From f3ce2e1cbf6368a0e3bd176c59f0d0ab7cadd6c7 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Thu, 19 Oct 2023 13:22:27 +0200 Subject: [SSPS] Modernize; switch default user to openslx + sudo --- satellit_installer/includes/00-dirs.inc | 27 ++- satellit_installer/includes/00-variables.inc | 5 + satellit_installer/includes/10-functions_mysql.inc | 67 +++++++ satellit_installer/includes/10-handle_mysql.inc | 67 ------- satellit_installer/includes/10-handle_users.inc | 2 +- satellit_installer/includes/10-password_helper.inc | 22 --- satellit_installer/includes/10-script_dropper.inc | 27 ++- satellit_installer/includes/20-prerequisites.inc | 42 ++--- .../includes/50-add_mysql_dbs_users.inc | 4 +- .../includes/50-add_users_groups.inc | 5 + .../includes/70-write_versionstring.inc | 2 +- .../includes/90-patch_misc_files.inc | 40 ++-- satellit_installer/includes/90-patch_slxadmin.inc | 31 ---- satellit_installer/includes/90-setup_slxadmin.inc | 31 ++++ satellit_installer/satellit_installer | 22 +-- .../system/etc/sudoers.d/openslx-overrides | 1 + .../system/etc/systemd/system/firstboot.service | 7 +- .../static_files/system/etc/tmate.conf | 5 + .../static_files/system/etc/vim/vimrc.local | 7 + .../static_files/system/opt/openslx/bashrc.inc | 13 ++ .../static_files/system/opt/openslx/firstboot.sh | 120 ++++++++++++ .../static_files/system/opt/openslx/firstrun.sh | 52 ++++++ .../static_files/system/root/.tmate.conf | 5 - .../system/root/installer/firstrun_script.sh | 59 ------ .../system/root/installer/rclocal_script.sh | 109 ----------- .../static_files/system/usr/local/bin/netsetup | 205 +++++++++++++++++++++ .../static_files/system/usr/local/sbin/netsetup | 200 -------------------- .../taskmanager/opt/taskmanager/config/environment | 3 +- satellit_upgrader/updater.template.sh | 3 +- 29 files changed, 586 insertions(+), 597 deletions(-) create mode 100644 satellit_installer/includes/10-functions_mysql.inc delete mode 100644 satellit_installer/includes/10-handle_mysql.inc delete mode 100644 satellit_installer/includes/10-password_helper.inc delete mode 100644 satellit_installer/includes/90-patch_slxadmin.inc create mode 100644 satellit_installer/includes/90-setup_slxadmin.inc create mode 100644 satellit_installer/static_files/system/etc/sudoers.d/openslx-overrides create mode 100644 satellit_installer/static_files/system/etc/tmate.conf create mode 100644 satellit_installer/static_files/system/etc/vim/vimrc.local create mode 100644 satellit_installer/static_files/system/opt/openslx/bashrc.inc create mode 100755 satellit_installer/static_files/system/opt/openslx/firstboot.sh create mode 100755 satellit_installer/static_files/system/opt/openslx/firstrun.sh delete mode 100644 satellit_installer/static_files/system/root/.tmate.conf delete mode 100755 satellit_installer/static_files/system/root/installer/firstrun_script.sh delete mode 100755 satellit_installer/static_files/system/root/installer/rclocal_script.sh create mode 100755 satellit_installer/static_files/system/usr/local/bin/netsetup delete mode 100755 satellit_installer/static_files/system/usr/local/sbin/netsetup diff --git a/satellit_installer/includes/00-dirs.inc b/satellit_installer/includes/00-dirs.inc index cd6d383..3ad0f9a 100644 --- a/satellit_installer/includes/00-dirs.inc +++ b/satellit_installer/includes/00-dirs.inc @@ -1,15 +1,14 @@ -# Do not rename this file, it is copied later on by the script dropper -export CONFIGDIR="$BASEDIR/config" -export DMSDDIR="/opt/dmsd/" -export DNBD3DIR="/opt/openslx/dnbd3/" -export TASKMANDIR="/opt/taskmanager/" -export OPENSLXDIR="/opt/openslx/" -export OPENSLXSRVDIR="/srv/openslx/" -export LDADPDIR="/opt/ldadp/" -export TFTPDIR="$OPENSLXSRVDIR/tftp" -export WWWDIR="$OPENSLXSRVDIR/www" -export PATH_SLXADMIN="$WWWDIR/slx-admin" -export IPXEDIR="$OPENSLXDIR/ipxe" -export SLXADMINCACHE="/var/cache/slx-admin" -readonly CONFIGDIR DMSDDIR DNBD3DIR TASKMANDIR OPENSLXDIR OPENSLXSRVDIR LDADPDIR SYNCDAEMONDIR TFTPDIR WWWDIR PATH_SLXADMIN +CONFIG_FILE="/opt/openslx/config.install" +DMSDDIR="/opt/dmsd/" +DNBD3DIR="/opt/openslx/dnbd3/" +TASKMANDIR="/opt/taskmanager/" +OPENSLXDIR="/opt/openslx/" +OPENSLXSRVDIR="/srv/openslx/" +LDADPDIR="/opt/ldadp/" +TFTPDIR="$OPENSLXSRVDIR/tftp" +WWWDIR="$OPENSLXSRVDIR/www" +SLXADMINDIR="$WWWDIR/slx-admin" +IPXEDIR="$OPENSLXDIR/ipxe" +SLXADMINCACHE="/var/cache/slx-admin" +readonly CONFIG_FILE DMSDDIR DNBD3DIR TASKMANDIR OPENSLXDIR OPENSLXSRVDIR LDADPDIR SYNCDAEMONDIR TFTPDIR WWWDIR SLXADMINDIR diff --git a/satellit_installer/includes/00-variables.inc b/satellit_installer/includes/00-variables.inc index a826ad7..e22ed94 100644 --- a/satellit_installer/includes/00-variables.inc +++ b/satellit_installer/includes/00-variables.inc @@ -9,6 +9,11 @@ export DEBIAN_FRONTEND="noninteractive" # Part of keeping apt quiet export LANG="en_US.UTF-8" +# Default password for the openslx system user, user is forced to change this on first boot +DEFAULT_OPENSLX_PASSWORD="aendermichsofort" +# This will only be used to install the slx-admin db scheme and changed on first boot +TEMP_DB_PASS="geheim" + ### Needed Packages: # Set list of needed packages (scripting needs) - remember, Debian-specific so far. PACKAGELIST_SCRIPT=" diff --git a/satellit_installer/includes/10-functions_mysql.inc b/satellit_installer/includes/10-functions_mysql.inc new file mode 100644 index 0000000..5b99719 --- /dev/null +++ b/satellit_installer/includes/10-functions_mysql.inc @@ -0,0 +1,67 @@ +mysql_add_db() { + echo "# Creating mysql database $1..." + echo "create database $1;" | mysql -u root + ERR=$? + if [ "$ERR" -ne 0 ]; then + perror "Could not create mysql database $1!" + fi +} + +mysql_delete_db() { + # $1 database; $2 password + echo "# Deleting mysql database $1..." + echo "drop database if exists $1;" | mysql -u root + ERR=$? + if [ "$ERR" -ne 0 ]; then + perror "Could not delete mysql user $1!" + fi + +} + +mysql_add_user() { + # $1=user, $2=database, $3=privileges, $4=password + echo "# Adding user $1 for database $2, privileges $3..." + mysql -u root <<-CMDS + CREATE USER '$1'@'localhost' IDENTIFIED BY '$4'; + GRANT $3 ON $2.