From 6512e211c44832fae7d04684ac1820c0c28c8d0a Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Tue, 30 Apr 2024 14:26:10 +0200 Subject: [SS?S] Split static_files/system into base and updates base is considered static, i.e. only copied once when *installing* a server, because they are config files the user/admin is expected to edit, or because they have to match the specific Debian release the installed server is based on, and thus should not - or only selectively - be replaced by the satellite updater. In other words, the system-updates module should be save to be copied over a running satellite server on update via "install_files", while files from system-base will only be updated selectively, if at all. --- satellit_installer/includes/50-copyscripts.inc | 3 +- .../system-base/etc/apt/apt.conf.d/99update-config | 27 +++ .../static_files/system-base/etc/issue | 7 + .../static_files/system-base/etc/issue.disabled | 9 + .../system-base/etc/mysql/conf.d/99-openslx.cnf | 7 + .../etc/systemd/system/firstboot.service | 14 ++ .../static_files/system-base/etc/tmux.conf | 5 + .../static_files/system-base/etc/vim/vimrc.local | 10 + .../system-base/opt/openslx/bashrc.inc | 17 ++ .../system-base/opt/openslx/firstboot.sh | 136 ++++++++++++++ .../system-base/opt/openslx/firstrun.sh | 99 ++++++++++ .../system-base/usr/local/bin/finalize | 21 +++ .../system-base/usr/local/bin/netsetup | 205 +++++++++++++++++++++ .../system-updates/etc/cron.daily/tmpdelete.sh | 9 + .../static_files/system-updates/etc/locale.conf | 1 + .../system-updates/etc/sudoers.d/openslx-overrides | 1 + .../etc/systemd/journald.conf.d/slx-overrides.conf | 6 + .../etc/systemd/system.conf.d/10-openslx.conf | 3 + .../system-updates/usr/local/bin/slxlog | 6 + .../system-updates/usr/local/sbin/slx-wait-online | 15 ++ .../system/etc/apt/apt.conf.d/99update-config | 27 --- .../system/etc/cron.daily/tmpdelete.sh | 9 - satellit_installer/static_files/system/etc/issue | 7 - .../static_files/system/etc/issue.disabled | 9 - .../static_files/system/etc/locale.conf | 1 - .../system/etc/mysql/conf.d/99-openslx.cnf | 7 - .../system/etc/sudoers.d/openslx-overrides | 1 - .../etc/systemd/journald.conf.d/slx-overrides.conf | 6 - .../etc/systemd/system.conf.d/10-openslx.conf | 3 - .../system/etc/systemd/system/firstboot.service | 14 -- .../static_files/system/etc/tmux.conf | 5 - .../static_files/system/etc/vim/vimrc.local | 10 - .../static_files/system/opt/openslx/bashrc.inc | 17 -- .../static_files/system/opt/openslx/firstboot.sh | 136 -------------- .../static_files/system/opt/openslx/firstrun.sh | 99 ---------- .../static_files/system/usr/local/bin/finalize | 21 --- .../static_files/system/usr/local/bin/netsetup | 205 --------------------- .../static_files/system/usr/local/bin/slxlog | 6 - .../system/usr/local/sbin/slx-wait-online | 15 -- satellit_upgrader/updater.template.sh | 13 +- 40 files changed, 604 insertions(+), 608 deletions(-) create mode 100644 satellit_installer/static_files/system-base/etc/apt/apt.conf.d/99update-config create mode 100644 satellit_installer/static_files/system-base/etc/issue create mode 100644 satellit_installer/static_files/system-base/etc/issue.disabled create mode 100644 satellit_installer/static_files/system-base/etc/mysql/conf.d/99-openslx.cnf create mode 100644 satellit_installer/static_files/system-base/etc/systemd/system/firstboot.service create mode 100644 satellit_installer/static_files/system-base/etc/tmux.conf create mode 100644 satellit_installer/static_files/system-base/etc/vim/vimrc.local create mode 100644 satellit_installer/static_files/system-base/opt/openslx/bashrc.inc create mode 100755 satellit_installer/static_files/system-base/opt/openslx/firstboot.sh create mode 100755 satellit_installer/static_files/system-base/opt/openslx/firstrun.sh create mode 100755 satellit_installer/static_files/system-base/usr/local/bin/finalize create mode 100755 satellit_installer/static_files/system-base/usr/local/bin/netsetup create mode 100755 satellit_installer/static_files/system-updates/etc/cron.daily/tmpdelete.sh create mode 100644 satellit_installer/static_files/system-updates/etc/locale.conf create mode 100644 satellit_installer/static_files/system-updates/etc/sudoers.d/openslx-overrides create mode 100644 satellit_installer/static_files/system-updates/etc/systemd/journald.conf.d/slx-overrides.conf create mode 100644 satellit_installer/static_files/system-updates/etc/systemd/system.conf.d/10-openslx.conf create mode 100755 satellit_installer/static_files/system-updates/usr/local/bin/slxlog create mode 100755 satellit_installer/static_files/system-updates/usr/local/sbin/slx-wait-online delete mode 100644 satellit_installer/static_files/system/etc/apt/apt.conf.d/99update-config delete mode 100755 satellit_installer/static_files/system/etc/cron.daily/tmpdelete.sh delete mode 100644 satellit_installer/static_files/system/etc/issue delete mode 100644 satellit_installer/static_files/system/etc/issue.disabled delete mode 100644 satellit_installer/static_files/system/etc/locale.conf delete mode 100644 satellit_installer/static_files/system/etc/mysql/conf.d/99-openslx.cnf delete mode 100644 satellit_installer/static_files/system/etc/sudoers.d/openslx-overrides delete mode 100644 satellit_installer/static_files/system/etc/systemd/journald.conf.d/slx-overrides.conf delete mode 100644 satellit_installer/static_files/system/etc/systemd/system.conf.d/10-openslx.conf delete mode 100644 satellit_installer/static_files/system/etc/systemd/system/firstboot.service delete mode 100644 satellit_installer/static_files/system/etc/tmux.conf delete mode 100644 satellit_installer/static_files/system/etc/vim/vimrc.local delete mode 100644 satellit_installer/static_files/system/opt/openslx/bashrc.inc delete mode 100755 satellit_installer/static_files/system/opt/openslx/firstboot.sh delete mode 100755 satellit_installer/static_files/system/opt/openslx/firstrun.sh delete mode 100755 satellit_installer/static_files/system/usr/local/bin/finalize delete mode 100755 satellit_installer/static_files/system/usr/local/bin/netsetup delete mode 100755 satellit_installer/static_files/system/usr/local/bin/slxlog delete mode 100755 satellit_installer/static_files/system/usr/local/sbin/slx-wait-online diff --git a/satellit_installer/includes/50-copyscripts.inc b/satellit_installer/includes/50-copyscripts.inc index aee3944..5348bb9 100644 --- a/satellit_installer/includes/50-copyscripts.inc +++ b/satellit_installer/includes/50-copyscripts.inc @@ -1,6 +1,7 @@ install_system_scripts() { # Different stuff like slxlog, finalize, firstrun, netsetup - install_files "system" + install_files "system-base" + install_files "system-updates" } install_timesync() { diff --git a/satellit_installer/static_files/system-base/etc/apt/apt.conf.d/99update-config