@ perror() {
}
# Logfile
-exec &> /root/init.log
+exec &> /opt/openslx/firstrun.log
echo "+++ $(basename "$0") gestartet: $(date "+%Y-%m-%d %H:%m:%S")"
-[ -r "/root/installer/config" ] || perror "Installationsfehler: Keine firstrun-config gefunden!"
-
-source "/root/installer/config" || perror "Fehler beim Sourcen der firstrun-config."
+conf="/opt/openslx/config.install"
+[ -s "$conf" ] || perror "Config file $conf missing"
+bash -n "$conf" || perror "Config file $conf has errors"
+. "$conf"
generate_password() {
tr -dc _A-Za-z0-9 < /dev/urandom | head -c 16
@@ -47,7 +48,7 @@ patchfiles() {
echo "+++ Lösche alte ssh-Schlüssel ..."
rm -f -- /etc/ssh/ssh_host_*key* 2>/dev/null
-echo "+++ Generating new ssh keys..."
+echo "+++ Generating new sshd keys..."
ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N "" -t rsa -q
ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N "" -t dsa -q
ssh-keygen -f /etc/ssh/ssh_host_ecdsa_key -N "" -t ecdsa -q
@@ -82,27 +83,37 @@ echo "+++ Dienste werden aktiviert..."
# Enable bwLehrpool related services
for i in dmsd.service taskmanager.service; do
- systemctl enable "$i" || echo "Warnung - konnte systemd-Service $i nicht aktivieren!"
+ systemctl enable "$i" || perror "Konnte systemd-Service $i nicht aktivieren!"
systemctl --no-block start "$i"
done
-# Write MOTD
-cat > /etc/motd <<THEREDOC
- *** bwLehrpool Satelliten-Server, Version $VERSION ***
- Eingerichtet am $(date)
-
-Wenn Sie sich als root eingeloggt haben, haben Sie nun folgende Optionen:
-netsetup - Konfiguriert das Netzwerk-Interface neu (DHCP oder statisch)
-reboot - System neustarten
-poweroff - System herunterfahren
+# root ssh key
+echo ""
+echo "Erzeuge SSH Schlüsselpaar für root"
+echo ""
-Andere Modifikationen am System sind in der Regel nicht notwendig.
+KEY=~/.ssh/id_rsa
+rm -f -- "$KEY" "${KEY}.pub"
+ssh-keygen -q -N "" -f "$KEY" \
+ || echo "Achtung: Erzeugung Schlüsselpaar $KEY fehlgeschlagen."
+# Write MOTD
+cat > /etc/motd <<THEREDOC
+> *** bwLehrpool Satelliten-Server, Version $VERSION ***
+> Eingerichtet am $(date)
+>
+> Wenn Sie sich als 'openslx' eingeloggt haben, haben Sie nun folgende Optionen:
+> netsetup - Konfiguriert das Netzwerk-Interface neu (DHCP oder statisch)
+> sudo reboot - System neustarten
+> sudo poweroff - System herunterfahren
+>
+> Andere Modifikationen am System sind in der Regel nicht notwendig.
+>
THEREDOC
echo "+++ Daten des Firstrun-Scripts werden aufgeräumt..."
-unlink "/root/installer/config"
-unlink "/root/installer/rclocal_script.sh"
+unlink "/opt/openslx/firstboot.sh"
+unlink "$conf"
unlink "/etc/systemd/system/firstboot.service"
unlink "/etc/systemd/system/multi-user.target.wants/firstboot.service"
diff --git a/satellit_installer/static_files/system/opt/openslx/firstrun.sh b/satellit_installer/static_files/system/opt/openslx/firstrun.sh
new file mode 100755
index 0000000..fc22959
--- /dev/null
+++ b/satellit_installer/static_files/system/opt/openslx/firstrun.sh
@@ -0,0 +1,52 @@
+#!/bin/bash
+
+cat <<-HEREDOC
+>
+> Willkommen zur Grundkonfiguration des bwLehrpool-Satellitenservers.
+>
+> Diese einmalige Konfiguration dient dazu, das Passwort des System-Users
+> "openslx" zu ändern (für Terminal, SSH), sowie ggf. die
+> Netzwerkkonfiguration des Servers anzupassen.
+>
+HEREDOC
+
+while ! passwd; do
+ echo "> Das hat nicht geklappt. Bitte noch einmal versuchen:"
+done
+
+cat <<-SUPPE
+>
+> Erzeuge SSH Schlüsselpaar
+>
+SUPPE
+
+KEY=~/.ssh/id_rsa
+
+rm -f -- "$KEY" "${KEY}.pub"
+ssh-keygen -q -N "" -f "$KEY" \
+ || echo "> Achtung: Erzeugung Schlüsselpaar $KEY fehlgeschlagen."
+
+cat <<-HERRR
+>
+> Abschließend können Sie festlegen, ob der Server seine IP-Konfiguration
+> per DHCP erhält, oder eine statische Konfiguration verwendet wird.
+>
+HERRR
+
+netsetup
+
+cat <<YONDERDOC
+>
+> Damit ist die Einrichtung abgeschlossen. Die weitere Konfiguration des
+> bwLehrpool-Systems erfolgt über die Webschnittstelle, die über die
+> IP-Addresse oder den Hostnamen des Servers erreichbar ist.