* TO '$1'@'localhost'; + CMDS + + ERR=$? + if [ "$ERR" -ne 0 ]; then + perror "Could not add mysql user!" + fi +} + +mysql_add_privs() { + # $1=user, $2=database, $3=privileges + echo "# Adding privileges $3 for user $1 on database $2..." + mysql -u root <<-CMDS + GRANT $3 ON $2 TO '$1'@'localhost'; + CMDS + + ERR=$? + if [ "$ERR" -ne 0 ]; then + perror "Could not add privileges!" + fi +} + +mysql_delete_user() { + # $1: mysql user, $2 password + echo "# Deleting mysql user $1..." + echo "drop user $1@localhost;" | mysql -u root -p${2} + ERR=$? + if [ "$ERR" -ne 0 ]; then + perror "Could not delete mysql user $1!" + fi +} + +mysql_import_dump() { + # $1: dump file, $2: database + echo "# Importing sql dump file $1..." + mysql -u root -h localhost "$2" < "$1" + ERR=$? + if [ "$ERR" -ne 0 ]; then + perror "Could not import sql dump file $1!" + fi +} + diff --git a/satellit_installer/includes/10-handle_mysql.inc b/satellit_installer/includes/10-handle_mysql.inc deleted file mode 100644 index 5b99719..0000000 --- a/satellit_installer/includes/10-handle_mysql.inc +++ /dev/null @@ -1,67 +0,0 @@ -mysql_add_db() { - echo "# Creating mysql database $1..." - echo "create database $1;" | mysql -u root - ERR=$? - if [ "$ERR" -ne 0 ]; then - perror "Could not create mysql database $1!" - fi -} - -mysql_delete_db() { - # $1 database; $2 password - echo "# Deleting mysql database $1..." - echo "drop database if exists $1;" | mysql -u root - ERR=$? - if [ "$ERR" -ne 0 ]; then - perror "Could not delete mysql user $1!" - fi - -} - -mysql_add_user() { - # $1=user, $2=database, $3=privileges, $4=password - echo "# Adding user $1 for database $2, privileges $3..." - mysql -u root <<-CMDS - CREATE USER '$1'@'localhost' IDENTIFIED BY '$4'; - GRANT $3 ON $2.* TO '$1'@'localhost'; - CMDS - - ERR=$? - if [ "$ERR" -ne 0 ]; then - perror "Could not add mysql user!" - fi -} - -mysql_add_privs() { - # $1=user, $2=database, $3=privileges - echo "# Adding privileges $3 for user $1 on database $2..." - mysql -u root <<-CMDS - GRANT $3 ON $2 TO '$1'@'localhost'; - CMDS - - ERR=$? - if [ "$ERR" -ne 0 ]; then - perror "Could not add privileges!" - fi -} - -mysql_delete_user() { - # $1: mysql user, $2 password - echo "# Deleting mysql user $1..." - echo "drop user $1@localhost;" | mysql -u root -p${2} - ERR=$? - if [ "$ERR" -ne 0 ]; then - perror "Could not delete mysql user $1!" - fi -} - -mysql_import_dump() { - # $1: dump file, $2: database - echo "# Importing sql dump file $1..." - mysql -u root -h localhost "$2" < "$1" - ERR=$? - if [ "$ERR" -ne 0 ]; then - perror "Could not import sql dump file $1!" - fi -} - diff --git a/satellit_installer/includes/10-handle_users.inc b/satellit_installer/includes/10-handle_users.inc index 9063a40..48dd148 100644 --- a/satellit_installer/includes/10-handle_users.inc +++ b/satellit_installer/includes/10-handle_users.inc @@ -30,7 +30,7 @@ kill_user() { userdel -r -f $( < /etc/passwd awk -F: '$3 == 1000 {print $1}' ) || perror "# could not kill userid ${1}!" } -check_users() { +kill_existing_users() { echo "#" echo "# Checking for users to kill with id>=1000: " for userid in $( < /etc/passwd cut -f 3 -d ":" | sort -n ); do diff --git a/satellit_installer/includes/10-password_helper.inc b/satellit_installer/includes/10-password_helper.inc deleted file mode 100644 index 0f52185..0000000 --- a/satellit_installer/includes/10-password_helper.inc +++ /dev/null @@ -1,22 +0,0 @@ -generate_password() { - local password="$(< /dev/urandom tr -dc A-Za-z0-9_ | head -c${1:-16};)" - echo "$password" -} - -# This routine has to be used only in conjunction with the prepare_firstrun-script, which -# will enforce the setting of good passwords on first root login after server start. -set_passwords() { - echo -n "# Setting passwords..." - OPENSLX_PASS="$(generate_password)" - MYSQL_OPENSLX_PASS="$(generate_password)" - MYSQL_SAT_PASS="$(generate_password)" - - # Keep in mind the passwords stored here will be valid only temporary, - # as they will be changed by the dropper script. - # If you need the permanently valid password, you will need to - # decrypt static_files/new_passwords.encrypted. - echo "OPENSLX_PASS=$OPENSLX_PASS" > "$CONFIGDIR"/config - echo "MYSQL_OPENSLX_PASS=$MYSQL_OPENSLX_PASS" >> "$CONFIGDIR"/config - echo "MYSQL_SAT_PASS=$MYSQL_SAT_PASS" >> "$CONFIGDIR"/config - echo "ok." -} diff --git a/satellit_installer/includes/10-script_dropper.inc b/satellit_installer/includes/10-script_dropper.inc index 62d1b58..a991f28 100644 --- a/satellit_installer/includes/10-script_dropper.inc +++ b/satellit_installer/includes/10-script_dropper.inc @@ -1,24 +1,21 @@ -patch_profile() { - local script="/root/installer/firstrun_script.sh" +fb_enable_firstrun() { + local script="/opt/openslx/firstrun.sh" [ -x "$script" ] || perror "Firstrun script not found ($script)" - if grep -qF "$script" /root/.profile; then - echo "# first_run script already in root's .profile, doing nothing." - else - echo "# Patching root's .profile" - echo "$script" >> /root/.profile + if ! grep -qF "$script" "/home/openslx/.profile"; then + echo "# Patching openslx's .profile" + echo "[ -t 0 ] && $script" >> "/home/openslx/.profile" + chown openslx:openslx "/home/openslx/.profile" fi } -drop_script() { - mkdir -p "/root/installer" - # So we know all the paths and the mysql password - cat "${BASEDIR}/includes/00-dirs.inc" "${CONFIGDIR}/config" > "/root/installer/config" - chmod 