b/satellit_installer/static_files/system-base/etc/apt/apt.conf.d/99update-config new file mode 100644 index 0000000..0f66e29 --- /dev/null +++ b/satellit_installer/static_files/system-base/etc/apt/apt.conf.d/99update-config @@ -0,0 +1,27 @@ +// Updates aktivieren +APT::Periodic::Update-Package-Lists "1"; +APT::Periodic::Unattended-Upgrade "1"; + +// Wenn ein Paket nicht sauber installiert wird, Installation erneut +// versuchen, und alte Paketkonfiguration beibehalten. +Unattended-Upgrade::AutoFixInterruptedDpkg "true"; + +// Macht den Updatevorgang langsamer, aber robuster +Unattended-Upgrade::MinimalSteps "true"; + +// Alte Kernelversionen automatisch deinstallieren +Unattended-Upgrade::Remove-Unused-Kernel-Packages "true"; + +// Wenn nach einem Update Pakete nicht mehr benötigt werden, diese automatisch deinstallieren +//Unattended-Upgrade::Remove-New-Unused-Dependencies "true"; +Unattended-Upgrade::Remove-Unused-Dependencies "true"; + +// Automatisch rebooten, wenn ein Paket dies nach dem Update erfordert? +Unattended-Upgrade::Automatic-Reboot "false"; + +// ... Reboot auch durchführen, wenn jemand auf dem Server eingeloggt ist? (SSH, Terminal) +Unattended-Upgrade::Automatic-Reboot-WithUsers "false"; + +// Uhrzeit, zu der bei erforderlichem Reboot neugestartet werden soll. +// Der Wert "now" führt den Reboot unverzüglich durch. +Unattended-Upgrade::Automatic-Reboot-Time "02:00"; diff --git a/satellit_installer/static_files/system-base/etc/issue b/satellit_installer/static_files/system-base/etc/issue new file mode 100644 index 0000000..a097cee --- /dev/null +++ b/satellit_installer/static_files/system-base/etc/issue @@ -0,0 +1,7 @@ +------------------------------------------------- + bwLehrpool Satellitenserver (Debian \S{VERSION_ID}) +------------------------------------------------- + +Bitte loggen Sie sich als Nutzer "bwlp" ein, um die +Einrichtung des Systems abzuschließen. + diff --git a/satellit_installer/static_files/system-base/etc/issue.disabled b/satellit_installer/static_files/system-base/etc/issue.disabled new file mode 100644 index 0000000..078ef2a --- /dev/null +++ b/satellit_installer/static_files/system-base/etc/issue.disabled @@ -0,0 +1,9 @@ +------------------------------------------------- + bwLehrpool Satellitenserver (Debian \S{VERSION_ID}) +------------------------------------------------- + +Web interface for configuration: + +\e{lightred}http(s)://\4/\e{reset} +\e{lightred}http(s)://\n.\O/\e{reset} + diff --git a/satellit_installer/static_files/system-base/etc/mysql/conf.d/99-openslx.cnf b/satellit_installer/static_files/system-base/etc/mysql/conf.d/99-openslx.cnf new file mode 100644 index 0000000..f4ff6f7 --- /dev/null +++ b/satellit_installer/static_files/system-base/etc/mysql/conf.d/99-openslx.cnf @@ -0,0 +1,7 @@ +[mysqld] +character-set-server = utf8mb4 +collation-server = utf8mb4_unicode_520_ci +sql_mode = STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION + +[client] +default-character-set = utf8mb4 diff --git a/satellit_installer/static_files/system-base/etc/systemd/system/firstboot.service b/satellit_installer/static_files/system-base/etc/systemd/system/firstboot.service new file mode 100644 index 0000000..f19b51a --- /dev/null +++ b/satellit_installer/static_files/system-base/etc/systemd/system/firstboot.service @@ -0,0 +1,14 @@ +[Unit] +Description=Initialization of bwLehrpool on first boot +ConditionFileIsExecutable=/opt/openslx/firstboot.sh +After=network.target mysql.service mariadb.service +Before=ssh.service lighttpd.service dmsd.service taskmanager.service + +[Service] +Type=oneshot +ExecStart=/opt/openslx/firstboot.sh +RemainAfterExit=yes +RefuseManualStart=yes + +[Install] +WantedBy=multi-user.target diff --git a/satellit_installer/static_files/system-base/etc/tmux.conf b/satellit_installer/static_files/system-base/etc/tmux.conf new file mode 100644 index 0000000..537f52c --- /dev/null +++ b/satellit_installer/static_files/system-base/etc/tmux.conf @@ -0,0 +1,5 @@ +set -g tmate-server-host "tmate.ruf.uni-freiburg.de" +set -g tmate-server-port 2222 +set -g tmate-server-rsa-fingerprint SHA256:pyT0YTJ+2c6AHD4QtUC1GEA9SFFYba74x2T1VZJ6zpc +set -g tmate-server-ed25519-fingerprint SHA256:ZuTqO8YZrdgzjskHhfNd65es4HEx5rKBRZj/e/iBLrg +set -g tmate-identity "" diff --git a/satellit_installer/static_files/system-base/etc/vim/vimrc.local b/satellit_installer/static_files/system-base/etc/vim/vimrc.local new file mode 100644 index 0000000..4bfb95d --- /dev/null +++ b/satellit_installer/static_files/system-base/etc/vim/vimrc.local @@ -0,0 +1,10 @@ +runtime! defaults.vim +let g:skip_defaults_vim = 1 + +syntax on +set showmatch +set smartcase +set incsearch +set mouse= +set autoindent +set smartindent diff --git a/satellit_installer/static_files/system-base/opt/openslx/bashrc.inc b/satellit_installer/static_files/system-base/opt/openslx/bashrc.inc new file mode 100644 index 0000000..b5fa467 --- /dev/null +++ b/satellit_installer/static_files/system-base/opt/openslx/bashrc.inc @@ -0,0 +1,17 @@ +slxif="$( ip a s 2> /dev/null | grep -oPm1 '(?<=^[0-9]: )e[^:]+' )" +slxip="$( ip -4 a s "$slxif" 2> /dev/null | grep -m1 '^\s*inet ' | awk '{print $2}' )" +[ -z "$slxip" ] && slxip="$( ip -4 a | grep '^\s*inet '| grep -vFm1 ' 127.' | awk '{print $2}' )" +slxip=${slxip%/*} +[ -z "$slxip" ] && read -r _ _ slxip _ <<<"$SSH_CONNECTION" +[ -z "$slxip" ] && slxip="noip???" +slxcol=32 +slxchar='$' +(( UID == 0 )) && slxcol=31 +(( UID == 0 )) && slxchar='#' +PS1="\[\033[01;${slxcol}m\]\u\[\033[00m\]@\[\033[01;32m\]\h \[\033[00m\]($slxip) +\[\033[01;34m\]\w\[\033[00m\] $slxchar " +unset slxif slxip slxcol slxchar +# We always want to run this as root; sudo is a noop in case we already are. +alias tmate='sudo tmate' +# Also expand aliases when using sudo +alias sudo='sudo ' diff --git a/satellit_installer/static_files/system-base/opt/openslx/firstboot.sh b/satellit_installer/static_files/system-base/opt/openslx/firstboot.sh new file mode 100755 index 0000000..fe75c1d --- /dev/null +++ b/satellit_installer/static_files/system-base/opt/openslx/firstboot.sh @@ -0,0 +1,136 @@ +#!