blob: 381b56a744bec91c093c3648f3c792e1005a38c8 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
|
#!/bin/bash
MY_PID=$$
perror() {
echo "$@" >> /root/init.log
[ "$MY_PID" != "$$" ] && kill "$MY_PID"
if ! grep -q "rclocal_script.sh has thrown an error" /etc/motd; then
cat <<-EOF >> /etc/motd
WARNING!
rclocal_script.sh has thrown an error!
Please read /root/init.log and take appropriate measures!
This server may not work correctly!
EOF
fi
exit 5
}
echo "$(basename $0) gestartet: $(date "+%Y-%m-%d %H:%m:%S")" >> /root/init.log
[ -r "/root/installer/config" ] || perror "Installationsfehler: Keine firstrun-config gefunden!"
source "/root/installer/config" || { echo "Fehler beim Sourcen der firstrun-config." >> /root/init.log; exit 1; }
[ -z "$MYSQL_ROOT_PASS" ] && perror "Installationsfehler: WARNUNG: Aktuelles MySQL-root-Passwort nicht bekannt!"
generate_password() {
tr -dc _A-Za-z0-9 < /dev/urandom | head -c 16
}
patchfiles() {
# <find> <replace> <file1> <file2> ... <fileN>
# Warning: does not escape!
FIND=$1
REPLACE=$2
shift 2
while [ $# -gt 0 ]; do
sed -i "s/${FIND}/${REPLACE}/g" "$1"
shift
done
}
echo -n "Lösche alte ssh-Schlüssel ..." >> /root/init.log
rm -f /etc/ssh/ssh_host_*key* 2>/dev/null
echo " done."
echo -n "Generating new ssh keys..." >> /root/init.log
ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N "" -t rsa -q
ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N "" -t dsa -q
ssh-keygen -f /etc/ssh/ssh_host_ecdsa_key -N "" -t ecdsa -q
echo "... done." >> /root/init.log
export LANG=de_DE.UTF-8
echo "Generiere intern genutzte Passwörter (z.B. MySQL-Zugänge) neu ..." >> /root/init.log
umask 0077
MYSQL_ROOT_NEW=$(generate_password)
mysqladmin -u root -p"${MYSQL_ROOT_PASS}" password "${MYSQL_ROOT_NEW}" || perror "Neusetzen des root-MySQL-Passworts fehlgeschlagen"
# Just in case...
sed -i "s/^MYSQL_ROOT_PASS=.*\$/MYSQL_ROOT_PASS=${MYSQL_ROOT_NEW}/g" "/root/installer/config"
MYSQL_SAT_NEW=$(generate_password)
echo "SET PASSWORD FOR 'sat'@'localhost' = PASSWORD('$MYSQL_SAT_NEW');" | mysql -u root -p"${MYSQL_ROOT_NEW}" || perror "Neusetzen des sat-MySQL-Passworts fehlgeschlagen."
MYSQL_OPENSLX_NEW=$(generate_password)
echo "SET PASSWORD FOR 'openslx'@'localhost' = PASSWORD('$MYSQL_OPENSLX_NEW');" | mysql -u root -p"${MYSQL_ROOT_NEW}" || perror "Neusetzen des openslx-MySQL-Passworts fehlgeschlagen."
# Debian 9 (stretch) does not seem to have a debian-sys-maint user anymore.
MYSQL_SYSMAINT_NEW=$(generate_password)
if grep -q debian-sys-maint /etc/mysql/debian.cnf; then
echo "SET PASSWORD FOR 'debian-sys-maint'@'localhost' = PASSWORD('$MYSQL_SYSMAINT_NEW');" | mysql -u root -p"${MYSQL_ROOT_NEW}" || perror "Neusetzen des debian-sys-maint-Passworts fehlgeschlagen."
# Patching debian-sys-maint password into /etc/mysql/debian.cnf:
patchfiles 'password *=.*$' "password = $MYSQL_SYSMAINT_NEW" "/etc/mysql/debian.cnf"
fi
# Store mysql root pass in root's home
echo "$MYSQL_ROOT_NEW" > /root/mysqlpass
chmod 600 /root/mysqlpass
echo -n "Konfigurationsdateien werden aktualisiert..." >> /root/init.log
# sat mysql pass
# Patch dmsd
patchfiles "%MYSQL_SAT_PASS%" "$MYSQL_SAT_NEW" "$DMSDDIR/config.properties"
# openslx mysql pass
# Patching openslx-mysql-userpass into slx-admin config:
patchfiles "%MYSQL_OPENSLX_PASS%" "$MYSQL_OPENSLX_NEW" "$WWWDIR/slx-admin/config.php"
echo " ok." >> /root/init.log
echo "Dienste werden aktiviert..." >> /root/init.log
# Enable bwLehrpool related services
for i in dmsd.service taskmanager.service; do
systemctl enable $i
[ $? -ne 0 ] && echo "Warnung - konnte systemd-Service $i nicht aktivieren!" >> /root/init.log
systemctl start $i
done
# Install slx-admin DB
(
cd "/srv/openslx/www/slx-admin"
sudo -n -u www-data ./install-all >> /root/init.log
)
# Write MOTD
cat > /etc/motd <<THEREDOC
*** bwLehrpool Satelliten-Server, Version $VERSION ***
Eingerichtet am $(date)
Wenn Sie sich als root eingeloggt haben, haben Sie nun folgende Optionen:
netsetup - Konfiguriert das Netzwerk-Interface neu (DHCP oder statisch)
reboot - System neustarten
poweroff - System herunterfahren
Andere Modifikationen am System sind in der Regel nicht notwendig.
THEREDOC
# Write version to /etc/sat_version
echo "$VERSION" > /etc/sat_version
sed -i "/rclocal_script.sh/d" /etc/rc.local
unlink "/root/installer/config" 2>/dev/null
unlink "/root/installer/rclocal_script.sh" 2>/dev/null
mv /etc/rc.local.sik /etc/rc.local
exit 0
|