commit 65dde781f16042c98c470b8ef8262dfbe5653f54 Author: fatalerrors Date: Mon May 31 11:32:41 2021 +0200 Initial version for Ubuntu deployment scripts diff --git a/README.txt b/README.txt new file mode 100644 index 0000000..9d32fce --- /dev/null +++ b/README.txt @@ -0,0 +1 @@ +this is ubuntu deployment scripts for LEGOS git repository created on 2021-05-31-11:31:04 diff --git a/init.conf.sh b/init.conf.sh new file mode 100644 index 0000000..f74f8a0 --- /dev/null +++ b/init.conf.sh @@ -0,0 +1,34 @@ +# Domaine LEGOS +export MAINDOM="legos.obs-mip.fr" + +# Proxy LEGOS +export PROXYSRV="proxy.legos.obs-mip.fr" +export PROXYPORT="3128" + +# Paquets à enlever après installation +export RMLIST="apparmor chafa laptop-detect resolvconf" +export APTBLACKLIST="apparmor chafa resolvconf" + +# Langues supportés +export LOCALESET="en_US.UTF-8 fr_FR.UTF-8" + +# Liste des paquets de base, utiles dans tous les cas +export INSTLIST_BASE="bc curl dc debconf-utils deborphan dos2unix dump emacs-nox ethtool figlet gawk gpm htop ntp ifstat iftop iotop \ + libpam-krb5 libnss-ldap libpam-ldap ltrace mailutils mc mtr-tiny multitail neofetch nmap nscd openssh-server oping p7zip-full \ + p7zip-rar pbzip2 perl-doc pigz plzip postfix pv qemu-guest-agent resolvconf rsync screen snmpd strace tcpdump tmux traceroute \ + unrar unzip whois xinetd zip" + +# ------------------------------------------------------------------------------------------------------------------------------------------ +# Configuration du disque de calcul : zfs, ext4 et xfs accepté +export CALCTYPE="zfs" + + +# Niveau : mirror (RAID1), raidz1 (RAID5), raidz2 (RAID6), laisser vide pour RAID0, valable seulement pour ZFS +export CALCLEVEL="" + +# Liste de lecteurs à utiliser (voir dans /dev/disk/by-id), un seul tolléré pour ext4 et xfs +export CALCDRV="/dev/disk/by-id/xxxxx" + +# ------------------------------------------------------------------------------------------------------------------------------------------ + +export MODULE_LIST="upgrade_dist conf_disk" diff --git a/init.sh b/init.sh new file mode 100755 index 0000000..d794b66 --- /dev/null +++ b/init.sh @@ -0,0 +1,307 @@ +#!/bin/bash + +# Check gestparc native directory +#export REPO="/share/services/gestparc" + +export HOSTNAME=$(hostname) + +export DATEFORMAT=${DATEFORMAT:-"+%Y/%m/%d-%H:%M:%S-%N"} +export LOGFILE=${LOGFILE:-"/var/log/$(uname -n)-$(date +%Y%m%d-%H%M).log"} + +# Define colors codes used while displaying +colorcodes() { + DEFAULTFG="\e[0;39m" + DEFAULTBG="\e[0;49m" + DEFAULTCOL=${DEFAULTBG}${DEFAULTFG} + # Regular Colors + Black='\e[0;30m' + Red='\e[0;31m' + Green='\e[0;32m' + Yellow='\e[0;33m' + Blue='\e[0;34m' + Purple='\e[0;35m' + Cyan='\e[0;36m' + White='\e[0;37m' + # Bold + BBlack='\e[1;30m' + BRed='\e[1;31m' + BGreen='\e[1;32m' + BYellow='\e[1;33m' + BBlue='\e[1;34m' + BPurple='\e[1;35m' + BCyan='\e[1;36m' + BWhite='\e[1;37m' + # Underline + UBlack='\e[4;30m' + URed='\e[4;31m' + UGreen='\e[4;32m' + UYellow='\e[4;33m' + UBlue='\e[4;34m' + UPurple='\e[4;35m' + UCyan='\e[4;36m' + UWhite='\e[4;37m' + # Background + On_Black='\e[40m' + On_Red='\e[41m' + On_Green='\e[42m' + On_Yellow='\e[43m' + On_Blue='\e[44m' + On_Purple='\e[45m' + On_Cyan='\e[46m' + On_White='\e[47m' + # High Intensity + IBlack='\e[0;90m' + IRed='\e[0;91m' + IGreen='\e[0;92m' + IYellow='\e[0;93m' + IBlue='\e[0;94m' + IPurple='\e[0;95m' + ICyan='\e[0;96m' + IWhite='\e[0;97m' + # Bold High Intensity + BIBlack='\e[1;90m' + BIRed='\e[1;91m' + BIGreen='\e[1;92m' + BIYellow='\e[1;93m' + BIBlue='\e[1;94m' + BIPurple='\e[1;95m' + BICyan='\e[1;96m' + BIWhite='\e[1;97m' + # High Intensity backgrounds + On_IBlack='\e[0;100m' + On_IRed='\e[0;101m' + On_IGreen='\e[0;102m' + On_IYellow='\e[0;103m' + On_IBlue='\e[0;104m' + On_IPurple='\e[0;105m' + On_ICyan='\e[0;106m' + On_IWhite='\e[0;107m' +} + +# Affiche le status avec en-tête coloré et timestamp +# (valeur de $1 : I=info, W=warning, E=error, pas d'entête si différent) +prnt() { + case $1 in + "I") + HEADS="[ ${IGreen}info${DEFAULTFG} ]" + shift + ;; + "W") + HEADS="[ ${IYellow}Attention${DEFAULTFG} ]" + shift + ;; + "E") + HEADS="[ ${IRed}ERREUR${DEFAULTFG} ]" + shift + ;; + esac + echo -e "${IWhite}$(date $DATEFORMAT)${DEFAULTFG} ${HEADS} $@" +} + + +# Backup original installation files (or any old files if runned several time on same file) +backupdist() +{ + [[ $# -lt 1 ]] && prnt E "backupdist(): Au moins un argument requis." && return 1 + + for file in $@; do + if [[ -e ${file} ]]; then + cp -av $file $file.dist.$(date --rfc-3339=seconds | sed -e 's/ /-/' -e 's/://g') + fi + done +} + +# Install file to the host (specific first then general) +installfile() +{ + local filelist="" + local i=0 + + [[ $# -lt 2 ]] && ( + prnt E "installfile(): Au moins deux arguments requis." + return 1 + ) + [[ $(echo $@ | grep "\*\|\?") ]] && ( + prnt E "installfile(): Les wildcards sont interdits." + return 2 + ) + + for arg in $@; do + if [[ -f $BASEGPDIR/profile/$HOSTNAME/$arg ]]; then + filelist="$filelist $BASEGPDIR/profile/$HOSTNAME/$arg" + elif [[ -f $BASEGPDIR/profile/$arg ]]; then + filelist="$filelist $BASEGPDIR/profile/$arg" + else + filelist="$filelist $arg" + fi + done + for i in $filelist; do :; done + if [[ ! $i==/* ]]; then + prnt E "installfile(): Target must be on the root filesystem." + exit 3 + fi + prnt I "Création su répertoire $(dirname $i) si nécessaire..." + mkdir -pv $(dirname $i) + prnt I "Copie des fichiers ${filelist}..." + cp -av $filelist +} + +# Configuration du disque de calcul +conf_zfs() +{ + # On crée les répertoires d'accueil + mkdir -pv /srv/ceph + mkdir -pv /share + + # Upgrade of fstab file + + # Mount Ceph volumes if required + [[ ! $(mount | grep "on /srv/ceph") ]] && mount -v /srv/ceph + [[ ! $(mount | grep "on /share") ]] && mount -v /share +} + + +# Blacklist some unwanted packages... +apt_blacklist() +{ + [[ ! -d /etc/apt/preferences.d ]] && mkdir -pv /etc/apt/preferences.d + installfile avoid-apparmor avoid-chafa avoid-resolvconf /etc/apt/preferences.d +} + +# Authentication +#FUNCLIST="$FUNCLIST authnz" +#authnz() +#{ +# apt-get install nscd libpam-krb5 libnss-ldap libpam-ldap +# +# backupdist /etc/krb5.conf /etc/libnss-ldap.conf /etc/pam_ldap.conf /etc/nsswitch.conf \ +# /etc/pam.d/common-session /etc/pam.d/common-account /etc/pam.d/common-password \ +# /etc/pam.d/common-auth +# installfile krb5.conf libnss-ldap.conf pam_ldap.conf nsswitch.conf /etc +# installfile common-session common-account common-password common-auth /etc/pam.d +# +# /etc/init.d/nscd restart +#} + +# Users (from Ldap) +#FUNCLIST="$FUNCLIST add_user" +#add_users() +#{ +# backupdist /etc/passwd /etc/shadow /etc/group +# sed -i -e '/^fatal/d' /etc/passwd /etc/shadow /etc/group +# echo "+kroot::::::" >> /etc/passwd +# echo "+kroot::::::::" >> /etc/shadow +#} + +# Locale +FUNCLIST="$FUNCLIST conf_locale" +conf_locale() +{ + backupdist /etc/locale.gen + sed -i "/^# en_US.UTF-8 /s/^# //" /etc/locale.gen + locale-gen +} + +# Additionnal packages (some are necessary to that script to end successfully) +install_pkg() +{ + apt install -y $INSTLIST +} + +# NTP +conf_ntp() +{ + backupdist /etc/ntp.conf + installfile ntp.conf /etc/ntp.conf +} + +# SSH server +conf_ssh() +{ + backupdist /etc/ssh/ssh{,d}_config + sed -i -e '/^#PermitRootLogin/s/^#//' /etc/ssh/sshd_config + sed -i -e '/^PermitRootLogin /s/ .