/bin/bash + +MY_PID=$$ +conf="/opt/openslx/config.install" + +# Logfile +exec &>> /opt/openslx/firstboot.log + +perror() { + echo "[ERROR] $*" + [ "$MY_PID" != "$$" ] && kill "$MY_PID" + + if ! grep -q "firstboot.sh has thrown an error" /etc/motd; then + cat <<-EOF >> /etc/motd + + WARNING! + + firstboot.sh has thrown an error! + Please read /opt/openslx/firstboot.log and take appropriate measures! + This server may not work correctly! + + EOF + fi + exit 5 +} + +if ! [ -e "$conf" ]; then + # First time this script runs, it will delete the config at the end; this + # means this has to be the second bootup, after the user finished the + # firstrun.sh script on first login as "bwlp". + # Completely delete the script now, and also firstrun.sh + unlink "/opt/openslx/firstrun.sh" + unlink "/opt/openslx/firstboot.sh" + unlink "/etc/systemd/system/firstboot.service" + unlink "/etc/systemd/system/multi-user.target.wants/firstboot.service" + # Only now enable the web interface, so the user cannot login via browser + # before finishing the firstrun.sh script via ssh/tty login + systemctl enable lighttpd.service || perror "Konnte systemd-Service lighttpd nicht aktivieren!" + systemctl --no-block start lighttpd.service + # Also activate our issue that hints at the webif URL + mv /etc/issue.disabled /etc/issue + exit 0 +fi + +echo "+++ $(basename "$0") gestartet: $(date "+%Y-%m-%d %H:%m:%S")" + +[ -s "$conf" ] || perror "Config file $conf missing" +bash -n "$conf" || perror "Config file $conf has errors" +. "$conf" + +generate_password() { + tr -dc _A-Za-z0-9 < /dev/urandom 2> /dev/null | head -c 16 +} + +patchfiles() { + # ... + # Warning: does not escape! + local FIND="$1" + local REPLACE="$2" + shift 2 + while [ $# -gt 0 ]; do + sed -i "s/${FIND}/${REPLACE}/g" "$1" + shift + done +} + +echo "+++ Lösche alte ssh-Schlüssel ..." +rm -f -- /etc/ssh/ssh_host_*key* 2>/dev/null + +echo "+++ Generating new sshd keys..." +ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N "" -t rsa -q +ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N "" -t dsa -q +ssh-keygen -f /etc/ssh/ssh_host_ecdsa_key -N "" -t ecdsa -q +ssh-keygen -f /etc/ssh/ssh_host_ed25519_key -N "" -t ed25519 -q + +echo "+++ Generiere intern genutzte Passwörter (z.B. MySQL-Zugänge) neu ..." +umask 0077 + +MYSQL_SAT_NEW=$(generate_password) +[ -z "$MYSQL_SAT_NEW" ] && perror "Error generating mysql password for dmsd" +echo "SET PASSWORD FOR 'sat'@'localhost' = PASSWORD('$MYSQL_SAT_NEW');" | mysql -u root || perror "Neusetzen des sat-MySQL-Passworts fehlgeschlagen." + +MYSQL_OPENSLX_NEW=$(generate_password) +[ -z "$MYSQL_OPENSLX_NEW" ] && perror "Error generating mysql password for openslx" +echo "SET PASSWORD FOR 'openslx'@'localhost' = PASSWORD('$MYSQL_OPENSLX_NEW');" | mysql -u root || perror "Neusetzen des openslx-MySQL-Passworts fehlgeschlagen." + +echo "+++ Konfigurationsdateien werden aktualisiert..." + +# sat mysql pass +# Patch dmsd +patchfiles "%MYSQL_SAT_PASS%" "$MYSQL_SAT_NEW" "$DMSDDIR/config.properties" + +# openslx mysql pass +# Patching openslx-mysql-userpass into slx-admin config: +patchfiles "%MYSQL_OPENSLX_PASS%" "$MYSQL_OPENSLX_NEW" "$SLXADMINDIR/config.php" + +# taskmanager password +TASKMANAGER_PASS=$(generate_password) +patchfiles "%TM_OPENSLX_PASS%" "$TASKMANAGER_PASS" "$SLXADMINDIR/config.php" "$TASKMANDIR/config/config" + +echo "+++ Dienste werden aktiviert..." + +# Enable bwLehrpool related services +for i in dmsd.service taskmanager.service; do + systemctl enable "$i" || perror "Konnte systemd-Service $i nicht aktivieren!" + systemctl --no-block start "$i" +done + +# root ssh key +echo "" +echo "Erzeuge SSH Schlüsselpaar für root" +echo "" + +KEY=~/.ssh/id_rsa +rm -f -- "$KEY" "${KEY}.pub" +ssh-keygen -q -N "" -f "$KEY" \ + || echo "Achtung: Erzeugung Schlüsselpaar $KEY fehlgeschlagen." + +# Write MOTD +cat > /etc/motd < *** bwLehrpool Satellitenserver, Version $VERSION *** +> Eingerichtet am $(date) +> +> Wenn Sie sich als 'bwlp' eingeloggt haben, haben Sie nun folgende Optionen: +> netsetup - Konfiguriert das Netzwerk-Interface neu (DHCP oder statisch) +> sudo reboot - System neustarten +> sudo poweroff - System herunterfahren +> +> Andere Modifikationen am System sind in der Regel nicht notwendig. +> +THEREDOC + +echo "+++ Daten des Firstrun-Scripts werden aufgeräumt..." +unlink "$conf" + +exit 0 diff --git a/satellit_installer/static_files/system-base/opt/openslx/firstrun.sh b/satellit_installer/static_files/system-base/opt/openslx/firstrun.sh new file mode 100755 index 0000000..1238cc5 --- /dev/null +++ b/satellit_installer/static_files/system-base/opt/openslx/firstrun.sh @@ -0,0 +1,99 @@ +#!/bin/bash + +cat <<-HEREDOC +> +> Willkommen zur Grundkonfiguration des bwLehrpool Satellitenservers. +> +> Diese einmalige Konfiguration dient dazu, das Passwort des System-Users +> "bwlp" zu ändern (für Terminal, SSH), sowie ggf. die +> Netzwerkkonfiguration des Servers anzupassen. +> +HEREDOC + +while ! passwd; do + echo " " + echo "> Das hat nicht geklappt. Bitte noch einmal versuchen:" + echo "> " +done + +cat <<-SUPPE +> +> Das neue Passwort ist ab sofort gültig. +> +> Erzeuge SSH Schlüsselpaar +> +SUPPE + +KEY=~/.ssh/id_rsa + +rm -f -- "$KEY" "${KEY}.pub" +ssh-keygen -q -N "" -f "$KEY" \ + || echo "> Achtung: Erzeugung Schlüsselpaar $KEY fehlgeschlagen." + +cat <<-HERRR +> +> Nun können Sie festlegen, ob der Server seine IP-Konfiguration +> per DHCP erhält, oder eine statische Konfiguration verwendet wird. +> +HERRR + +netsetup + +cat < +> Möchten Sie das Paket "unattended-upgrades" installieren, um +> automatische Updates des Betriebsystems zu aktivieren? +> Sonst müssen Sie das System regelmäßig manuell über die Konsole +> oder die Webschnittstelle aktualisieren. +> +BLOCK +choice= +while ! [[ $choice =~ ^[jJyYnN] ]]; do + echo -n "Auswahl [J/N]: " + read -r choice +done +choice=${choice:0:1} +choice=${choice^^} + +if [ "$choice" != "N" ]; then + # Install + echo "> Installiere Paket unattended-upgrades" + if sudo apt update \ + && sudo apt install -y unattended-upgrades; then + echo "> Automatische updates eingerichtet. Für Informationen zu" + echo "> möglichen Anpassungen der automatischen Updates" + else + echo "> " + echo "> Fehler beim Installieren des Pakets für die automatischen Updates." + echo "> Bitte sorgen Sie dafür, dass der Satellitenserver einen Paket-Mirror" + echo "> erreichen kann. Für weitere Informationen zu diesem Thema" + fi +else + echo "> " + echo "> Falls Sie das Einspielen von System-Updates automatisieren wollen," +fi + +cat < +> lesen Sie bitte den zugehörigen Artikel +> https://www.bwlehrpool.de/wiki/doku.php/satellite/system_updates +> (auch zu finden im Web-Interface: System-Status -> System updates) +> +> Damit ist die Einrichtung abgeschlossen. Die weitere Konfiguration des +> bwLehrpool-Systems erfolgt über die Webschnittstelle, die über die +> IP-Addresse oder den Hostnamen des Servers erreichbar ist. +> +> Der Server wird jetzt zum Abschluss der Installation neugestartet. +> Drücken Sie Enter, um sofort neuzustarten. +> +YONDERDOC + +sed -i "/opt.openslx.firstrun.sh/d" ~/.profile + +for _ in {1..15}; do + echo -n "." + read -r -t 1 -s && break +done +echo "." + +sudo reboot diff --git a/satellit_installer/static_files/system-base/usr/local/bin/finalize b/satellit_installer/static_files/system-base/usr/local/bin/finalize new file mode 100755 index 0000000..1be85e2 --- /dev/null +++ b/satellit_installer/static_files/system-base/usr/local/bin/finalize @@ -0,0 +1,21 @@ +#!