blob: 04f5e9330ef35f81ae745e270d6c14485cff2202 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
|
#!/bin/bash
MY_PID=$$
conf="/opt/openslx/config.install"
# Logfile
exec &>> /opt/openslx/firstboot.log
perror() {
echo "[ERROR] $*"
[ "$MY_PID" != "$$" ] && kill "$MY_PID"
if ! grep -q "firstboot.sh has thrown an error" /etc/motd; then
cat <<-EOF >> /etc/motd
WARNING!
firstboot.sh has thrown an error!
Please read /opt/openslx/firstboot.log and take appropriate measures!
This server may not work correctly!
EOF
fi
exit 5
}
if ! [ -e "$conf" ]; then
# First time this script runs, it will delete the config at the end; this
# means this has to be the second bootup, after the user finished the
# firstrun.sh script on first login as "bwlp".
# Completely delete the script now, and also firstrun.sh
unlink "/opt/openslx/firstrun.sh"
unlink "/opt/openslx/firstboot.sh"
unlink "/etc/systemd/system/firstboot.service"
unlink "/etc/systemd/system/multi-user.target.wants/firstboot.service"
# Only now enable the web interface, so the user cannot login via browser
# before finishing the firstrun.sh script via ssh/tty login
systemctl enable lighttpd.service || perror "Konnte systemd-Service lighttpd nicht aktivieren!"
systemctl --no-block start lighttpd.service
# Also activate our issue that hints at the webif URL
mv /etc/issue.disabled /etc/issue
exit 0
fi
echo "+++ $(basename "$0") gestartet: $(date "+%Y-%m-%d %H:%m:%S")"
[ -s "$conf" ] || perror "Config file $conf missing"
bash -n "$conf" || perror "Config file $conf has errors"
. "$conf"
generate_password() {
tr -dc _A-Za-z0-9 < /dev/urandom 2> /dev/null | head -c 16
}
patchfiles() {
# <find> <replace> <file1> <file2> ... <fileN>
# Warning: does not escape!
local FIND="$1"
local REPLACE="$2"
shift 2
while [ $# -gt 0 ]; do
sed -i "s/${FIND}/${REPLACE}/g" "$1"
shift
done
}
echo "+++ Lösche alte ssh-Schlüssel ..."
rm -f -- /etc/ssh/ssh_host_*key* 2>/dev/null
echo "+++ Generating new sshd keys..."
ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N "" -t rsa -q
ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N "" -t dsa -q
ssh-keygen -f /etc/ssh/ssh_host_ecdsa_key -N "" -t ecdsa -q
ssh-keygen -f /etc/ssh/ssh_host_ed25519_key -N "" -t ed25519 -q
echo "+++ Generiere intern genutzte Passwörter (z.B. MySQL-Zugänge) neu ..."
umask 0077
MYSQL_SAT_NEW=$(generate_password)
[ -z "$MYSQL_SAT_NEW" ] && perror "Error generating mysql password for dmsd"
echo "SET PASSWORD FOR 'sat'@'localhost' = PASSWORD('$MYSQL_SAT_NEW');" | mysql -u root || perror "Neusetzen des sat-MySQL-Passworts fehlgeschlagen."
MYSQL_OPENSLX_NEW=$(generate_password)
[ -z "$MYSQL_OPENSLX_NEW" ] && perror "Error generating mysql password for openslx"
echo "SET PASSWORD FOR 'openslx'@'localhost' = PASSWORD('$MYSQL_OPENSLX_NEW');" | mysql -u root || perror "Neusetzen des openslx-MySQL-Passworts fehlgeschlagen."
echo "+++ Konfigurationsdateien werden aktualisiert..."
# sat mysql pass
# Patch dmsd
patchfiles "%MYSQL_SAT_PASS%" "$MYSQL_SAT_NEW" "$DMSDDIR/config.properties"
# openslx mysql pass
# Patching openslx-mysql-userpass into slx-admin config:
patchfiles "%MYSQL_OPENSLX_PASS%" "$MYSQL_OPENSLX_NEW" "$SLXADMINDIR/config.php"
# taskmanager password
TASKMANAGER_PASS=$(generate_password)
patchfiles "%TM_OPENSLX_PASS%" "$TASKMANAGER_PASS" "$SLXADMINDIR/config.php" "$TASKMANDIR/config/config"
echo "+++ Dienste werden aktiviert..."
# Enable bwLehrpool related services
for i in dmsd.service taskmanager.service; do
systemctl enable "$i" || perror "Konnte systemd-Service $i nicht aktivieren!"
systemctl --no-block start "$i"
done
# root ssh key
echo ""
echo "Erzeuge SSH Schlüsselpaar für root"
echo ""
KEY=~/.ssh/id_rsa
rm -f -- "$KEY" "${KEY}.pub"
ssh-keygen -q -N "" -f "$KEY" \
|| echo "Achtung: Erzeugung Schlüsselpaar $KEY fehlgeschlagen."
# Write MOTD
cat > /etc/motd <<THEREDOC
> *** bwLehrpool Satelliten-Server, Version $VERSION ***
> Eingerichtet am $(date)
>
> Wenn Sie sich als 'bwlp' eingeloggt haben, haben Sie nun folgende Optionen:
> netsetup - Konfiguriert das Netzwerk-Interface neu (DHCP oder statisch)
> sudo reboot - System neustarten
> sudo poweroff - System herunterfahren
>
> Andere Modifikationen am System sind in der Regel nicht notwendig.
>
THEREDOC
echo "+++ Daten des Firstrun-Scripts werden aufgeräumt..."
unlink "$conf"
exit 0
|
