fatalerrors/init.sh
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Initial version for Ubuntu deployment scripts

Browse Source
This commit is contained in:
fatalerrors
2021-05-31 11:32:41 +02:00
commit 65dde781f1
5 changed files with 401 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
README.txt Normal file
View File

@@ -0,0 +1 @@
this is ubuntu deployment scripts for LEGOS git repository created on 2021-05-31-11:31:04

34
init.conf.sh Normal file
View File

@@ -0,0 +1,34 @@
# Domaine LEGOS
export MAINDOM="legos.obs-mip.fr"
# Proxy LEGOS
export PROXYSRV="proxy.legos.obs-mip.fr"
export PROXYPORT="3128"
# Paquets à enlever après installation
export RMLIST="apparmor chafa laptop-detect resolvconf"
export APTBLACKLIST="apparmor chafa resolvconf"
# Langues supportés
export LOCALESET="en_US.UTF-8 fr_FR.UTF-8"
# Liste des paquets de base, utiles dans tous les cas
export INSTLIST_BASE="bc curl dc debconf-utils deborphan dos2unix dump emacs-nox ethtool figlet gawk gpm htop ntp ifstat iftop iotop \
libpam-krb5 libnss-ldap libpam-ldap ltrace mailutils mc mtr-tiny multitail neofetch nmap nscd openssh-server oping p7zip-full \
p7zip-rar pbzip2 perl-doc pigz plzip postfix pv qemu-guest-agent resolvconf rsync screen snmpd strace tcpdump tmux traceroute \
unrar unzip whois xinetd zip"
# ------------------------------------------------------------------------------------------------------------------------------------------
# Configuration du disque de calcul : zfs, ext4 et xfs accepté
export CALCTYPE="zfs"
# Niveau : mirror (RAID1), raidz1 (RAID5), raidz2 (RAID6), laisser vide pour RAID0, valable seulement pour ZFS
export CALCLEVEL=""
# Liste de lecteurs à utiliser (voir dans /dev/disk/by-id), un seul tolléré pour ext4 et xfs
export CALCDRV="/dev/disk/by-id/xxxxx"
# ------------------------------------------------------------------------------------------------------------------------------------------
export MODULE_LIST="upgrade_dist conf_disk"