/bin/dash + +# Funny dash has a funny 'kill' builtin, which we +# do not want to use. +KILL=$(which kill) + +EIGENEPID=$(ps -o ppid $$|fgrep -v PPID) + +# kill every bash in reach, but not the parent('s parent): +for i in $(ps axo pid,comm|grep bash|cut -d " " -f 2); do + [ $EIGENEPID != $i ] && $KILL -SIGKILL $i 2>/dev/null +done + +# Now, empty root's ~/.bash_history: +>~/.bash_history + +# Now we delete the script - necessary only once. +rm -f "$_" 2>/dev/null + +exit + diff --git a/satellit_installer/static_files/system-base/usr/local/bin/netsetup b/satellit_installer/static_files/system-base/usr/local/bin/netsetup new file mode 100755 index 0000000..a824739 --- /dev/null +++ b/satellit_installer/static_files/system-base/usr/local/bin/netsetup @@ -0,0 +1,205 @@ +#!/bin/bash + +if [ "$UID" != 0 ]; then + exec sudo "$0" "$@" + exit 1 +fi + +DATUM=$(date +%Y%m%d_%H%M%S) +INTERFACES="/etc/network/interfaces" +ETHALIAS=$( ifconfig -a | grep -oEm1 '^e\w+' ) +RESOLV="/etc/resolv.conf" +HOSTNAMEFILE="/etc/hostname" +SKRIPT=$(readlink -f "$0") +ERR=0 + + +write_banner() { + echo + echo "Dieses Skript konfiguriert das Netzwerk-Interface." + echo + echo "Wenn Sie die Netzwerkkonfiguration ändern, sollten Sie anschließend" + echo "den Server rebooten." + echo +} + + +detect_config() { + if grep -q -E "^[[:space:]]*iface[[:space:]]+${ETHALIAS}[[:space:]]+inet[[:space:]]+dhcp" "$INTERFACES"; then + # dhcp detected, we presume + TYPE=dhcp-basierte + WUNSCH=statische + TOUCHE_TYPE=d + TOUCHE_DESIR=s + else + TYPE=statische + WUNSCH=dhcp-basierte + TOUCHE_TYPE=s + TOUCHE_DESIR=d + fi +} + +ask_config() { + echo + echo "Es ist aktuell eine $TYPE IP-Adresse konfiguriert." + echo + echo "Wollen Sie eine $WUNSCH IP konfigurieren (${TOUCHE_DESIR})," + echo "möchten Sie die $TYPE IP neu konfigurieren (${TOUCHE_TYPE})," + echo "oder möchten Sie gar nichts tun (leere Eingabe)?" + echo + echo -n "Ihre Wahl? [${TOUCHE_DESIR}/${TOUCHE_TYPE}/nichts]: " + read CONFIG_ME + [ "$CONFIG_ME" == "" ] && exit 0 +} + +decide_action() { + case "$CONFIG_ME" in + ${TOUCHE_DESIR}*) backup_configs + if [ "$WUNSCH" == "statische" ]; then + enter_values_static + write_config_static + else + write_config_dyn + fi + ;; + ${TOUCHE_TYPE}*) backup_configs + if [ "$TYPE" == "statische" ]; then + enter_values_static + write_config_static + else + write_config_dyn + fi + ;; + *) echo; echo + echo "Ihre eingegebene Option $CONFIG_ME wurde nicht erkannt - Neustart." + echo + sleep 1 + exec "$SKRIPT" + ;; + esac +} + +backup_configs() { + if [ -f "$INTERFACES" ]; then + cp -p "$INTERFACES" "$INTERFACES.${DATUM}" || \ + { echo "Konnte Datei $INTERFACES nicht nach $INTERFACES.$DATUM sichern - Abbruch."; \ + exit 1 ; } + cp -p "$RESOLV" "$RESOLV.${DATUM}" || \ + { echo "Konnte Datei $RESOLV nicht nach $RESOLV.$DATUM sichern - Abbruch."; \ + exit 1 ; } + fi +} + +restore_configs() { + cp -p "$INTERFACES.$DATUM" "$INTERFACES" + cp -p "$RESOLV.{DATUM}" "$RESOLV" +} + +write_config_static() { + cat > "$INTERFACES" <<-HIER + # This file was written by the satellite auto installer. + # If any problems arise, copy $INTERFACES.${DATUM}. + # The loopback network interface + auto lo + iface lo inet loopback + + # Primary network interface + auto $ETHALIAS + iface $ETHALIAS inet static + address $IPADRESS + gateway $GATEWAY + netmask $NETMASK + HIER + + echo "# This file was written by the satellite server install script." > "$RESOLV" + echo "# If any problems arise, copy $RESOLV.${DATUM}." >> "$RESOLV" + [ -n "$DOMAIN" ] && echo "domain $DOMAIN" >> "$RESOLV" + [ -n "$SEARCH" ] && echo "search $SEARCH" >> "$RESOLV" + [ -n "$PRIMARYDNS" ] && echo "nameserver $PRIMARYDNS" >> "$RESOLV" + [ -n "$SECONDARYDNS" ] && echo "nameserver $SECONDARYDNS" >> "$RESOLV" + + echo "$HOSTNAME" > "$HOSTNAMEFILE" + + [ -n "$DOMAIN" ] && DOMAIN=".${DOMAIN}" + sed "s/127.0.1.1.*/127.0.1.1\t${HOSTNAME}${DOMAIN}\t${HOSTNAME}/g" -i /etc/hosts --in-place=.alt + +} + +write_config_dyn() { + cat > "$INTERFACES" <<-HIER + # This file was written by the satellite auto installer. + # If any problems arise, copy $INTERFACES.${DATUM}. + # The loopback network interface + auto lo + iface lo inet loopback + + # Primary network interface + auto $ETHALIAS + iface $ETHALIAS inet dhcp + # Leaving /etc/resolv alone; pump/dhclient/whatever will take care of that. + HIER +} + +enter_values_static() { + OLDHOSTNAME=$(hostname) + unset ENTRY + while true; do + echo + echo -n "IP-Adresse: " + read IPADRESS + echo -n "Gateway: " + read GATEWAY + echo -n "Netzmaske - leere Eingabe für 255.255.255.0: " + read NETMASK + [ -z "$NETMASK" ] && NETMASK=255.255.255.0 + echo -n "Domain - leere Eingabe, wenn nicht erwünscht: " + read DOMAIN + echo -n "Search domain - leere Eingabe, wenn nicht erwünscht: " + read SEARCH + echo -n "Primärer Nameserver: " + read PRIMARYDNS + echo -n "Sekundärer Nameserver - Leere Eingabe, wenn nicht vorhanden: " + read SECONDARYDNS + echo -n "Hostname - leere Eingabe für bestehenden Hostname $OLDHOSTNAME: " + read HOSTNAME + [ "$HOSTNAME" == "" ] && HOSTNAME="$OLDHOSTNAME" + echo + echo "# IP-Adresse : $IPADRESS" + echo "# Gateway : $GATEWAY" + echo "# Netzmaske : $NETMASK" + echo "# Domain : $DOMAIN" + echo "# Search domain : $SEARCH" + echo "# Primärer Nameserver : $PRIMARYDNS" + echo "# Sekundärer Nameserver : $SECONDARYDNS" + echo "# Hostname : $HOSTNAME" + echo + while true; do + echo -n "Sind diese Eingaben korrekt? [J/n]: " + read ENTRY + echo + [[ -z "$ENTRY" || "$ENTRY" == j* || "$ENTRY" == J* ]] && return + if [[ "$ENTRY" == n* || "$ENTRY" == N* ]]; then + echo "Neustart der Eingabe..." + echo + break + fi + done + done +} + +last_words() { + echo + echo "Einträge geschrieben... beende Skript." + echo +} + +detect_config +write_banner +ask_config + +decide_action # do the stuff! + +last_words + +exit 0 + diff --git a/satellit_installer/static_files/system-updates/etc/cron.daily/tmpdelete.sh b/satellit_installer/static_files/system-updates/etc/cron.daily/tmpdelete.sh new file mode 100755 index 0000000..9e68658 --- /dev/null +++ b/satellit_installer/static_files/system-updates/etc/cron.daily/tmpdelete.