0600 /root/installer/config +fb_write_config() { + # So we know all the paths + declare -p DMSDDIR TASKMANDIR SLXADMINDIR VERSION >> "$CONFIG_FILE" } -drop_firstrun_script () { - patch_profile - drop_script +enable_firstrun_script () { + fb_enable_firstrun + fb_write_config systemctl daemon-reload systemctl enable firstboot.service || perror "Could not enable firstboot service" } diff --git a/satellit_installer/includes/20-prerequisites.inc b/satellit_installer/includes/20-prerequisites.inc index e0dc9e0..90189d8 100644 --- a/satellit_installer/includes/20-prerequisites.inc +++ b/satellit_installer/includes/20-prerequisites.inc @@ -1,29 +1,25 @@ prerequisites() { - mkdir -p -m 700 "$BASEDIR"/config # No point in testing. - mkdir -p -m 700 "$BASEDIR"/temp + mkdir -p -m 700 "$BASEDIR/temp" + mkdir -p "/opt/openslx" - # Old debugging config file there? - [ -f "$CONFIGDIR/config" ] && cp -p "$CONFIGDIR/config" "$CONFIGDIR/config.prerun" 2>/dev/null + # Enable en_US locale + # Already there? Do nothing + grep -q '^\s*en_US.UTF-8' /etc/locale.gen && return 0 + # Try to enable + sed 's/^#\s*en_US.UTF-8/en_US.UTF-8/g' /etc/locale.gen - # Let's look whether an english locale is alread active (we choose en_US.UTF-8) - if [[ $(grep "en_US.UTF-8" /etc/locale.gen|cut -f 1 -d " ") == "#" ]]; then - echo -n "# Generating an english UTF-8 based locale (this may take some time)..." - # Backing up never hurts: - cp -p /etc/locale.gen /etc/locale.gen.orig - # Now patch the localization file: - sed -i 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/g' /etc/locale.gen - dpkg-reconfigure locales 2>/dev/null 1>&2 - if [ "$ERR" -ne 0 ]; then - echo - echo "# WARNING: Could not reconfigure locales. This is annoying, as" - echo "# it will yield some mixed languages, perhaps." - echo "# Please make sure thy system has an UTF-8 based" - echo "# character set." - else - echo " ok." - fi + if ! grep -q '^\s*en_US.UTF-8' /etc/locale.gen; then + # Still not there, add + echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen + fi - else - echo "# English locale detected; all is well." + # Regenerate + dpkg-reconfigure locales + if [ "$?" -ne 0 ]; then + echo "#" + echo "# WARNING: Could not reconfigure locales. This is annoying, as" + echo "# it will yield some mixed languages, perhaps." + echo "# Please make sure thy system has an UTF-8 based" + echo "# character set." fi } diff --git a/satellit_installer/includes/50-add_mysql_dbs_users.inc b/satellit_installer/includes/50-add_mysql_dbs_users.inc index 755e1b3..fccba99 100644 --- a/satellit_installer/includes/50-add_mysql_dbs_users.inc +++ b/satellit_installer/includes/50-add_mysql_dbs_users.inc @@ -4,8 +4,8 @@ add_mysql_dbs_users() { mysql_add_db sat # $1=user, $2=database, $3=privileges, $4=password - mysql_add_user sat sat "DELETE, INSERT, SELECT, UPDATE, ALTER, CREATE, DROP" "$MYSQL_SAT_PASS" - mysql_add_user openslx openslx ALL "$MYSQL_OPENSLX_PASS" + mysql_add_user sat sat "DELETE, INSERT, SELECT, UPDATE, ALTER, CREATE, DROP" "$RANDOM" + mysql_add_user openslx openslx "ALL" "$TEMP_DB_PASS" # $1=user, $2=database, $3=privileges mysql_add_privs "openslx" "sat.*" "ALL" mysql_add_privs "sat" "openslx.location" "SELECT, CREATE" diff --git a/satellit_installer/includes/50-add_users_groups.inc b/satellit_installer/includes/50-add_users_groups.inc index 840362a..e6f92f1 100644 --- a/satellit_installer/includes/50-add_users_groups.inc +++ b/satellit_installer/includes/50-add_users_groups.inc @@ -15,4 +15,9 @@ add_users_groups() { add_user_nohome dnbd3 10002 10002 adduser www-data adm # So the webif can read /var/log stuff adduser dnbd3 images # Put dnbd3 user into images group so it can write the NFS share + adduser openslx sudo # openslx is the main user, as we disallow ssh login as root + + echo "# disable root login, set default password for openslx" + usermod -p "*" root + echo "openslx:$DEFAULT_OPENSLX_PASSWORD" | chpasswd } diff --git a/satellit_installer/includes/70-write_versionstring.inc b/satellit_installer/includes/70-write_versionstring.inc index 397df2f..eb359c4 100644 --- a/satellit_installer/includes/70-write_versionstring.inc +++ b/satellit_installer/includes/70-write_versionstring.inc @@ -3,5 +3,5 @@ write_versionstring() { # is just the date of script run time VERS=$(date +%Y%j%H) - echo "$VERS" > "${PATH_SLXADMIN}/version" + echo "$VERS" > "${SLXADMINDIR}/version" } diff --git a/satellit_installer/includes/90-patch_misc_files.inc b/satellit_installer/includes/90-patch_misc_files.inc index 45c220f..90b00da 100644 --- a/satellit_installer/includes/90-patch_misc_files.inc +++ b/satellit_installer/includes/90-patch_misc_files.inc @@ -3,29 +3,17 @@ patch_bashrc() { echo "# As one of the last things here we will set a new prompt to distinguish" echo "# the bwLehrpool satellite server from other servers. To accomplish this" echo "# we will set a very classy prompt. This will take effect at next root login." - local ifname=$( ifconfig | grep -oEm1 '^e\w+' ) - echo "# Setting prompt..." - if grep -q '^IP=' /root/.bashrc; then - echo "...already done." - else - sed "s/%ifname%/$ifname/g" >> /root/.bashrc <<-"ENDO" - IP=$( ip -4 a show "%ifname%" 2>/dev/null | grep '^\s*inet\s' | awk -F ' ' '{print $2}' ) - [ -z "$IP" ] && IP=$(ip -4 a | grep '^\s*inet\s'| grep -v '127.0.0' | head -n 1 | awk -F ' ' '{print $2}') - IP=${IP%/*} - [ -z "$IP" ] && IP="noip???" - PS1="\[\033[01;31m\]\u\[\033[00m\]@\[\033[01;32m\]\h \[\033[00m\]($IP) - \[\033[01;34m\]\w\[\033[00m\] # " - ENDO - fi - # aliases, dircolors - sed -i -r 's/# *(alias|export LS|eval ")/\1/' /root/.bashrc -} - -patch_vim() { - sed -i -r 's/" *(syntax|set showmatch|set smartcase|set incsearch)/\1/' /etc/vim/vimrc - echo "set autoindent" >> /etc/vim/vimrc - echo "set smartindent" >> /etc/vim/vimrc + for f in /root/ /home/*/; do + [ -d "$f" ] || continue # Not dir + f="$f/.bashrc" + [ -f "$f" ] || cp /etc/skel/.bashrc "$f" # Make sure default exists + grep -qF '/opt/openslx/bashrc.inc' "$f" && continue # Already patched + # This include will set our two-line prompt including the IP address + echo ". /opt/openslx/bashrc.inc" >> "$f" + # enable aliases, dircolors + sed -i -r 's/^(\s*)#\s*(alias|export LS|export GCC|eval )/\1\2/' "$f" + done } patch_ldapsearch() { @@ -37,11 +25,5 @@ patch_ldapsearch() { patch_java() { # Fix svg renderer: # java.awt.AWTError: Assistive Technology not found: org.GNOME.Accessibility.AtkWrapper - sed -i -e '/^assistive_technologies=/s/^/#/' /etc/java-*-openjdk/accessibility.properties &> /dev/null -} - -set_version_string() { - echo -n "# Setting version string..." - echo 'VERSION="'$VERSION'"' >> "$CONFIGDIR"/config - echo "ok." + sed -i -e '/^assistive_technologies=/s/^/#/' /etc/java-*/accessibility.properties &> /dev/null } diff --git a/satellit_installer/includes/90-patch_slxadmin.inc b/satellit_installer/includes/90-patch_slxadmin.inc deleted file mode 100644 index 69afbcb..0000000 --- a/satellit_installer/includes/90-patch_slxadmin.inc +++ /dev/null @@ -1,31 +0,0 @@ -# Prepare files and symlinks in slx-admin www dir -patch_slxadmin_dir () { - # Create modules directory and link modules from modules-available according to slxadmin module list (SLXADMIN_MODULES): - mkdir -p "$WWWDIR/slx-admin/modules" - cd "$WWWDIR/slx-admin/modules" || perror "Cannot cd to slxadmin/modules" - for MOD in ${SLXADMIN_MODULES}; do - NAME="${MOD%%-*}" - ln -s "../modules-available/$MOD" "$NAME" || perror "Could not activate module '$MOD' (alias '$NAME')" - done - cd - 1>/dev/null -} - -# This needs to be called after mysql users have been created -install_slxadmin_db () { - # Prepare temporary config - install_files "slxadmin" - sed -i "s/%MYSQL_OPENSLX_PASS%/${MYSQL_OPENSLX_PASS}/" "$WWWDIR/slx-admin/config.php" || perror "Could not write temporary DB password to config.php" - # Install slx-admin DB - cd "$WWWDIR/slx-admin" || perror "Cannot cd to $WWWDIR" - echo "# Installing slx-admin database" - sudo -n -u www-data ./install-all || perror "Could not install slx-admin database" - cd - 1>/dev/null - # Fill database with data we need (run as root) - /opt/openslx/restore.d/slxadmin-init/init.sh || perror "Filling tables with required data failed" - # Reset with original template for firstboot script - install_files "slxadmin" - chmod 640 "$WWWDIR/slx-admin/config.php" - chown root:www-data "$WWWDIR/slx-admin/config.php" - # appending a variable with satellite server build date/time to slx-admin config: - echo "define('CONFIG_FOOTER', 'Build time: $(date "+%Y-%m-%d %H:%m:%S"), $VERSION');" >> "$WWWDIR/slx-admin/config.php" -} diff --git a/satellit_installer/includes/90-setup_slxadmin.inc b/satellit_installer/includes/90-setup_slxadmin.inc new file mode 100644 index 0000000..0220bdc --- /dev/null +++ b/satellit_installer/includes/90-setup_slxadmin.inc @@ -0,0 +1,31 @@ +# Prepare files and symlinks in slx-admin www dir +enable_slxadmin_modules () { + # Create modules directory and link modules from modules-available according to slxadmin module list (SLXADMIN_MODULES): + mkdir -p "$WWWDIR/slx-admin/modules" + cd "$WWWDIR/slx-admin/modules" || perror "Cannot cd to slxadmin/modules" + for MOD in ${SLXADMIN_MODULES}; do + NAME="${MOD%%-*}" + ln -s "../modules-available/$MOD" "$NAME" || perror "Could not activate module '$MOD' (alias '$NAME')" + done + cd - 1>/dev/null +} + +# This needs to be called after mysql users have been created +install_slxadmin_db () { + # Prepare temporary config + install_files "slxadmin" + sed -i "s/%MYSQL_OPENSLX_PASS%/${TEMP_DB_PASS}/" "$WWWDIR/slx-admin/config.php" || perror "Could not write temporary DB password to config.php" + # Install slx-admin DB + cd "$WWWDIR/slx-admin" || perror "Cannot cd to $WWWDIR" + echo "# Installing slx-admin database" + sudo -n -u www-data ./install-all || perror "Could not install slx-admin database" + cd - 1>/dev/null + # Fill database with data we need (run as root) + /opt/openslx/restore.d/slxadmin-init/init.sh || perror "Filling tables with required data failed" + # Reset with original template for firstboot script + install_files "slxadmin" + chmod 640 "$WWWDIR/slx-admin/config.php" + chown root:www-data "$WWWDIR/slx-admin/config.php" + # appending a variable with satellite server build date/time to slx-admin config: + echo "define('CONFIG_FOOTER', 'Build time: $(date "+%Y-%m-%d %H:%m:%S"), $VERSION');" >> "$WWWDIR/slx-admin/config.php" +} diff --git a/satellit_installer/satellit_installer b/satellit_installer/satellit_installer index 8d3fde9..2a29cf4 100755 --- a/satellit_installer/satellit_installer +++ b/satellit_installer/satellit_installer @@ -88,10 +88,6 @@ uninstall_packages mpt-status prerequisites # config directory, locales -# query_passwords -set_passwords # only to be used within certain circumstances - - # see includes/query_user. - set_version_string # Writing version string for rc.local-script install_packages NOREC "$PACKAGELIST_SERVER" # Packages needed for server installable without @@ -99,8 +95,8 @@ install_packages NOREC "$PACKAGELIST_SERVER" # Packages needed for server insta install_packages RECOM "$PACKAGELIST_WITH_RECOMMENDS" # Packages where installation of recommended # packages is necessary, so opt. RECOM is set. -check_users # Meet interesting users with uid>=1000 and kill them. - # user 65534/sync will be ignored. +kill_existing_users # delete all users uid >= 1000 + add_users_groups # Adding necessary users and groups install_ipxe "$IPXEDIR" @@ -136,15 +132,10 @@ config_nfs install_system_scripts -# color