307
init.sh Executable file
View File

@@ -0,0 +1,307 @@
#!/bin/bash
# Check gestparc native directory
#export REPO="/share/services/gestparc"
export HOSTNAME=$(hostname)
export DATEFORMAT=${DATEFORMAT:-"+%Y/%m/%d-%H:%M:%S-%N"}
export LOGFILE=${LOGFILE:-"/var/log/$(uname -n)-$(date +%Y%m%d-%H%M).log"}
# Define colors codes used while displaying
colorcodes() {
DEFAULTFG="\e[0;39m"
DEFAULTBG="\e[0;49m"
DEFAULTCOL=${DEFAULTBG}${DEFAULTFG}
# Regular Colors
Black='\e[0;30m'
Red='\e[0;31m'
Green='\e[0;32m'
Yellow='\e[0;33m'
Blue='\e[0;34m'
Purple='\e[0;35m'
Cyan='\e[0;36m'
White='\e[0;37m'
# Bold
BBlack='\e[1;30m'
BRed='\e[1;31m'
BGreen='\e[1;32m'
BYellow='\e[1;33m'
BBlue='\e[1;34m'
BPurple='\e[1;35m'
BCyan='\e[1;36m'
BWhite='\e[1;37m'
# Underline
UBlack='\e[4;30m'
URed='\e[4;31m'
UGreen='\e[4;32m'
UYellow='\e[4;33m'
UBlue='\e[4;34m'
UPurple='\e[4;35m'
UCyan='\e[4;36m'
UWhite='\e[4;37m'
# Background
On_Black='\e[40m'
On_Red='\e[41m'
On_Green='\e[42m'
On_Yellow='\e[43m'
On_Blue='\e[44m'
On_Purple='\e[45m'
On_Cyan='\e[46m'
On_White='\e[47m'
# High Intensity
IBlack='\e[0;90m'
IRed='\e[0;91m'
IGreen='\e[0;92m'
IYellow='\e[0;93m'
IBlue='\e[0;94m'
IPurple='\e[0;95m'
ICyan='\e[0;96m'
IWhite='\e[0;97m'
# Bold High Intensity
BIBlack='\e[1;90m'
BIRed='\e[1;91m'
BIGreen='\e[1;92m'
BIYellow='\e[1;93m'
BIBlue='\e[1;94m'
BIPurple='\e[1;95m'
BICyan='\e[1;96m'
BIWhite='\e[1;97m'
# High Intensity backgrounds
On_IBlack='\e[0;100m'
On_IRed='\e[0;101m'
On_IGreen='\e[0;102m'
On_IYellow='\e[0;103m'
On_IBlue='\e[0;104m'
On_IPurple='\e[0;105m'
On_ICyan='\e[0;106m'
On_IWhite='\e[0;107m'
}
# Affiche le status avec en-tête coloré et timestamp
# (valeur de $1 : I=info, W=warning, E=error, pas d'entête si différent)
prnt() {
case $1 in
"I")
HEADS="[ ${IGreen}info${DEFAULTFG} ]"
shift
;;
"W")
HEADS="[ ${IYellow}Attention${DEFAULTFG} ]"
shift
;;
"E")
HEADS="[ ${IRed}ERREUR${DEFAULTFG} ]"
shift
;;
esac
echo -e "${IWhite}$(date $DATEFORMAT)${DEFAULTFG} ${HEADS} $@"
}
# Backup original installation files (or any old files if runned several time on same file)
backupdist()
{
[[ $# -lt 1 ]] && prnt E "backupdist(): Au moins un argument requis." && return 1
for file in $@; do
if [[ -e ${file} ]]; then
cp -av $file $file.dist.$(date --rfc-3339=seconds | sed -e 's/ /-/' -e 's/://g')
fi
done
}
# Install file to the host (specific first then general)
installfile()
{
local filelist=""
local i=0
[[ $# -lt 2 ]] && (
prnt E "installfile(): Au moins deux arguments requis."
return 1
)
[[ $(echo $@ | grep "\*\|\?") ]] && (
prnt E "installfile(): Les wildcards sont interdits."
return 2
)
for arg in $@; do
if [[ -f $BASEGPDIR/profile/$HOSTNAME/$arg ]]; then
filelist="$filelist $BASEGPDIR/profile/$HOSTNAME/$arg"
elif [[ -f $BASEGPDIR/profile/$arg ]]; then
filelist="$filelist $BASEGPDIR/profile/$arg"
else
filelist="$filelist $arg"
fi
done
for i in $filelist; do :; done
if [[ ! $i==/* ]]; then
prnt E "installfile(): Target must be on the root filesystem."
exit 3
fi
prnt I "Création su répertoire $(dirname $i) si nécessaire..."
mkdir -pv $(dirname $i)
prnt I "Copie des fichiers ${filelist}..."
cp -av $filelist
}
# Configuration du disque de calcul
conf_zfs()
{
# On crée les répertoires d'accueil
mkdir -pv /srv/ceph
mkdir -pv /share
# Upgrade of fstab file
# Mount Ceph volumes if required
[[ ! $(mount | grep "on /srv/ceph") ]] && mount -v /srv/ceph
[[ ! $(mount | grep "on /share") ]] && mount -v /share
}
# Blacklist some unwanted packages...
apt_blacklist()
{
[[ ! -d /etc/apt/preferences.d ]] && mkdir -pv /etc/apt/preferences.d
installfile avoid-apparmor avoid-chafa avoid-resolvconf /etc/apt/preferences.d
}
# Authentication
#FUNCLIST="$FUNCLIST authnz"
#authnz()
#{
# apt-get install nscd libpam-krb5 libnss-ldap libpam-ldap
#
# backupdist /etc/krb5.conf /etc/libnss-ldap.conf /etc/pam_ldap.conf /etc/nsswitch.conf \
# /etc/pam.d/common-session /etc/pam.d/common-account /etc/pam.d/common-password \
# /etc/pam.d/common-auth
# installfile krb5.conf libnss-ldap.conf pam_ldap.conf nsswitch.conf /etc
# installfile common-session common-account common-password common-auth /etc/pam.d
#
# /etc/init.d/nscd restart
#}
# Users (from Ldap)
#FUNCLIST="$FUNCLIST add_user"
#add_users()
#{
# backupdist /etc/passwd /etc/shadow /etc/group
# sed -i -e '/^fatal/d' /etc/passwd /etc/shadow /etc/group
# echo "+kroot::::::" >> /etc/passwd
# echo "+kroot::::::::" >> /etc/shadow
#}
# Locale
FUNCLIST="$FUNCLIST conf_locale"
conf_locale()
{
backupdist /etc/locale.gen
sed -i "/^# en_US.UTF-8 /s/^# //" /etc/locale.gen
locale-gen
}
# Additionnal packages (some are necessary to that script to end successfully)
install_pkg()
{
apt install -y $INSTLIST
}
# NTP
conf_ntp()
{
backupdist /etc/ntp.conf
installfile ntp.conf /etc/ntp.conf
}
# SSH server
conf_ssh()
{
backupdist /etc/ssh/ssh{,d}_config
sed -i -e '/^#PermitRootLogin/s/^#//' /etc/ssh/sshd_config
sed -i -e '/^PermitRootLogin /s/ .*/ yes/' /etc/ssh/sshd_config
/etc/init.d/ssh restart || true
$BASEGPDIR/ssh/getpubkey.sh
installfile ssh_config /etc/ssh/ssh_config
}
# Profile
install_profile()
{
installfile ansi_shadow.flf /usr/share/figlet/ansi_shadow.flf
for usr in /root /home/*; do
backupdist $usr/{,.}profile $usr/.bashrc
installfile {{.,}profile,.bashrc} $usr/
done
backupdist /etc/motd
installfile motd /etc/motd
}
# Supervision
patch_snmp()
{
backupdist /etc/snmp/snmpd.conf /etc/default/snmpd /lib/systemd/system/snmpd.service /etc/init.d/snmpd
installfile snmpd.conf /etc/snmp/snmpd.conf
installfile snmpd.init /etc/init.d/snmpd
[[ -e /lib/systemd/system/snmpd.service ]] &&
installfile snmpd.service /lib/systemd/system/snmpd.service
/etc/init.d/snmpd restart || true # error on systemd systems requiring reboot wich we'll do anyway after that script
}
install_mk-agent()
{
apt install -y $BASEGPDIR/mk_agents/check-mk-agent_${MKVERSION}_all.deb
backupdist /etc/xinetd.d/check_mk
installfile check_mk /etc/xinetd.d/check_mk
/etc/init.d/xinetd restart
}
# Syslog
conf_syslog()
{
backupdist /etc/rsyslog.conf
installfile rsyslog.conf /etc/rsyslog.conf
/etc/init.d/rsyslog restart
}
# Mail
conf_mail()
{
installfile postfix.cf /etc/postfix/main.cf
sed -i -e "s/#HOSTNAME#/$HOSTNAME/g" /etc/postfix/main.cf
/etc/init.d/postfix restart
}
# ======================
# ==== Main Program ====
# ======================
# Vérifie qu'on soit root
if [[ $
# Chargement de la configuration
[[ -s init.sh.conf ]] && . init.sh.conf || (
)
upgrade_dist
[[ ! $PVEHST ]] && install_ceph && conf_ceph
[[ ! $PVEHST ]] && apt_blacklist
#[[ ! $PVEHST ]] && authnz
#[[ ! $PVEHST ]] && add_users
conf_locale
install_pkg
conf_ntp
conf_ssh
install_profile
patch_snmp
install_mk-agent
conf_syslog
conf_mail
echo "That's all folks !"
echo "Après vérification des logs, il est recommandé de redémarrer la machine..."