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +# This is a mini script called by a cronjob to delete bwlp-entries in /tmp +# directory older ~2 days. +find /tmp -mtime +2 -name "bwlp-*" -maxdepth 1 -exec rm -rf -- {} \; 2>/dev/null +# Same for VM uploads +[ -d /srv/openslx/nfs ] && find /srv/openslx/nfs -mtime +2 -type f -name "*.upload.partial" -exec rm -f -- {} \; 2>/dev/null +# NFS silly renames +[ -d /srv/openslx/nfs ] && find /srv/openslx/nfs -mtime +4 -type f -name ".nfs*" -exec rm -f -- {} \; 2>/dev/null diff --git a/satellit_installer/static_files/system-updates/etc/locale.conf b/satellit_installer/static_files/system-updates/etc/locale.conf new file mode 100644 index 0000000..f9c983c --- /dev/null +++ b/satellit_installer/static_files/system-updates/etc/locale.conf @@ -0,0 +1 @@ +LANG=C.UTF-8 diff --git a/satellit_installer/static_files/system-updates/etc/sudoers.d/openslx-overrides b/satellit_installer/static_files/system-updates/etc/sudoers.d/openslx-overrides new file mode 100644 index 0000000..5cfa7d0 --- /dev/null +++ b/satellit_installer/static_files/system-updates/etc/sudoers.d/openslx-overrides @@ -0,0 +1 @@ +bwlp ALL=(root) NOPASSWD: ALL diff --git a/satellit_installer/static_files/system-updates/etc/systemd/journald.conf.d/slx-overrides.conf b/satellit_installer/static_files/system-updates/etc/systemd/journald.conf.d/slx-overrides.conf new file mode 100644 index 0000000..05a33d2 --- /dev/null +++ b/satellit_installer/static_files/system-updates/etc/systemd/journald.conf.d/slx-overrides.conf @@ -0,0 +1,6 @@ +[Journal] +Storage=persistent +SystemMaxUse=1G +SystemKeepFree=1G +RuntimeMaxUse=100M +RuntimeKeepFree=100M diff --git a/satellit_installer/static_files/system-updates/etc/systemd/system.conf.d/10-openslx.conf b/satellit_installer/static_files/system-updates/etc/systemd/system.conf.d/10-openslx.conf new file mode 100644 index 0000000..0e40b02 --- /dev/null +++ b/satellit_installer/static_files/system-updates/etc/systemd/system.conf.d/10-openslx.conf @@ -0,0 +1,3 @@ +[Manager] +DefaultEnvironment=TZ=:/etc/localtime LANG=C.UTF-8 +RebootWatchdogSec=30 diff --git a/satellit_installer/static_files/system-updates/usr/local/bin/slxlog b/satellit_installer/static_files/system-updates/usr/local/bin/slxlog new file mode 100755 index 0000000..55110ae --- /dev/null +++ b/satellit_installer/static_files/system-updates/usr/local/bin/slxlog @@ -0,0 +1,6 @@ +#!/bin/sh + +[ "x$(whoami)" != "xwww-data" ] && exec sudo -n -u www-data "$0" "$@" + +php /srv/openslx/www/slx-admin/api.php "$@" + diff --git a/satellit_installer/static_files/system-updates/usr/local/sbin/slx-wait-online b/satellit_installer/static_files/system-updates/usr/local/sbin/slx-wait-online new file mode 100755 index 0000000..f4b41dc --- /dev/null +++ b/satellit_installer/static_files/system-updates/usr/local/sbin/slx-wait-online @@ -0,0 +1,15 @@ +#!/bin/bash + +for i in 1 1 2 2 3 1; do + < <(ip route show default) read -r _ _ ip _ + if [ -n "$ip" ]; then + echo "Trying to ping $ip" + ping -W 2 -c 1 "$ip" &> /dev/null && exit 0 + else + echo "No default gateway yet..." + fi + sleep "$i" +done + +exit 1 + diff --git a/satellit_installer/static_files/system/etc/apt/apt.conf.d/99update-config b/satellit_installer/static_files/system/etc/apt/apt.conf.d/99update-config deleted file mode 100644 index 0f66e29..0000000 --- a/satellit_installer/static_files/system/etc/apt/apt.conf.d/99update-config +++ /dev/null @@ -1,27 +0,0 @@ -// Updates aktivieren -APT::Periodic::Update-Package-Lists "1"; -APT::Periodic::Unattended-Upgrade "1"; - -// Wenn ein Paket nicht sauber installiert wird, Installation erneut -// versuchen, und alte Paketkonfiguration beibehalten. -Unattended-Upgrade::AutoFixInterruptedDpkg "true"; - -// Macht den Updatevorgang langsamer, aber robuster -Unattended-Upgrade::MinimalSteps "true"; - -// Alte Kernelversionen automatisch deinstallieren -Unattended-Upgrade::Remove-Unused-Kernel-Packages "true"; - -// Wenn nach einem Update Pakete nicht mehr benötigt werden, diese automatisch deinstallieren -//Unattended-Upgrade::Remove-New-Unused-Dependencies "true"; -Unattended-Upgrade::Remove-Unused-Dependencies "true"; - -// Automatisch rebooten, wenn ein Paket dies nach dem Update erfordert? -Unattended-Upgrade::Automatic-Reboot "false"; - -// ... Reboot auch durchführen, wenn jemand auf dem Server eingeloggt ist? (SSH, Terminal) -Unattended-Upgrade::Automatic-Reboot-WithUsers "false"; - -// Uhrzeit, zu der bei erforderlichem Reboot neugestartet werden soll. -// Der Wert "now" führt den Reboot unverzüglich durch. -Unattended-Upgrade::Automatic-Reboot-Time "02:00"; diff --git a/satellit_installer/static_files/system/etc/cron.daily/tmpdelete.sh b/satellit_installer/static_files/system/etc/cron.daily/tmpdelete.sh deleted file mode 100755 index 9e68658..0000000 --- a/satellit_installer/static_files/system/etc/cron.daily/tmpdelete.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/bash - -# This is a mini script called by a cronjob to delete bwlp-entries in /tmp -# directory older ~2 days. -find /tmp -mtime +2 -name "bwlp-*" -maxdepth 1 -exec rm -rf -- {} \; 2>/dev/null -# Same for VM uploads -[ -d /srv/openslx/nfs ] && find /srv/openslx/nfs -mtime +2 -type f -name "*.upload.partial" -exec rm -f -- {} \; 2>/dev/null -# NFS silly renames -[ -d /srv/openslx/nfs ] && find /srv/openslx/nfs -mtime +4 -type f -name ".nfs*" -exec rm -f -- {} \; 2>/dev/null diff --git a/satellit_installer/static_files/system/etc/issue b/satellit_installer/static_files/system/etc/issue deleted file mode 100644 index a097cee..0000000 --- a/satellit_installer/static_files/system/etc/issue +++ /dev/null @@ -1,7 +0,0 @@ -------------------------------------------------- - bwLehrpool Satellitenserver (Debian \S{VERSION_ID}) -------------------------------------------------- - -Bitte loggen Sie sich als Nutzer "bwlp" ein, um die -Einrichtung des Systems abzuschließen. - diff --git a/satellit_installer/static_files/system/etc/issue.disabled b/satellit_installer/static_files/system/etc/issue.disabled deleted file mode 100644 index 078ef2a..0000000 --- a/satellit_installer/static_files/system/etc/issue.disabled +++ /dev/null @@ -1,9 +0,0 @@ -------------------------------------------------- - bwLehrpool Satellitenserver (Debian \S{VERSION_ID}) -------------------------------------------------- - -Web interface for configuration: - -\e{lightred}http(s)://\4/\e{reset} -\e{lightred}http(s)://\n.