prompt, aliases -patch_bashrc -# vim config -patch_vim - install_timesync # cheap HTTP based timesync on boot -# Remove translation from menu etc., enable required modules -patch_slxadmin_dir +# enable required modules +enable_slxadmin_modules # Check dir and file permissions: set_directory_permissions || perror "Setting up general directory permissions failed" @@ -155,6 +146,9 @@ set_links # Create tables, fill with predefined stuff install_slxadmin_db +# color prompt, aliases +patch_bashrc + tar -z -c -T /dev/null -f /opt/openslx/empty.tgz # Mark vmstore as not mounted @@ -169,7 +163,7 @@ end_message # This part drops a script and anchors it's execution within root's .profile # Do this at the end so it's not there if something failed -drop_firstrun_script +enable_firstrun_script finalize # Cleaning script; finalize script will delete itself. diff --git a/satellit_installer/static_files/system/etc/sudoers.d/openslx-overrides b/satellit_installer/static_files/system/etc/sudoers.d/openslx-overrides new file mode 100644 index 0000000..6123bfd --- /dev/null +++ b/satellit_installer/static_files/system/etc/sudoers.d/openslx-overrides @@ -0,0 +1 @@ +openslx ALL=(root) NOPASSWD: /usr/local/bin/netsetup diff --git a/satellit_installer/static_files/system/etc/systemd/system/firstboot.service b/satellit_installer/static_files/system/etc/systemd/system/firstboot.service index a21ad61..f19b51a 100644 --- a/satellit_installer/static_files/system/etc/systemd/system/firstboot.service +++ b/satellit_installer/static_files/system/etc/systemd/system/firstboot.service @@ -1,11 +1,12 @@ [Unit] Description=Initialization of bwLehrpool on first boot -ConditionFileIsExecutable=/root/installer/rclocal_script.sh -After=network.target mysql.service +ConditionFileIsExecutable=/opt/openslx/firstboot.sh +After=network.target mysql.service mariadb.service +Before=ssh.service lighttpd.service dmsd.service taskmanager.service [Service] Type=oneshot -ExecStart=/root/installer/rclocal_script.sh +ExecStart=/opt/openslx/firstboot.sh RemainAfterExit=yes RefuseManualStart=yes diff --git a/satellit_installer/static_files/system/etc/tmate.conf b/satellit_installer/static_files/system/etc/tmate.conf new file mode 100644 index 0000000..537f52c --- /dev/null +++ b/satellit_installer/static_files/system/etc/tmate.conf @@ -0,0 +1,5 @@ +set -g tmate-server-host "tmate.ruf.uni-freiburg.de" +set -g tmate-server-port 2222 +set -g tmate-server-rsa-fingerprint SHA256:pyT0YTJ+2c6AHD4QtUC1GEA9SFFYba74x2T1VZJ6zpc +set -g tmate-server-ed25519-fingerprint SHA256:ZuTqO8YZrdgzjskHhfNd65es4HEx5rKBRZj/e/iBLrg +set -g tmate-identity "" diff --git a/satellit_installer/static_files/system/etc/vim/vimrc.local b/satellit_installer/static_files/system/etc/vim/vimrc.local new file mode 100644 index 0000000..8e09d96 --- /dev/null +++ b/satellit_installer/static_files/system/etc/vim/vimrc.local @@ -0,0 +1,7 @@ +syntax on +set showmatch +set smartcase +set incsearch +set mouse= +set autoindent +set smartindent diff --git a/satellit_installer/static_files/system/opt/openslx/bashrc.inc b/satellit_installer/static_files/system/opt/openslx/bashrc.inc new file mode 100644 index 0000000..98711d4 --- /dev/null +++ b/satellit_installer/static_files/system/opt/openslx/bashrc.inc @@ -0,0 +1,13 @@ +ifname="$( ifconfig | grep -oEm1 '^e\w+' )" +slxip="$( ip -4 a show "$ifname" 2>/dev/null | grep -m1 '^\s*inet ' | awk '{print $2}' )" +[ -z "$slxip" ] && slxip="$( ip -4 a | grep '^\s*inet '| grep -vFm1 ' 127.' | awk '{print $2}' )" +slxip=${slxip%/*} +[ -z "$slxip" ] && read -r _ _ slxip _ <<<"$SSH_CONNECTION" +[ -z "$slxip" ] && slxip="noip???" +slxcol=32 +(( UID == 0 )) && slxcol=31 +PS1="\[\033[01;${slxcol}m\]\u\[\033[00m\]@\[\033[01;32m\]\h \[\033[00m\]($slxip) +\[\033[01;34m\]\w\[\033[00m\] # " +unset ifname slxip slxcol +# We always want to run this as root; sudo is a noop in case we already are. +alias tmate='sudo tmate' diff --git a/satellit_installer/static_files/system/opt/openslx/firstboot.sh b/satellit_installer/static_files/system/opt/openslx/firstboot.sh new file mode 100755 index 0000000..7ef2bfc --- /dev/null +++ b/satellit_installer/static_files/system/opt/openslx/firstboot.sh @@ -0,0 +1,120 @@ +#!/bin/bash + +MY_PID=$$ +perror() { + echo "[ERROR] $*" + [ "$MY_PID" != "$$" ] && kill "$MY_PID" + + if ! grep -q "firstboot.sh has thrown an error" /etc/motd; then + cat <<-EOF >> /etc/motd + + WARNING! + + firstboot.sh has thrown an error! + Please read /opt/openslx/firstrun.log and take appropriate measures! + This server may not work correctly! + + EOF + fi + exit 5 +} + +# Logfile +exec &> /opt/openslx/firstrun.log + +echo "+++ $(basename "$0") gestartet: $(date "+%Y-%m-%d %H:%m:%S")" + +conf="/opt/openslx/config.install" +[ -s "$conf" ] || perror "Config file $conf missing" +bash -n "$conf" || perror "Config file $conf has errors" +. "$conf" + +generate_password() { + tr -dc _A-Za-z0-9 < /dev/urandom | head -c 16 +} + +patchfiles() { + # ... + # Warning: does not escape! + FIND=$1 + REPLACE=$2 + shift 2 + while [ $# -gt 0 ]; do + sed -i "s/${FIND}/${REPLACE}/g" "$1" + shift + done +} + +echo "+++ Lösche alte ssh-Schlüssel ..." +rm -f -- /etc/ssh/ssh_host_*key* 2>/dev/null + +echo "+++ Generating new sshd keys..." +ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N "" -t rsa -q +ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N "" -t dsa -q +ssh-keygen -f /etc/ssh/ssh_host_ecdsa_key -N "" -t ecdsa -q +ssh-keygen -f /etc/ssh/ssh_host_ed25519_key -N "" -t ed25519 -q + +export LANG=de_DE.UTF-8 + +echo "+++ Generiere intern genutzte Passwörter (z.B. MySQL-Zugänge) neu ..." +umask 0077 + +MYSQL_SAT_NEW=$(generate_password) +echo "SET PASSWORD FOR 'sat'@'localhost' = PASSWORD('$MYSQL_SAT_NEW');" | mysql -u root || perror "Neusetzen des sat-MySQL-Passworts fehlgeschlagen." + +MYSQL_OPENSLX_NEW=$(generate_password) +echo "SET PASSWORD FOR 'openslx'@'localhost' = PASSWORD('$MYSQL_OPENSLX_NEW');" | mysql -u root || perror "Neusetzen des openslx-MySQL-Passworts fehlgeschlagen." + +echo "+++ Konfigurationsdateien werden aktualisiert..." + +# sat mysql pass +# Patch dmsd +patchfiles "%MYSQL_SAT_PASS%" "$MYSQL_SAT_NEW" "$DMSDDIR/config.properties" + +# openslx mysql pass +# Patching openslx-mysql-userpass into slx-admin config: +patchfiles "%MYSQL_OPENSLX_PASS%" "$MYSQL_OPENSLX_NEW" "$WWWDIR/slx-admin/config.php" + +# taskmanager password +TASKMANAGER_PASS=$(generate_password) +patchfiles "%TM_OPENSLX_PASS%" "$TASKMANAGER_PASS" "$WWWDIR/slx-admin/config.php" "$TASKMANDIR/config/config" + +echo "+++ Dienste werden aktiviert..." + +# Enable bwLehrpool related services +for i in dmsd.service taskmanager.service; do + systemctl enable "$i" || perror "Konnte systemd-Service $i nicht aktivieren!" + systemctl --no-block start "$i" +done + +# root ssh key +echo "" +echo "Erzeuge SSH Schlüsselpaar für root" +echo "" + +KEY=~/.ssh/id_rsa +rm -f -- "$KEY" "${KEY}.pub" +ssh-keygen -q -N "" -f "$KEY" \ + || echo "Achtung: Erzeugung Schlüsselpaar $KEY fehlgeschlagen." + +# Write MOTD +cat > /etc/motd < *** bwLehrpool Satelliten-Server, Version $VERSION *** +> Eingerichtet am $(date) +> +> Wenn Sie sich als 'openslx' eingeloggt haben, haben Sie nun folgende Optionen: +> netsetup - Konfiguriert das Netzwerk-Interface neu (DHCP oder statisch) +> sudo reboot - System neustarten +> sudo poweroff - System herunterfahren +> +> Andere Modifikationen am System sind in der Regel nicht notwendig. +> +THEREDOC + +echo "+++ Daten des Firstrun-Scripts werden aufgeräumt..." +unlink "/opt/openslx/firstboot.sh" +unlink "$conf" +unlink "/etc/systemd/system/firstboot.service" +unlink "/etc/systemd/system/multi-user.target.wants/firstboot.service" + +exit 0 diff --git a/satellit_installer/static_files/system/opt/openslx/firstrun.sh b/satellit_installer/static_files/system/opt/openslx/firstrun.sh new file mode 100755 index 0000000..fc22959 --- /dev/null +++ b/satellit_installer/static_files/system/opt/openslx/firstrun.sh @@ -0,0 +1,52 @@ +#!/bin/bash + +cat <<-HEREDOC +> +> Willkommen zur Grundkonfiguration des bwLehrpool-Satellitenservers. +> +> Diese einmalige Konfiguration dient dazu, das Passwort des System-Users +> "openslx" zu ändern (für Terminal, SSH), sowie ggf. die +> Netzwerkkonfiguration des Servers anzupassen. +> +HEREDOC + +while ! passwd; do + echo "> Das hat nicht geklappt. Bitte noch einmal versuchen:" +done + +cat <<-SUPPE +> +> Erzeuge SSH Schlüsselpaar +> +SUPPE + +KEY=~/.ssh/id_rsa + +rm -f -- "$KEY" "${KEY}.pub" +ssh-keygen -q -N "" -f "$KEY" \ + || echo "> Achtung: Erzeugung Schlüsselpaar $KEY fehlgeschlagen." + +cat <<-HERRR +> +> Abschließend können Sie festlegen, ob der Server seine IP-Konfiguration +> per DHCP erhält, oder eine statische Konfiguration verwendet wird. +> +HERRR + +netsetup + +cat < +> Damit ist die Einrichtung abgeschlossen. Die weitere Konfiguration des +> bwLehrpool-Systems erfolgt über die Webschnittstelle, die über die +> IP-Addresse oder den Hostnamen des Servers erreichbar ist. +> +> Bitte geben Sie zum Abschluss noch einmal das oben neu festgelegte +> Passwort ein. Der Server wird sich daraufhin neustarten und ist +> dann betriebsbereit. +> +YONDERDOC + +unlink /opt/openslx/firstrun.sh + +sudo reboot diff --git a/satellit_installer/static_files/system/root/.tmate.conf b/satellit_installer/static_files/system/root/.tmate.conf deleted file mode 100644 index 537f52c..0000000 --- a/satellit_installer/static_files/system/root/.tmate.conf +++ /dev/null @@ -1,5 +0,0 @@ -set -g tmate-server-host "tmate.ruf.uni-freiburg.de" -set -g tmate-server-port 2222 -set -g tmate-server-rsa-fingerprint SHA256:pyT0YTJ+2c6AHD4QtUC1GEA9SFFYba74x2T1VZJ6zpc -set -g tmate-server-ed25519-fingerprint SHA256:ZuTqO8YZrdgzjskHhfNd65es4HEx5rKBRZj/e/iBLrg -set -g tmate-identity "" diff --git a/satellit_installer/static_files/system/root/installer/firstrun_script.sh b/satellit_installer/static_files/system/root/installer/firstrun_script.sh deleted file mode 100755 index 343be4d..0000000 --- a/satellit_installer/static_files/system/root/installer/firstrun_script.sh +++ /dev/null @@ -1,59 +0,0 @@ -#!/bin/bash - -cat <<-HEREDOC -Willkommen zur Grundkonfiguration des bwLehrpool-Satellitenservers. - -Diese einmalige Konfiguration dient dazu, das root-Passwort des Servers -zu ändern, sowie ggf. die Netzwerkkonfiguration des Servers anzupassen. - -Aus Sicherheitsgründen ist es dringend zu empfehlen, das root-Passwort -im Produktivbetrieb zu ändern! - -HEREDOC - -ERR=1 -while [ "$ERR" -ne 0 ]; do - passwd - ERR=$? -done - -echo "Abschließend können Sie festlegen, ob der Server seine IP-Konfiguration" -echo "per DHCP erhält, oder eine statische Konfiguration verwendet wird." -/usr/local/sbin/netsetup - -cat </dev/null || \ - echo "Achtung: Konnte Verzeichnis /root/installer nicht löschen - Verzeichnis nicht leer." -reboot diff --git a/satellit_installer/static_files/system/root/installer/rclocal_script.sh b/satellit_installer/static_files/system/root/installer/rclocal_script.sh deleted file mode 100755 index 577a743..0000000 --- a/satellit_installer/static_files/system/root/installer/rclocal_script.sh +++ /dev/null @@ -1,109 +0,0 @@ -#!