#!/bin/bash MY_PID=$$ conf="/opt/openslx/config.install" # Logfile exec &>> /opt/openslx/firstboot.log perror() { echo "[ERROR] $*" [ "$MY_PID" != "$$" ] && kill "$MY_PID" if ! grep -q "firstboot.sh has thrown an error" /etc/motd; then cat <<-EOF >> /etc/motd WARNING! firstboot.sh has thrown an error! Please read /opt/openslx/firstboot.log and take appropriate measures! This server may not work correctly! EOF fi exit 5 } if ! [ -e "$conf" ]; then # First time this script runs, it will delete the config at the end; this # means this has to be the second bootup, after the user finished the # firstrun.sh script on first login as "bwlp". # Completely delete the script now, and also firstrun.sh unlink "/opt/openslx/firstrun.sh" unlink "/opt/openslx/firstboot.sh" unlink "/etc/systemd/system/firstboot.service" unlink "/etc/systemd/system/multi-user.target.wants/firstboot.service" # Only now enable the web interface, so the user cannot login via browser # before finishing the firstrun.sh script via ssh/tty login systemctl enable lighttpd.service || perror "Konnte systemd-Service lighttpd nicht aktivieren!" systemctl --no-block start lighttpd.service # Also activate our issue that hints at the webif URL mv /etc/issue.disabled /etc/issue exit 0 fi echo "+++ $(basename "$0") gestartet: $(date "+%Y-%m-%d %H:%m:%S")" [ -s "$conf" ] || perror "Config file $conf missing" bash -n "$conf" || perror "Config file $conf has errors" . "$conf" generate_password() { tr -dc _A-Za-z0-9 < /dev/urandom 2> /dev/null | head -c 16 } patchfiles() { # ... # Warning: does not escape! local FIND="$1" local REPLACE="$2" shift 2 while [ $# -gt 0 ]; do sed -i "s/${FIND}/${REPLACE}/g" "$1" shift done } echo "+++ Lösche alte ssh-Schlüssel ..." rm -f -- /etc/ssh/ssh_host_*key* 2>/dev/null echo "+++ Generating new sshd keys..." ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N "" -t rsa -q ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N "" -t dsa -q ssh-keygen -f /etc/ssh/ssh_host_ecdsa_key -N "" -t ecdsa -q ssh-keygen -f /etc/ssh/ssh_host_ed25519_key -N "" -t ed25519 -q echo "+++ Generiere intern genutzte Passwörter (z.B. MySQL-Zugänge) neu ..." umask 0077 MYSQL_SAT_NEW=$(generate_password) [ -z "$MYSQL_SAT_NEW" ] && perror "Error generating mysql password for dmsd" echo "SET PASSWORD FOR 'sat'@'localhost' = PASSWORD('$MYSQL_SAT_NEW');" | mysql -u root || perror "Neusetzen des sat-MySQL-Passworts fehlgeschlagen." MYSQL_OPENSLX_NEW=$(generate_password) [ -z "$MYSQL_OPENSLX_NEW" ] && perror "Error generating mysql password for openslx" echo "SET PASSWORD FOR 'openslx'@'localhost' = PASSWORD('$MYSQL_OPENSLX_NEW');" | mysql -u root || perror "Neusetzen des openslx-MySQL-Passworts fehlgeschlagen." echo "+++ Konfigurationsdateien werden aktualisiert..." # sat mysql pass # Patch dmsd patchfiles "%MYSQL_SAT_PASS%" "$MYSQL_SAT_NEW" "$DMSDDIR/config.properties" # openslx mysql pass # Patching openslx-mysql-userpass into slx-admin config: patchfiles "%MYSQL_OPENSLX_PASS%" "$MYSQL_OPENSLX_NEW" "$SLXADMINDIR/config.php" # taskmanager password TASKMANAGER_PASS=$(generate_password) patchfiles "%TM_OPENSLX_PASS%" "$TASKMANAGER_PASS" "$SLXADMINDIR/config.php" "$TASKMANDIR/config/config" echo "+++ Dienste werden aktiviert..." # Enable bwLehrpool related services for i in dmsd.service taskmanager.service; do systemctl enable "$i" || perror "Konnte systemd-Service $i nicht aktivieren!" systemctl --no-block start "$i" done # root ssh key echo "" echo "Erzeuge SSH Schlüsselpaar für root" echo "" KEY=~/.ssh/id_rsa rm -f -- "$KEY" "${KEY}.pub" ssh-keygen -q -N "" -f "$KEY" \ || echo "Achtung: Erzeugung Schlüsselpaar $KEY fehlgeschlagen." # Write MOTD cat > /etc/motd < *** bwLehrpool Satelliten-Server, Version $VERSION *** > Eingerichtet am $(date) > > Wenn Sie sich als 'bwlp' eingeloggt haben, haben Sie nun folgende Optionen: > netsetup - Konfiguriert das Netzwerk-Interface neu (DHCP oder statisch) > sudo reboot - System neustarten > sudo poweroff - System herunterfahren > > Andere Modifikationen am System sind in der Regel nicht notwendig. > THEREDOC echo "+++ Daten des Firstrun-Scripts werden aufgeräumt..." unlink "$conf" exit 0