\O/\e{reset} - diff --git a/satellit_installer/static_files/system/etc/locale.conf b/satellit_installer/static_files/system/etc/locale.conf deleted file mode 100644 index f9c983c..0000000 --- a/satellit_installer/static_files/system/etc/locale.conf +++ /dev/null @@ -1 +0,0 @@ -LANG=C.UTF-8 diff --git a/satellit_installer/static_files/system/etc/mysql/conf.d/99-openslx.cnf b/satellit_installer/static_files/system/etc/mysql/conf.d/99-openslx.cnf deleted file mode 100644 index f4ff6f7..0000000 --- a/satellit_installer/static_files/system/etc/mysql/conf.d/99-openslx.cnf +++ /dev/null @@ -1,7 +0,0 @@ -[mysqld] -character-set-server = utf8mb4 -collation-server = utf8mb4_unicode_520_ci -sql_mode = STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION - -[client] -default-character-set = utf8mb4 diff --git a/satellit_installer/static_files/system/etc/sudoers.d/openslx-overrides b/satellit_installer/static_files/system/etc/sudoers.d/openslx-overrides deleted file mode 100644 index 5cfa7d0..0000000 --- a/satellit_installer/static_files/system/etc/sudoers.d/openslx-overrides +++ /dev/null @@ -1 +0,0 @@ -bwlp ALL=(root) NOPASSWD: ALL diff --git a/satellit_installer/static_files/system/etc/systemd/journald.conf.d/slx-overrides.conf b/satellit_installer/static_files/system/etc/systemd/journald.conf.d/slx-overrides.conf deleted file mode 100644 index 05a33d2..0000000 --- a/satellit_installer/static_files/system/etc/systemd/journald.conf.d/slx-overrides.conf +++ /dev/null @@ -1,6 +0,0 @@ -[Journal] -Storage=persistent -SystemMaxUse=1G -SystemKeepFree=1G -RuntimeMaxUse=100M -RuntimeKeepFree=100M diff --git a/satellit_installer/static_files/system/etc/systemd/system.conf.d/10-openslx.conf b/satellit_installer/static_files/system/etc/systemd/system.conf.d/10-openslx.conf deleted file mode 100644 index 0e40b02..0000000 --- a/satellit_installer/static_files/system/etc/systemd/system.conf.d/10-openslx.conf +++ /dev/null @@ -1,3 +0,0 @@ -[Manager] -DefaultEnvironment=TZ=:/etc/localtime LANG=C.UTF-8 -RebootWatchdogSec=30 diff --git a/satellit_installer/static_files/system/etc/systemd/system/firstboot.service b/satellit_installer/static_files/system/etc/systemd/system/firstboot.service deleted file mode 100644 index f19b51a..0000000 --- a/satellit_installer/static_files/system/etc/systemd/system/firstboot.service +++ /dev/null @@ -1,14 +0,0 @@ -[Unit] -Description=Initialization of bwLehrpool on first boot -ConditionFileIsExecutable=/opt/openslx/firstboot.sh -After=network.target mysql.service mariadb.service -Before=ssh.service lighttpd.service dmsd.service taskmanager.service - -[Service] -Type=oneshot -ExecStart=/opt/openslx/firstboot.sh -RemainAfterExit=yes -RefuseManualStart=yes - -[Install] -WantedBy=multi-user.target diff --git a/satellit_installer/static_files/system/etc/tmux.conf b/satellit_installer/static_files/system/etc/tmux.conf deleted file mode 100644 index 537f52c..0000000 --- a/satellit_installer/static_files/system/etc/tmux.conf +++ /dev/null @@ -1,5 +0,0 @@ -set -g tmate-server-host "tmate.ruf.uni-freiburg.de" -set -g tmate-server-port 2222 -set -g tmate-server-rsa-fingerprint SHA256:pyT0YTJ+2c6AHD4QtUC1GEA9SFFYba74x2T1VZJ6zpc -set -g tmate-server-ed25519-fingerprint SHA256:ZuTqO8YZrdgzjskHhfNd65es4HEx5rKBRZj/e/iBLrg -set -g tmate-identity "" diff --git a/satellit_installer/static_files/system/etc/vim/vimrc.local b/satellit_installer/static_files/system/etc/vim/vimrc.local deleted file mode 100644 index 4bfb95d..0000000 --- a/satellit_installer/static_files/system/etc/vim/vimrc.local +++ /dev/null @@ -1,10 +0,0 @@ -runtime! defaults.vim -let g:skip_defaults_vim = 1 - -syntax on -set showmatch -set smartcase -set incsearch -set mouse= -set autoindent -set smartindent diff --git a/satellit_installer/static_files/system/opt/openslx/bashrc.inc b/satellit_installer/static_files/system/opt/openslx/bashrc.inc deleted file mode 100644 index b5fa467..0000000 --- a/satellit_installer/static_files/system/opt/openslx/bashrc.inc +++ /dev/null @@ -1,17 +0,0 @@ -slxif="$( ip a s 2> /dev/null | grep -oPm1 '(?<=^[0-9]: )e[^:]+' )" -slxip="$( ip -4 a s "$slxif" 2> /dev/null | grep -m1 '^\s*inet ' | awk '{print $2}' )" -[ -z "$slxip" ] && slxip="$( ip -4 a | grep '^\s*inet '| grep -vFm1 ' 127.' | awk '{print $2}' )" -slxip=${slxip%/*} -[ -z "$slxip" ] && read -r _ _ slxip _ <<<"$SSH_CONNECTION" -[ -z "$slxip" ] && slxip="noip???" -slxcol=32 -slxchar='$' -(( UID == 0 )) && slxcol=31 -(( UID == 0 )) && slxchar='#' -PS1="\[\033[01;${slxcol}m\]\u\[\033[00m\]@\[\033[01;32m\]\h \[\033[00m\]($slxip) -\[\033[01;34m\]\w\[\033[00m\] $slxchar " -unset slxif slxip slxcol slxchar -# We always want to run this as root; sudo is a noop in case we already are. -alias tmate='sudo tmate' -# Also expand aliases when using sudo -alias sudo='sudo ' diff --git a/satellit_installer/static_files/system/opt/openslx/firstboot.sh b/satellit_installer/static_files/system/opt/openslx/firstboot.sh deleted file mode 100755 index fe75c1d..0000000 --- a/satellit_installer/static_files/system/opt/openslx/firstboot.sh +++ /dev/null @@ -1,136 +0,0 @@ -#!/bin/bash - -MY_PID=$$ -conf="/opt/openslx/config.install" - -# Logfile -exec &>> /opt/openslx/firstboot.log - -perror() { - echo "[ERROR] $*" - [ "$MY_PID" != "$$" ] && kill "$MY_PID" - - if ! grep -q "firstboot.sh has thrown an error" /etc/motd; then - cat <<-EOF >> /etc/motd - - WARNING! - - firstboot.sh has thrown an error! - Please read /opt/openslx/firstboot.log and take appropriate measures! - This server may not work correctly! - - EOF - fi - exit 5 -} - -if ! [ -e "$conf" ]; then - # First time this script runs, it will delete the config at the end; this - # means this has to be the second bootup, after the user finished the - # firstrun.sh script on first login as "bwlp". - # Completely delete the script now, and also firstrun.sh - unlink "/opt/openslx/firstrun.sh" - unlink "/opt/openslx/firstboot.sh" - unlink "/etc/systemd/system/firstboot.service" - unlink "/etc/systemd/system/multi-user.target.wants/firstboot.service" - # Only now enable the web interface, so the user cannot login via browser - # before finishing the firstrun.sh script via ssh/tty login - systemctl enable lighttpd.service || perror "Konnte systemd-Service lighttpd nicht aktivieren!" - systemctl --no-block start lighttpd.service - # Also activate our issue that hints at the webif URL - mv /etc/issue.disabled /etc/issue - exit 0 -fi - -echo "+++ $(basename "$0") gestartet: $(date "+%Y-%m-%d %H:%m:%S")" - -[ -s "$conf" ] || perror "Config file $conf missing" -bash -n "$conf" || perror "Config file $conf has errors" -. "$conf" - -generate_password() { - tr -dc _A-Za-z0-9 < /dev/urandom 2> /dev/null | head -c 16 -} - -patchfiles() { - # ... - # Warning: does not escape! - local FIND="$1" - local REPLACE="$2" - shift 2 - while [ $# -gt 0 ]; do - sed -i "s/${FIND}/${REPLACE}/g" "$1" - shift - done -} - -echo "+++ Lösche alte ssh-Schlüssel ..." -rm -f -- /etc/ssh/ssh_host_*key* 2>/dev/null - -echo "+++ Generating new sshd keys..." -ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N "" -t rsa -q -ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N "" -t dsa -q -ssh-keygen -f /etc/ssh/ssh_host_ecdsa_key -N "" -t ecdsa -q -ssh-keygen -f /etc/ssh/ssh_host_ed25519_key -N "" -t ed25519 -q - -echo "+++ Generiere intern genutzte Passwörter (z.B. MySQL-Zugänge) neu ..." -umask 0077 - -MYSQL_SAT_NEW=$(generate_password) -[ -z "$MYSQL_SAT_NEW" ] && perror "Error generating mysql password for dmsd" -echo "SET PASSWORD FOR 'sat'@'localhost' = PASSWORD('$MYSQL_SAT_NEW');" | mysql -u root || perror "Neusetzen des sat-MySQL-Passworts fehlgeschlagen." - -MYSQL_OPENSLX_NEW=$(generate_password) -[ -z "$MYSQL_OPENSLX_NEW" ] && perror "Error generating mysql password for openslx" -echo "SET