/bin/bash - -MY_PID=$$ -perror() { - echo "[ERROR] $*" - [ "$MY_PID" != "$$" ] && kill "$MY_PID" - - if ! grep -q "rclocal_script.sh has thrown an error" /etc/motd; then - cat <<-EOF >> /etc/motd - - WARNING! - - rclocal_script.sh has thrown an error! - Please read /root/init.log and take appropriate measures! - This server may not work correctly! - - EOF - fi - exit 5 -} - -# Logfile -exec &> /root/init.log - -echo "+++ $(basename "$0") gestartet: $(date "+%Y-%m-%d %H:%m:%S")" - -[ -r "/root/installer/config" ] || perror "Installationsfehler: Keine firstrun-config gefunden!" - -source "/root/installer/config" || perror "Fehler beim Sourcen der firstrun-config." - -generate_password() { - tr -dc _A-Za-z0-9 < /dev/urandom | head -c 16 -} - -patchfiles() { - # ... - # Warning: does not escape! - FIND=$1 - REPLACE=$2 - shift 2 - while [ $# -gt 0 ]; do - sed -i "s/${FIND}/${REPLACE}/g" "$1" - shift - done -} - -echo "+++ Lösche alte ssh-Schlüssel ..." -rm -f -- /etc/ssh/ssh_host_*key* 2>/dev/null - -echo "+++ Generating new ssh keys..." -ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N "" -t rsa -q -ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N "" -t dsa -q -ssh-keygen -f /etc/ssh/ssh_host_ecdsa_key -N "" -t ecdsa -q -ssh-keygen -f /etc/ssh/ssh_host_ed25519_key -N "" -t ed25519 -q - -export LANG=de_DE.UTF-8 - -echo "+++ Generiere intern genutzte Passwörter (z.B. MySQL-Zugänge) neu ..." -umask 0077 - -MYSQL_SAT_NEW=$(generate_password) -echo "SET PASSWORD FOR 'sat'@'localhost' = PASSWORD('$MYSQL_SAT_NEW');" | mysql -u root || perror "Neusetzen des sat-MySQL-Passworts fehlgeschlagen." - -MYSQL_OPENSLX_NEW=$(generate_password) -echo "SET PASSWORD FOR 'openslx'@'localhost' = PASSWORD('$MYSQL_OPENSLX_NEW');" | mysql -u root || perror "Neusetzen des openslx-MySQL-Passworts fehlgeschlagen." - -echo "+++ Konfigurationsdateien werden aktualisiert..." - -# sat mysql pass -# Patch dmsd -patchfiles "%MYSQL_SAT_PASS%" "$MYSQL_SAT_NEW" "$DMSDDIR/config.properties" - -# openslx mysql pass -# Patching openslx-mysql-userpass into slx-admin config: -patchfiles "%MYSQL_OPENSLX_PASS%" "$MYSQL_OPENSLX_NEW" "$WWWDIR/slx-admin/config.php" - -# taskmanager password -TASKMANAGER_PASS=$(generate_password) -patchfiles "%TM_OPENSLX_PASS%" "$TASKMANAGER_PASS" "$WWWDIR/slx-admin/config.php" "$TASKMANDIR/config/config" - -echo "+++ Dienste werden aktiviert..." - -# Enable bwLehrpool related services -for i in dmsd.service taskmanager.service; do - systemctl enable "$i" || echo "Warnung - konnte systemd-Service $i nicht aktivieren!" - systemctl --no-block start "$i" -done - -# Write MOTD -cat > /etc/motd < "$INTERFACES" <<-HIER + # This file was written by the satellite auto installer. + # If any problems arise, copy $INTERFACES.${DATUM}. + # The loopback network interface + auto lo + iface lo inet loopback + + # Primary network interface + auto $ETHALIAS + iface $ETHALIAS inet static + address $IPADRESS + gateway $GATEWAY + netmask $NETMASK + HIER + + echo "# This file was written by the satellite server install script." > "$RESOLV" + echo "# If any problems arise, copy $RESOLV.${DATUM}." >> "$RESOLV" + [ -n "$DOMAIN" ] && echo "domain $DOMAIN" >> "$RESOLV" + [ -n "$SEARCH" ] && echo "search $SEARCH" >> "$RESOLV" + [ -n "$PRIMARYDNS" ] && echo "nameserver $PRIMARYDNS" >> "$RESOLV" + [ -n "$SECONDARYDNS" ] && echo "nameserver $SECONDARYDNS" >> "$RESOLV" + + echo "$HOSTNAME" > "$HOSTNAMEFILE" + + [ -n "$DOMAIN" ] && DOMAIN=".${DOMAIN}" + sed "s/127.0.1.1.*/127.0.1.1\t${HOSTNAME}${DOMAIN}\t${HOSTNAME}/g" -i /etc/hosts --in-place=.alt + +} + +write_config_dyn() { + cat > "$INTERFACES" <<-HIER + # This file was written by the satellite auto installer. + # If any problems arise, copy $INTERFACES.${DATUM}. + # The loopback network interface + auto lo + iface lo inet loopback + + # Primary network interface + auto $ETHALIAS + iface $ETHALIAS inet dhcp + # Leaving /etc/resolv alone; pump/dhclient/whatever will take care of that. + HIER +} + +enter_values_static() { + OLDHOSTNAME=$(hostname) + unset ENTRY + while true; do + echo + echo -n "IP-Adresse: " + read IPADRESS + echo -n "Gateway: " + read GATEWAY + echo -n "Netzmaske - leere Eingabe für 255.255.255.0: " + read NETMASK + [ -z "$NETMASK" ] && NETMASK=255.255.255.0 + echo -n "Domain - leere Eingabe, wenn nicht erwünscht: " + read DOMAIN + echo -n "Search domain - leere Eingabe, wenn nicht erwünscht: " + read SEARCH + echo -n "Primärer Nameserver: " + read PRIMARYDNS + echo -n "Sekundärer Nameserver - Leere Eingabe, wenn nicht vorhanden: " + read SECONDARYDNS + echo -n "Hostname - leere Eingabe für bestehenden Hostname $OLDHOSTNAME: " + read HOSTNAME + [ "$HOSTNAME" == "" ] && HOSTNAME="$OLDHOSTNAME" + echo + echo "# IP-Adresse : $IPADRESS" + echo "# Gateway : $GATEWAY" + echo "# Netzmaske : $NETMASK" + echo "# Domain : $DOMAIN" + echo "# Search domain : $SEARCH" + echo "# Primärer Nameserver : $PRIMARYDNS" + echo "# Sekundärer Nameserver : $SECONDARYDNS" + echo "# Hostname : $HOSTNAME" + echo + while true; do + echo -n "Sind diese Eingaben korrekt? [J/n]: " + read ENTRY + echo + [[ -z "$ENTRY" || "$ENTRY" == j* || "$ENTRY" == J* ]] && return + if [[ "$ENTRY" == n* || "$ENTRY" == N* ]]; then + echo "Neustart der Eingabe..." + echo + break + fi + done + done +} + +last_words() { + echo + echo "Einträge geschrieben... beende Skript." + echo +} + +detect_config +write_banner +ask_config + +decide_action # do the stuff! + +last_words + +exit 0 + diff --git a/satellit_installer/static_files/system/usr/local/sbin/netsetup b/satellit_installer/static_files/system/usr/local/sbin/netsetup deleted file mode 100755 index 6616c50..0000000 --- a/satellit_installer/static_files/system/usr/local/sbin/netsetup +++ /dev/null @@ -1,200 +0,0 @@ -#!