19
modules/conf_zfs.sh Normal file
View File

@@ -0,0 +1,19 @@
# Configuration du disque de calcul
conf_zfs()
{
# On crée les répertoires d'accueil
mkdir -pv /calcul/$HOSTNAME
# Installation de ZFS
# Mount Ceph volumes if required
}
conf_disk()
{
case $CALCTYPE
}
export -f conf_disk

40
modules/upgrade_dist.sh Normal file
View File

@@ -0,0 +1,40 @@
#!/bin/bash
# Module mise à jour de la distribution
upgrade_dist()
{
local proxyfile=/etc/apt/apt.conf.d/00proxy
prnt I "Configuration du proxy pour APT..."
if [[ $PROXYSRV ]]; then
if [[ $PROXYPORT ]]; then
if [[ ! -d $(basedir $proxyfile) ]]; then
mkdir -pv /etc/apt/apt.conf.d || (
prnt E "Impossiblle de créer le répertoire d'accueil pour la configuration d'APT."
exit 10
)
fi
backupdist $proxyfile
echo "# Generated automatically on $(date $DATEFORMAT) by $0" > $proxyfile
echo "Acquire::http::Proxy \"http://${ACNGSRV}:3142\";" >> $proxyfile
else
prnt E "Un serveur proxy a été spécifié mais pas son port d'usage."
fi
else
prnt I "Pas de proxy configuré, ne fait rien."
fi
prnt I "Mise à jour de la liste des paquets..."
apt-get update
prnt I "Application des mises à jour de paquets..."
apt-get upgrade -y
prnt I "Suppression de paquets indésirables..."
apt-get remove --purge -y $RMLIST
prnt I "Suppression des paquets résiduels..."
apt autoremove --purge -y
}
export -f upgrade_dist