PASSWORD FOR 'openslx'@'localhost' = PASSWORD('$MYSQL_OPENSLX_NEW');" | mysql -u root || perror "Neusetzen des openslx-MySQL-Passworts fehlgeschlagen." - -echo "+++ Konfigurationsdateien werden aktualisiert..." - -# sat mysql pass -# Patch dmsd -patchfiles "%MYSQL_SAT_PASS%" "$MYSQL_SAT_NEW" "$DMSDDIR/config.properties" - -# openslx mysql pass -# Patching openslx-mysql-userpass into slx-admin config: -patchfiles "%MYSQL_OPENSLX_PASS%" "$MYSQL_OPENSLX_NEW" "$SLXADMINDIR/config.php" - -# taskmanager password -TASKMANAGER_PASS=$(generate_password) -patchfiles "%TM_OPENSLX_PASS%" "$TASKMANAGER_PASS" "$SLXADMINDIR/config.php" "$TASKMANDIR/config/config" - -echo "+++ Dienste werden aktiviert..." - -# Enable bwLehrpool related services -for i in dmsd.service taskmanager.service; do - systemctl enable "$i" || perror "Konnte systemd-Service $i nicht aktivieren!" - systemctl --no-block start "$i" -done - -# root ssh key -echo "" -echo "Erzeuge SSH Schlüsselpaar für root" -echo "" - -KEY=~/.ssh/id_rsa -rm -f -- "$KEY" "${KEY}.pub" -ssh-keygen -q -N "" -f "$KEY" \ - || echo "Achtung: Erzeugung Schlüsselpaar $KEY fehlgeschlagen." - -# Write MOTD -cat > /etc/motd < *** bwLehrpool Satellitenserver, Version $VERSION *** -> Eingerichtet am $(date) -> -> Wenn Sie sich als 'bwlp' eingeloggt haben, haben Sie nun folgende Optionen: -> netsetup - Konfiguriert das Netzwerk-Interface neu (DHCP oder statisch) -> sudo reboot - System neustarten -> sudo poweroff - System herunterfahren -> -> Andere Modifikationen am System sind in der Regel nicht notwendig. -> -THEREDOC - -echo "+++ Daten des Firstrun-Scripts werden aufgeräumt..." -unlink "$conf" - -exit 0 diff --git a/satellit_installer/static_files/system/opt/openslx/firstrun.sh b/satellit_installer/static_files/system/opt/openslx/firstrun.sh deleted file mode 100755 index 1238cc5..0000000 --- a/satellit_installer/static_files/system/opt/openslx/firstrun.sh +++ /dev/null @@ -1,99 +0,0 @@ -#!/bin/bash - -cat <<-HEREDOC -> -> Willkommen zur Grundkonfiguration des bwLehrpool Satellitenservers. -> -> Diese einmalige Konfiguration dient dazu, das Passwort des System-Users -> "bwlp" zu ändern (für Terminal, SSH), sowie ggf. die -> Netzwerkkonfiguration des Servers anzupassen. -> -HEREDOC - -while ! passwd; do - echo " " - echo "> Das hat nicht geklappt. Bitte noch einmal versuchen:" - echo "> " -done - -cat <<-SUPPE -> -> Das neue Passwort ist ab sofort gültig. -> -> Erzeuge SSH Schlüsselpaar -> -SUPPE - -KEY=~/.ssh/id_rsa - -rm -f -- "$KEY" "${KEY}.pub" -ssh-keygen -q -N "" -f "$KEY" \ - || echo "> Achtung: Erzeugung Schlüsselpaar $KEY fehlgeschlagen." - -cat <<-HERRR -> -> Nun können Sie festlegen, ob der Server seine IP-Konfiguration -> per DHCP erhält, oder eine statische Konfiguration verwendet wird. -> -HERRR - -netsetup - -cat < -> Möchten Sie das Paket "unattended-upgrades" installieren, um -> automatische Updates des Betriebsystems zu aktivieren? -> Sonst müssen Sie das System regelmäßig manuell über die Konsole -> oder die Webschnittstelle aktualisieren. -> -BLOCK -choice= -while ! [[ $choice =~ ^[jJyYnN] ]]; do - echo -n "Auswahl [J/N]: " - read -r choice -done -choice=${choice:0:1} -choice=${choice^^} - -if [ "$choice" != "N" ]; then - # Install - echo "> Installiere Paket unattended-upgrades" - if sudo apt update \ - && sudo apt install -y unattended-upgrades; then - echo "> Automatische updates eingerichtet. Für Informationen zu" - echo "> möglichen Anpassungen der automatischen Updates" - else - echo "> " - echo "> Fehler beim Installieren des Pakets für die automatischen Updates." - echo "> Bitte sorgen Sie dafür, dass der Satellitenserver einen Paket-Mirror" - echo "> erreichen kann. Für weitere Informationen zu diesem Thema" - fi -else - echo "> " - echo "> Falls Sie das Einspielen von System-Updates automatisieren wollen," -fi - -cat < -> lesen Sie bitte den zugehörigen Artikel -> https://www.bwlehrpool.de/wiki/doku.php/satellite/system_updates -> (auch zu finden im Web-Interface: System-Status -> System updates) -> -> Damit ist die Einrichtung abgeschlossen. Die weitere Konfiguration des -> bwLehrpool-Systems erfolgt über die Webschnittstelle, die über die -> IP-Addresse oder den Hostnamen des Servers erreichbar ist. -> -> Der Server wird jetzt zum Abschluss der Installation neugestartet. -> Drücken Sie Enter, um sofort neuzustarten. -> -YONDERDOC - -sed -i "/opt.openslx.firstrun.sh/d" ~/.profile - -for _ in {1..15}; do - echo -n "." - read -r -t 1 -s && break -done -echo "." - -sudo reboot diff --git a/satellit_installer/static_files/system/usr/local/bin/finalize b/satellit_installer/static_files/system/usr/local/bin/finalize deleted file mode 100755 index 1be85e2..0000000 --- a/satellit_installer/static_files/system/usr/local/bin/finalize +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/dash - -# Funny dash has a funny 'kill' builtin, which we -# do not want to use. -KILL=$(which kill) - -EIGENEPID=$(ps -o ppid $$|fgrep -v PPID) - -# kill every bash in reach, but not the parent('s parent): -for i in $(ps axo pid,comm|grep bash|cut -d " " -f 2); do - [ $EIGENEPID != $i ] && $KILL -SIGKILL $i 2>/dev/null -done - -# Now, empty root's ~/.bash_history: ->~/.bash_history - -# Now we delete the script - necessary only once. -rm -f "$_" 2>/dev/null - -exit - diff --git a/satellit_installer/static_files/system/usr/local/bin/netsetup b/satellit_installer/static_files/system/usr/local/bin/netsetup deleted file mode 100755 index a824739..0000000 --- a/satellit_installer/static_files/system/usr/local/bin/netsetup +++ /dev/null @@ -1,205 +0,0 @@ -#!/bin/bash - -if [ "$UID" != 0 ]; then - exec sudo "$0" "$@" - exit 1 -fi - -DATUM=$(date +%Y%m%d_%H%M%S) -INTERFACES="/etc/network/interfaces" -ETHALIAS=$( ifconfig -a | grep -oEm1 '^e\w+' ) -RESOLV="/etc/resolv.conf" -HOSTNAMEFILE="/etc/hostname" -SKRIPT=$(readlink -f "$0") -ERR=0 - - -write_banner() { - echo - echo "Dieses Skript konfiguriert das Netzwerk-Interface." - echo - echo "Wenn Sie die Netzwerkkonfiguration ändern, sollten Sie anschließend" - echo "den Server rebooten." - echo -} - - -detect_config() { - if grep -q -E "^[[:space:]]*iface[[:space:]]+${ETHALIAS}[[:space:]]+inet[[:space:]]+dhcp" "$INTERFACES"; then - # dhcp detected, we presume - TYPE=dhcp-basierte - WUNSCH=statische - TOUCHE_TYPE=d - TOUCHE_DESIR=s - else - TYPE=statische - WUNSCH=dhcp-basierte - TOUCHE_TYPE=s - TOUCHE_DESIR=d - fi -} - -ask_config() { - echo - echo "Es ist aktuell eine $TYPE IP-Adresse konfiguriert." - echo - echo "Wollen Sie eine $WUNSCH IP konfigurieren (${TOUCHE_DESIR})," - echo "möchten Sie die $TYPE IP neu konfigurieren (${TOUCHE_TYPE})," - echo "oder möchten Sie gar nichts tun (leere Eingabe)?" - echo - echo -n "Ihre Wahl? [${TOUCHE_DESIR}/${TOUCHE_TYPE}/nichts]: " - read CONFIG_ME - [ "$CONFIG_ME" == "" ] && exit 0 -} - -decide_action() { - case "$CONFIG_ME" in - ${TOUCHE_DESIR}*) backup_configs - if [ "$WUNSCH" == "statische" ]; then - enter_values_static - write_config_static - else - write_config_dyn - fi - ;; - ${TOUCHE_TYPE}*) backup_configs - if [ "$TYPE" == "statische" ]; then - enter_values_static - write_config_static - else - write_config_dyn - fi - ;; - *) echo; echo - echo "Ihre eingegebene Option $CONFIG_ME wurde nicht erkannt - Neustart." - echo - sleep 1 - exec "$SKRIPT" - ;; - esac -} - -backup_configs() { - if [ -f "$INTERFACES" ]; then - cp -p "$INTERFACES" "$INTERFACES.