/bin/bash - -DATUM=$(date +%Y%m%d_%H%M%S) -INTERFACES="/etc/network/interfaces" -ETHALIAS=$( ifconfig -a | grep -oEm1 '^e\w+' ) -RESOLV="/etc/resolv.conf" -HOSTNAMEFILE="/etc/hostname" -SKRIPT=$(readlink -f "$0") -ERR=0 - - -write_banner() { - echo - echo "Dieses Skript konfiguriert das Netzwerk-Interface." - echo - echo "Wenn Sie die Netzwerkkonfiguration ändern, sollten Sie anschließend" - echo "den Server rebooten." - echo -} - - -detect_config() { - if grep -q -E "^[[:space:]]*iface[[:space:]]+${ETHALIAS}[[:space:]]+inet[[:space:]]+dhcp" "$INTERFACES"; then - # dhcp detected, we presume - TYPE=dhcp-basierte - WUNSCH=statische - TOUCHE_TYPE=d - TOUCHE_DESIR=s - else - TYPE=statische - WUNSCH=dhcp-basierte - TOUCHE_TYPE=s - TOUCHE_DESIR=d - fi -} - -ask_config() { - echo - echo "Es ist aktuell eine $TYPE IP-Adresse konfiguriert." - echo - echo "Wollen Sie eine $WUNSCH IP konfigurieren (${TOUCHE_DESIR})," - echo "möchten Sie die $TYPE IP neu konfigurieren (${TOUCHE_TYPE})," - echo "oder möchten Sie gar nichts tun (leere Eingabe)?" - echo - echo -n "Ihre Wahl? [${TOUCHE_DESIR}/${TOUCHE_TYPE}/nichts]: " - read CONFIG_ME - [ "$CONFIG_ME" == "" ] && exit 0 -} - -decide_action() { - case "$CONFIG_ME" in - ${TOUCHE_DESIR}*) backup_configs - if [ "$WUNSCH" == "statische" ]; then - enter_values_static - write_config_static - else - write_config_dyn - fi - ;; - ${TOUCHE_TYPE}*) backup_configs - if [ "$TYPE" == "statische" ]; then - enter_values_static - write_config_static - else - write_config_dyn - fi - ;; - *) echo; echo - echo "Ihre eingegebene Option $CONFIG_ME wurde nicht erkannt - Neustart." - echo - sleep 1 - exec "$SKRIPT" - ;; - esac -} - -backup_configs() { - if [ -f "$INTERFACES" ]; then - cp -p "$INTERFACES" "$INTERFACES.${DATUM}" || \ - { echo "Konnte Datei $INTERFACES nicht nach $INTERFACES.$DATUM sichern - Abbruch."; \ - exit 1 ; } - cp -p "$RESOLV" "$RESOLV.${DATUM}" || \ - { echo "Konnte Datei $RESOLV nicht nach $RESOLV.$DATUM sichern - Abbruch."; \ - exit 1 ; } - fi -} - -restore_configs() { - cp -p "$INTERFACES.$DATUM" "$INTERFACES" - cp -p "$RESOLV.{DATUM}" "$RESOLV" -} - -write_config_static() { - cat > "$INTERFACES" <<-HIER - # This file was written by the satellite auto installer. - # If any problems arise, copy $INTERFACES.${DATUM}. - # The loopback network interface - auto lo - iface lo inet loopback - - # Primary network interface - auto $ETHALIAS - iface $ETHALIAS inet static - address $IPADRESS - gateway $GATEWAY - netmask $NETMASK - HIER - - echo "# This file was written by the satellite server install script." > "$RESOLV" - echo "# If any problems arise, copy $RESOLV.${DATUM}." >> "$RESOLV" - [ -n "$DOMAIN" ] && echo "domain $DOMAIN" >> "$RESOLV" - [ -n "$SEARCH" ] && echo "search $SEARCH" >> "$RESOLV" - [ -n "$PRIMARYDNS" ] && echo "nameserver $PRIMARYDNS" >> "$RESOLV" - [ -n "$SECONDARYDNS" ] && echo "nameserver $SECONDARYDNS" >> "$RESOLV" - - echo "$HOSTNAME" > "$HOSTNAMEFILE" - - [ -n "$DOMAIN" ] && DOMAIN=".${DOMAIN}" - sed "s/127.0.1.1.*/127.0.1.1\t${HOSTNAME}${DOMAIN}\t${HOSTNAME}/g" -i /etc/hosts --in-place=.alt - -} - -write_config_dyn() { - cat > "$INTERFACES" <<-HIER - # This file was written by the satellite auto installer. - # If any problems arise, copy $INTERFACES.${DATUM}. - # The loopback network interface - auto lo - iface lo inet loopback - - # Primary network interface - auto $ETHALIAS - iface $ETHALIAS inet dhcp - # Leaving /etc/resolv alone; pump/dhclient/whatever will take care of that. - HIER -} - -enter_values_static() { - OLDHOSTNAME=$(hostname) - unset ENTRY - while true; do - echo - echo -n "IP-Adresse: " - read IPADRESS - echo -n "Gateway: " - read GATEWAY - echo -n "Netzmaske - leere Eingabe für 255.255.255.0: " - read NETMASK - [ -z "$NETMASK" ] && NETMASK=255.255.255.0 - echo -n "Domain - leere Eingabe, wenn nicht erwünscht: " - read DOMAIN - echo -n "Search domain - leere Eingabe, wenn nicht erwünscht: " - read SEARCH - echo -n "Primärer Nameserver: " - read PRIMARYDNS - echo -n "Sekundärer Nameserver - Leere Eingabe, wenn nicht vorhanden: " - read SECONDARYDNS - echo -n "Hostname - leere Eingabe für bestehenden Hostname $OLDHOSTNAME: " - read HOSTNAME - [ "$HOSTNAME" == "" ] && HOSTNAME="$OLDHOSTNAME" - echo - echo "# IP-Adresse : $IPADRESS" - echo "# Gateway : $GATEWAY" - echo "# Netzmaske : $NETMASK" - echo "# Domain : $DOMAIN" - echo "# Search domain : $SEARCH" - echo "# Primärer Nameserver : $PRIMARYDNS" - echo "# Sekundärer Nameserver : $SECONDARYDNS" - echo "# Hostname : $HOSTNAME" - echo - while true; do - echo -n "Sind diese Eingaben korrekt? [J/n]: " - read ENTRY - echo - [[ -z "$ENTRY" || "$ENTRY" == j* || "$ENTRY" == J* ]] && return - if [[ "$ENTRY" == n* || "$ENTRY" == N* ]]; then - echo "Neustart der Eingabe..." - echo - break - fi - done - done -} - -last_words() { - echo - echo "Einträge geschrieben... beende Skript." - echo -} - -detect_config -write_banner -ask_config - -decide_action # do the stuff! - -last_words - -exit 0 - diff --git a/satellit_installer/static_files/taskmanager/opt/taskmanager/config/environment b/satellit_installer/static_files/taskmanager/opt/taskmanager/config/environment index 7de812c..ddc4681 100644 --- a/satellit_installer/static_files/taskmanager/opt/taskmanager/config/environment +++ b/satellit_installer/static_files/taskmanager/opt/taskmanager/config/environment @@ -1,6 +1,7 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin -LANG=C +LANG=C.UTF-8 LOGNAME USER LOGIN HOME +TZ diff --git a/satellit_upgrader/updater.template.sh b/satellit_upgrader/updater.template.sh index 87ecd63..8833f04 100644 --- a/satellit_upgrader/updater.template.sh +++ b/satellit_upgrader/updater.template.sh @@ -877,7 +877,8 @@ if ! which tmate &> /dev/null && (( MAJOR >= 9 )); then fi if (( MAJOR >= 11 )); then # Fingerprints now need to be SHA256, maybe an old sat got dist-upgraded and still has MD5s in that file - diffcp "system" "/root/.tmate.conf" "Updating tmate config..." + diffcp "system" "/etc/tmate.conf" "Updating tmate config..." + rm -f -- "/root/.tmate.conf" fi # ******************* make sure ssh keypair exists ********* -- cgit v1.2.3-55-g7522