diff options
Diffstat (limited to 'satellit_installer/static_files/system-base/opt/openslx/firstboot.sh')
| -rwxr-xr-x | satellit_installer/static_files/system-base/opt/openslx/firstboot.sh | 136 |
1 files changed, 136 insertions, 0 deletions
diff --git a/satellit_installer/static_files/system-base/opt/openslx/firstboot.sh b/satellit_installer/static_files/system-base/opt/openslx/firstboot.sh new file mode 100755 index 0000000..fe75c1d --- /dev/null +++ b/satellit_installer/static_files/system-base/opt/openslx/firstboot.sh @@ -0,0 +1,136 @@ +#!/bin/bash + +MY_PID=$$ +conf="/opt/openslx/config.install" + +# Logfile +exec &>> /opt/openslx/firstboot.log + +perror() { + echo "[ERROR] $*" + [ "$MY_PID" != "$$" ] && kill "$MY_PID" + + if ! grep -q "firstboot.sh has thrown an error" /etc/motd; then + cat <<-EOF >> /etc/motd + + WARNING! + + firstboot.sh has thrown an error! + Please read /opt/openslx/firstboot.log and take appropriate measures! + This server may not work correctly! + + EOF + fi + exit 5 +} + +if ! [ -e "$conf" ]; then + # First time this script runs, it will delete the config at the end; this + # means this has to be the second bootup, after the user finished the + # firstrun.sh script on first login as "bwlp". + # Completely delete the script now, and also firstrun.sh + unlink "/opt/openslx/firstrun.sh" + unlink "/opt/openslx/firstboot.sh" + unlink "/etc/systemd/system/firstboot.service" + unlink "/etc/systemd/system/multi-user.target.wants/firstboot.service" + # Only now enable the web interface, so the user cannot login via browser + # before finishing the firstrun.sh script via ssh/tty login + systemctl enable lighttpd.service || perror "Konnte systemd-Service lighttpd nicht aktivieren!" + systemctl --no-block start lighttpd.service + # Also activate our issue that hints at the webif URL + mv /etc/issue.disabled /etc/issue + exit 0 +fi + +echo "+++ $(basename "$0") gestartet: $(date "+%Y-%m-%d %H:%m:%S")" + +[ -s "$conf" ] || perror "Config file $conf missing" +bash -n "$conf" || perror "Config file $conf has errors" +. "$conf" + +generate_password() { + tr -dc _A-Za-z0-9 < /dev/urandom 2> /dev/null | head -c 16 +} + +patchfiles() { + # <find> <replace> <file1> <file2> ... <fileN> + # Warning: does not escape! + local FIND="$1" + local REPLACE="$2" + shift 2 + while [ $# -gt 0 ]; do + sed -i "s/${FIND}/${REPLACE}/g" "$1" + shift + done +} + +echo "+++ Lösche alte ssh-Schlüssel ..." +rm -f -- /etc/ssh/ssh_host_*key* 2>/dev/null + +echo "+++ Generating new sshd keys..." +ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N "" -t rsa -q +ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N "" -t dsa -q +ssh-keygen -f /etc/ssh/ssh_host_ecdsa_key -N "" -t ecdsa -q +ssh-keygen -f /etc/ssh/ssh_host_ed25519_key -N "" -t ed25519 -q + +echo "+++ Generiere intern genutzte Passwörter (z.B. MySQL-Zugänge) neu ..." +umask 0077 + +MYSQL_SAT_NEW=$(generate_password) +[ -z "$MYSQL_SAT_NEW" ] && perror "Error generating mysql password for dmsd" +echo "SET PASSWORD FOR 'sat'@'localhost' = PASSWORD('$MYSQL_SAT_NEW');" | mysql -u root || perror "Neusetzen des sat-MySQL-Passworts fehlgeschlagen." + +MYSQL_OPENSLX_NEW=$(generate_password) +[ -z "$MYSQL_OPENSLX_NEW" ] && perror "Error generating mysql password for openslx" +echo "SET PASSWORD FOR 'openslx'@'localhost' = PASSWORD('$MYSQL_OPENSLX_NEW');" | mysql -u root || perror "Neusetzen des openslx-MySQL-Passworts fehlgeschlagen." + +echo "+++ Konfigurationsdateien werden aktualisiert..." + +# sat mysql pass +# Patch dmsd +patchfiles "%MYSQL_SAT_PASS%" "$MYSQL_SAT_NEW" "$DMSDDIR/config.properties" + +# openslx mysql pass +# Patching openslx-mysql-userpass into slx-admin config: +patchfiles "%MYSQL_OPENSLX_PASS%" "$MYSQL_OPENSLX_NEW" "$SLXADMINDIR/config.php" + +# taskmanager password +TASKMANAGER_PASS=$(generate_password) +patchfiles "%TM_OPENSLX_PASS%" "$TASKMANAGER_PASS" "$SLXADMINDIR/config.php" "$TASKMANDIR/config/config" + +echo "+++ Dienste werden aktiviert..." + +# Enable bwLehrpool related services +for i in dmsd.service taskmanager.service; do + systemctl enable "$i" || perror "Konnte systemd-Service $i nicht aktivieren!" + systemctl --no-block start "$i" +done + +# root ssh key +echo "" +echo "Erzeuge SSH Schlüsselpaar für root" +echo "" + +KEY=~/.ssh/id_rsa +rm -f -- "$KEY" "${KEY}.pub" +ssh-keygen -q -N "" -f "$KEY" \ + || echo "Achtung: Erzeugung Schlüsselpaar $KEY fehlgeschlagen." + +# Write MOTD +cat > /etc/motd <<THEREDOC +> *** bwLehrpool Satellitenserver, Version $VERSION *** +> Eingerichtet am $(date) +> +> Wenn Sie sich als 'bwlp' eingeloggt haben, haben Sie nun folgende Optionen: +> netsetup - Konfiguriert das Netzwerk-Interface neu (DHCP oder statisch) +> sudo reboot - System neustarten +> sudo poweroff - System herunterfahren +> +> Andere Modifikationen am System sind in der Regel nicht notwendig. +> +THEREDOC + +echo "+++ Daten des Firstrun-Scripts werden aufgeräumt..." +unlink "$conf" + +exit 0 |