+>
+> Bitte geben Sie zum Abschluss noch einmal das oben neu festgelegte
+> Passwort ein. Der Server wird sich daraufhin neustarten und ist
+> dann betriebsbereit.
+>
+YONDERDOC
+
+unlink /opt/openslx/firstrun.sh
+
+sudo reboot
diff --git a/satellit_installer/static_files/system/root/installer/firstrun_script.sh b/satellit_installer/static_files/system/root/installer/firstrun_script.sh
deleted file mode 100755
index 343be4d..0000000
--- a/satellit_installer/static_files/system/root/installer/firstrun_script.sh
+++ /dev/null
@@ -1,59 +0,0 @@
-#!/bin/bash
-
-cat <<-HEREDOC
-Willkommen zur Grundkonfiguration des bwLehrpool-Satellitenservers.
-
-Diese einmalige Konfiguration dient dazu, das root-Passwort des Servers
-zu ändern, sowie ggf. die Netzwerkkonfiguration des Servers anzupassen.
-
-Aus Sicherheitsgründen ist es dringend zu empfehlen, das root-Passwort
-im Produktivbetrieb zu ändern!
-
-HEREDOC
-
-ERR=1
-while [ "$ERR" -ne 0 ]; do
- passwd
- ERR=$?
-done
-
-echo "Abschließend können Sie festlegen, ob der Server seine IP-Konfiguration"
-echo "per DHCP erhält, oder eine statische Konfiguration verwendet wird."
-/usr/local/sbin/netsetup
-
-cat <<SOMEWHEREDOC
-
-Nun fehlt nur noch das Setzen eines root-ssh-Schlüssels für tmate,
-wenn noch nicht vorhanden.
-
-SOMEWHEREDOC
-
-KEY=$(awk '/^\s*IdentityFile\s+.+$/ {print $2}' /etc/ssh/ssh_config)
-[ -z "$KEY" ] && KEY="/root/.ssh/id_rsa"
-
-if [ -f "$KEY" ]; then
- echo "Schlüssel $KEY existiert bereits, keine weitere Aktion."
-else
- ssh-keygen -q -N "" -f "$KEY"
- [ "$?" -ne 0 ] && echo "Achtung: Erzeugung Schlüsselpaar $KEY fehlgeschlagen."
-fi
-
-cat <<YONDERDOC
-
-Damit ist die Einrichtung abgeschlossen. Die weitere Konfiguration des
-bwLehrpool-Systems erfolgt über die Webschnittstelle, die über die
-IP-Addresse oder den Hostnamen des Servers erreichbar ist.
-
-Bitte überprüfen Sie die Logdatei /root/init.log auf eventuelle Fehler!
-
-Der Server wird sich jetzt neustarten.
-
-YONDERDOC
-
-sleep 4
-
-sed -i "/firstrun_script.sh/d" /root/.profile
-unlink /root/installer/firstrun_script.sh
-rmdir /root/installer 2>/dev/null || \
- echo "Achtung: Konnte Verzeichnis /root/installer nicht löschen - Verzeichnis nicht leer."
-reboot
diff --git a/satellit_installer/static_files/system/usr/local/sbin/netsetup b/satellit_installer/static_files/system/usr/local/bin/netsetup
index 6616c50..a824739 100755
--- a/satellit_installer/static_files/system/usr/local/sbin/netsetup
+++ b/satellit_installer/static_files/system/usr/local/bin/netsetup
@@ -1,5 +1,10 @@
#!/bin/bash
+if [ "$UID" != 0 ]; then
+ exec sudo "$0" "$@"
+ exit 1
+fi
+
DATUM=$(date +%Y%m%d_%H%M%S)
INTERFACES="/etc/network/interfaces"
ETHALIAS=$( ifconfig -a | grep -oEm1 '^e\w+' )
diff --git a/satellit_installer/static_files/taskmanager/opt/taskmanager/config/environment b/satellit_installer/static_files/taskmanager/opt/taskmanager/config/environment
index 7de812c..ddc4681 100644
--- a/satellit_installer/static_files/taskmanager/opt/taskmanager/config/environment
+++ b/satellit_installer/static_files/taskmanager/opt/taskmanager/config/environment
@@ -1,6 +1,7 @@
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
-LANG=C
+LANG=C.UTF-8
LOGNAME
USER
LOGIN
HOME
+TZ
diff --git a/satellit_upgrader/updater.template.sh b/satellit_upgrader/updater.template.sh
index 87ecd63..8833f04 100644
--- a/satellit_upgrader/updater.template.sh
+++ b/satellit_upgrader/updater.template.sh
@@ -877,7 +877,8 @@ if ! which tmate &> /dev/null && (( MAJOR >= 9 )); then
fi
if (( MAJOR >= 11 )); then
# Fingerprints now need to be SHA256, maybe an old sat got dist-upgraded and still has MD5s in that file
- diffcp "system" "/root/.tmate.conf" "Updating tmate config..."
+ diffcp "system" "/etc/tmate.conf" "Updating tmate config..."
+ rm -f -- "/root/.tmate.conf"
fi
# ******************* make sure ssh keypair exists *********