*/ yes/' /etc/ssh/sshd_config + /etc/init.d/ssh restart || true + $BASEGPDIR/ssh/getpubkey.sh + installfile ssh_config /etc/ssh/ssh_config +} + +# Profile +install_profile() +{ + installfile ansi_shadow.flf /usr/share/figlet/ansi_shadow.flf + for usr in /root /home/*; do + backupdist $usr/{,.}profile $usr/.bashrc + installfile {{.,}profile,.bashrc} $usr/ + done + backupdist /etc/motd + installfile motd /etc/motd +} + +# Supervision +patch_snmp() +{ + backupdist /etc/snmp/snmpd.conf /etc/default/snmpd /lib/systemd/system/snmpd.service /etc/init.d/snmpd + installfile snmpd.conf /etc/snmp/snmpd.conf + installfile snmpd.init /etc/init.d/snmpd + [[ -e /lib/systemd/system/snmpd.service ]] && + installfile snmpd.service /lib/systemd/system/snmpd.service + /etc/init.d/snmpd restart || true # error on systemd systems requiring reboot wich we'll do anyway after that script +} + +install_mk-agent() +{ + apt install -y $BASEGPDIR/mk_agents/check-mk-agent_${MKVERSION}_all.deb + backupdist /etc/xinetd.d/check_mk + installfile check_mk /etc/xinetd.d/check_mk + /etc/init.d/xinetd restart +} + +# Syslog +conf_syslog() +{ + backupdist /etc/rsyslog.conf + installfile rsyslog.conf /etc/rsyslog.conf + /etc/init.d/rsyslog restart +} + +# Mail +conf_mail() +{ + installfile postfix.cf /etc/postfix/main.cf + sed -i -e "s/#HOSTNAME#/$HOSTNAME/g" /etc/postfix/main.cf + /etc/init.d/postfix restart +} + + +# ====================== +# ==== Main Program ==== +# ====================== + +# Vérifie qu'on soit root +if [[ $ + +# Chargement de la configuration +[[ -s init.sh.conf ]] && . init.sh.conf || ( + +) + + + +upgrade_dist +[[ ! $PVEHST ]] && install_ceph && conf_ceph +[[ ! $PVEHST ]] && apt_blacklist +#[[ ! $PVEHST ]] && authnz +#[[ ! $PVEHST ]] && add_users +conf_locale +install_pkg +conf_ntp +conf_ssh +install_profile +patch_snmp +install_mk-agent +conf_syslog +conf_mail + +echo "That's all folks !" +echo "Après vérification des logs, il est recommandé de redémarrer la machine..." diff --git a/modules/conf_zfs.sh b/modules/conf_zfs.sh new file mode 100644 index 0000000..f10df7b --- /dev/null +++ b/modules/conf_zfs.sh @@ -0,0 +1,19 @@ +# Configuration du disque de calcul +conf_zfs() +{ + # On crée les répertoires d'accueil + mkdir -pv /calcul/$HOSTNAME + + # Installation de ZFS + + + # Mount Ceph volumes if required +} + +conf_disk() +{ + case $CALCTYPE +} + + +export -f conf_disk diff --git a/modules/upgrade_dist.sh b/modules/upgrade_dist.sh new file mode 100644 index 0000000..359bc5d --- /dev/null +++ b/modules/upgrade_dist.sh @@ -0,0 +1,40 @@ +#!/bin/bash +# Module mise à jour de la distribution + + + +upgrade_dist() +{ + local proxyfile=/etc/apt/apt.conf.d/00proxy + + prnt I "Configuration du proxy pour APT..." + if [[ $PROXYSRV ]]; then + if [[ $PROXYPORT ]]; then + if [[ ! -d $(basedir $proxyfile) ]]; then + mkdir -pv /etc/apt/apt.conf.d || ( + prnt E "Impossiblle de créer le répertoire d'accueil pour la configuration d'APT." + exit 10 + ) + fi + backupdist $proxyfile + echo "# Generated automatically on $(date $DATEFORMAT) by $0" > $proxyfile + echo "Acquire::http::Proxy \"http://${ACNGSRV}:3142\";" >> $proxyfile + else + prnt E "Un serveur proxy a été spécifié mais pas son port d'usage." + fi + else + prnt I "Pas de proxy configuré, ne fait rien." + fi + + prnt I "Mise à jour de la liste des paquets..." + apt-get update + prnt I "Application des mises à jour de paquets..." + apt-get upgrade -y + prnt I "Suppression de paquets indésirables..." + apt-get remove --purge -y $RMLIST + prnt I "Suppression des paquets résiduels..." + apt autoremove --purge -y +} + +export -f upgrade_dist +