${DATUM}" || \ - { echo "Konnte Datei $INTERFACES nicht nach $INTERFACES.$DATUM sichern - Abbruch."; \ - exit 1 ; } - cp -p "$RESOLV" "$RESOLV.${DATUM}" || \ - { echo "Konnte Datei $RESOLV nicht nach $RESOLV.$DATUM sichern - Abbruch."; \ - exit 1 ; } - fi -} - -restore_configs() { - cp -p "$INTERFACES.$DATUM" "$INTERFACES" - cp -p "$RESOLV.{DATUM}" "$RESOLV" -} - -write_config_static() { - cat > "$INTERFACES" <<-HIER - # This file was written by the satellite auto installer. - # If any problems arise, copy $INTERFACES.${DATUM}. - # The loopback network interface - auto lo - iface lo inet loopback - - # Primary network interface - auto $ETHALIAS - iface $ETHALIAS inet static - address $IPADRESS - gateway $GATEWAY - netmask $NETMASK - HIER - - echo "# This file was written by the satellite server install script." > "$RESOLV" - echo "# If any problems arise, copy $RESOLV.${DATUM}." >> "$RESOLV" - [ -n "$DOMAIN" ] && echo "domain $DOMAIN" >> "$RESOLV" - [ -n "$SEARCH" ] && echo "search $SEARCH" >> "$RESOLV" - [ -n "$PRIMARYDNS" ] && echo "nameserver $PRIMARYDNS" >> "$RESOLV" - [ -n "$SECONDARYDNS" ] && echo "nameserver $SECONDARYDNS" >> "$RESOLV" - - echo "$HOSTNAME" > "$HOSTNAMEFILE" - - [ -n "$DOMAIN" ] && DOMAIN=".${DOMAIN}" - sed "s/127.0.1.1.*/127.0.1.1\t${HOSTNAME}${DOMAIN}\t${HOSTNAME}/g" -i /etc/hosts --in-place=.alt - -} - -write_config_dyn() { - cat > "$INTERFACES" <<-HIER - # This file was written by the satellite auto installer. - # If any problems arise, copy $INTERFACES.${DATUM}. - # The loopback network interface - auto lo - iface lo inet loopback - - # Primary network interface - auto $ETHALIAS - iface $ETHALIAS inet dhcp - # Leaving /etc/resolv alone; pump/dhclient/whatever will take care of that. - HIER -} - -enter_values_static() { - OLDHOSTNAME=$(hostname) - unset ENTRY - while true; do - echo - echo -n "IP-Adresse: " - read IPADRESS - echo -n "Gateway: " - read GATEWAY - echo -n "Netzmaske - leere Eingabe für 255.255.255.0: " - read NETMASK - [ -z "$NETMASK" ] && NETMASK=255.255.255.0 - echo -n "Domain - leere Eingabe, wenn nicht erwünscht: " - read DOMAIN - echo -n "Search domain - leere Eingabe, wenn nicht erwünscht: " - read SEARCH - echo -n "Primärer Nameserver: " - read PRIMARYDNS - echo -n "Sekundärer Nameserver - Leere Eingabe, wenn nicht vorhanden: " - read SECONDARYDNS - echo -n "Hostname - leere Eingabe für bestehenden Hostname $OLDHOSTNAME: " - read HOSTNAME - [ "$HOSTNAME" == "" ] && HOSTNAME="$OLDHOSTNAME" - echo - echo "# IP-Adresse : $IPADRESS" - echo "# Gateway : $GATEWAY" - echo "# Netzmaske : $NETMASK" - echo "# Domain : $DOMAIN" - echo "# Search domain : $SEARCH" - echo "# Primärer Nameserver : $PRIMARYDNS" - echo "# Sekundärer Nameserver : $SECONDARYDNS" - echo "# Hostname : $HOSTNAME" - echo - while true; do - echo -n "Sind diese Eingaben korrekt? [J/n]: " - read ENTRY - echo - [[ -z "$ENTRY" || "$ENTRY" == j* || "$ENTRY" == J* ]] && return - if [[ "$ENTRY" == n* || "$ENTRY" == N* ]]; then - echo "Neustart der Eingabe..." - echo - break - fi - done - done -} - -last_words() { - echo - echo "Einträge geschrieben... beende Skript." - echo -} - -detect_config -write_banner -ask_config - -decide_action # do the stuff! - -last_words - -exit 0 - diff --git a/satellit_installer/static_files/system/usr/local/bin/slxlog b/satellit_installer/static_files/system/usr/local/bin/slxlog deleted file mode 100755 index 55110ae..0000000 --- a/satellit_installer/static_files/system/usr/local/bin/slxlog +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh - -[ "x$(whoami)" != "xwww-data" ] && exec sudo -n -u www-data "$0" "$@" - -php /srv/openslx/www/slx-admin/api.php "$@" - diff --git a/satellit_installer/static_files/system/usr/local/sbin/slx-wait-online b/satellit_installer/static_files/system/usr/local/sbin/slx-wait-online deleted file mode 100755 index f4b41dc..0000000 --- a/satellit_installer/static_files/system/usr/local/sbin/slx-wait-online +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/bash - -for i in 1 1 2 2 3 1; do - < <(ip route show default) read -r _ _ ip _ - if [ -n "$ip" ]; then - echo "Trying to ping $ip" - ping -W 2 -c 1 "$ip" &> /dev/null && exit 0 - else - echo "No default gateway yet..." - fi - sleep "$i" -done - -exit 1 - diff --git a/satellit_upgrader/updater.template.sh b/satellit_upgrader/updater.template.sh index 9ecbc88..3a0f3d2 100644 --- a/satellit_upgrader/updater.template.sh +++ b/satellit_upgrader/updater.template.sh @@ -171,7 +171,7 @@ install_files () { local SRC="$FILEDIR/$1" local files file ret [ -d "$SRC" ] || perror "NO SUCH DIRECTORY: $SRC" - readarray -t -d '' files < <( find "$SRC" -type f -print0 ) + readarray -t -d '' files < <( find "$SRC" \( -type f -o -type l \) -print0 ) ret=1 for file in "${files[@]}"; do diffcp "$1" "${file#$SRC}" && ret=0 @@ -378,8 +378,7 @@ failprint apt autoremove -y ## Enable unix socket passwordless local connection (commented out since default in Debian 9+ anyways) #mysql -e "UPDATE user SET plugin = 'unix_socket' WHERE Host = 'localhost' AND User = 'root'" -# Fix locale to C.UTF-8 for systemd -diffcp "system" "/etc/locale.conf" +install_files "system-updates" # ********************** Taskmanager *********************** # Do this first in case one of the later updates depends on the taskmanager @@ -853,7 +852,7 @@ if ! which tmate &> /dev/null && (( MAJOR >= 9 )); then fi if (( MAJOR >= 11 )); then # Fingerprints now need to be SHA256, maybe an old sat got dist-upgraded and still has MD5s in that file - diffcp "system" "/etc/tmux.conf" "Updating tmate config..." + diffcp "system-base" "/etc/tmux.conf" "Updating tmate config..." rm -f -- "/root/.tmate.conf" fi @@ -865,11 +864,7 @@ if ! [ -s /root/.ssh/id_rsa ]; then fi # Timesync -diffcp "system" "/usr/local/sbin/slx-wait-online" -diffcp "timesync" "/etc/systemd/system/redneck-timesync.service" -diffcp "timesync" "/usr/local/sbin/redneck-timesync.sh" -mkdir -p "/etc/systemd/system/network-online.target.wants" -ln -nfs "../redneck-timesync.service" "/etc/systemd/system/network-online.target.wants/redneck-timesync.service" +install_files "timesync" # Wait for webif callbacks and IPXE compile echo -n "Finishing." -- cgit v1.2.3-55-g7522