From a79d079cacebd0ed7f150ba8f473937a13215243 Mon Sep 17 00:00:00 2001 From: fatalerrors Date: Wed, 15 Dec 2021 10:55:18 +0100 Subject: [PATCH] added tagfile and make use of it in modules --- lib/filefct.sh | 17 +++++++++++++++++ modules/authnz.sh | 12 +++++++----- modules/conf_ceph.sh | 14 ++++++++++++-- modules/conf_locale.sh | 5 +++-- modules/conf_mail.sh | 12 +++++++++--- modules/conf_network.sh | 3 ++- modules/conf_ntp.sh | 3 ++- modules/conf_ssh.sh | 5 +++-- modules/conf_syslog.sh | 10 ++++++---- modules/install_chromium.sh | 3 ++- modules/install_mkagent.sh | 6 ++++-- modules/install_pkg.sh | 3 ++- modules/install_profile.sh | 5 ++++- modules/patch_snmp.sh | 6 ++++-- modules/upgrade_dist.sh | 8 ++++---- 15 files changed, 81 insertions(+), 31 deletions(-) diff --git a/lib/filefct.sh b/lib/filefct.sh index b7b67ca..a0de421 100644 --- a/lib/filefct.sh +++ b/lib/filefct.sh @@ -211,6 +211,23 @@ patchfile() unset rights dstfile } + +# ------------------------------------------------------------------------------ +# Put a small header in a file showing it have been automatically modified +tagfile() +{ + for f in $@; do + local text="# File automatically modified by init.sh on $(stdtime)." + if [[ -e $f ]]; then + sed -i "1s/^/$text\n/" $f + else + echo $text > $f + sed -i -e "s/modified/generated/" $f + fi + done +} + + # ------------------------------------------------------------------------------ # check a file exists and return error if not file_exists() diff --git a/modules/authnz.sh b/modules/authnz.sh index b4c951b..c1429c2 100644 --- a/modules/authnz.sh +++ b/modules/authnz.sh @@ -20,7 +20,7 @@ # * DEFAULT_SHELL: The shell to use when creating new users # ------------------------------------------------------------------------------ -export VER_authnz=0.1.4 +export VER_authnz=0.1.5 export DEP_authnz="upgrade_dist" # Users (from Ldap) @@ -42,6 +42,7 @@ create_user() { if [[ $(noerror --noout id $1) != 0 ]]; then prnt I "Creating user $1..." + # The following should be replaced by a more universal version useradd --create-home --shell $DEFAULT_SHELL --user-group $1 else prnt W "The user $1 already exists. Nothing to do..." @@ -52,6 +53,7 @@ create_user() authnz() { backupdist /etc/passwd /etc/shadow /etc/group + tagfile /etc/passwd /etc/shadow /etc/group for usr in $REMOVE_USERS; do prnt I "Removing user $usr..." remove_user $usr @@ -67,18 +69,18 @@ authnz() installfile authnz/krb5.conf authnz/libnss-ldap.conf \ authnz/pam_ldap.conf authnz/nsswitch.conf /etc + tagfile /etc/krb5.conf /etc/libnss-ldap.conf /etc/pam-ldap.conf sed -i -e "s/@REALM@/${REALM^^}/g" -e "s/@DOMAIN@/$REALM/g" \ -e "s/@KDC_SERVER@/$KDC_SERVER/" -e "s/@KADM_SERVER@/$KADM_SERVER/" \ /etc/krb5.conf sed -i -e "s/@BASE_CD@/$BASE_DC@/" -e "s/@LDAP_SERVER@/$LDAP_SERVER/" \ /etc/libnss-ldap.conf sed -i -e "s/@BASE_CD@/$BASE_DC@/g" -e "s/@LDAP_SERVER@/$LDAP_SERVER/" \ - -e "s/@LDAP_ADM@/$LDAP_ADM/" /etc/libnss-ldap.conf + -e "s/@LDAP_ADM@/$LDAP_ADM/" /etc/pam-ldap.conf - installfile authnz/common-session authnz/common-account \ - authnz/common-password authnz/common-auth \ - /etc/pam.d + installfile authnz/common-{session,account,password,auth} /etc/pam.d + tagfile /etc/pam.d/common-{session,account,password,auth} scv_restart nscd diff --git a/modules/conf_ceph.sh b/modules/conf_ceph.sh index 7b9bce0..98a5214 100644 --- a/modules/conf_ceph.sh +++ b/modules/conf_ceph.sh @@ -15,7 +15,7 @@ # Mount points are hardcoded and should bet set differently # ------------------------------------------------------------------------------ -export VER_conf_ceph="0.0.2" +export VER_conf_ceph="0.0.3" export DEP_conf_ceph="upgrade_dist" conf_ceph() @@ -26,6 +26,7 @@ conf_ceph() mkdir -pv /share local success=undef + local fstabchanged=false if [[ $CEPH_STATUS == ceph ]]; then # Install ceph package pkginst ceph-common @@ -34,6 +35,7 @@ conf_ceph() if [[ ! $(grep "# Ceph" /etc/hosts) ]]; then prnt I "Adding server list to /etc/hosts" backupdist /etc/hosts + tagfile /etc/hosts echo >> /etc/hosts echo "# Ceph servers:" >> /etc/hosts for srv in $CEPH_SRV_NAMES; do @@ -47,6 +49,7 @@ conf_ceph() backupdist /etc/fstab prnt I "Adding ceph entries to /etc/fstab" + fstabchanged=true echo >> /etc/fstab local srvlist=$(echo $CEPH_SRV_NAMES | sed "s/ /,/g") if [[ ! $(grep $srvlist /etc/fstab) ]]; then @@ -58,10 +61,11 @@ conf_ceph() unset srvlist success=yes elif [[ $CEPH_STATUS == smb ]]; then - pkginst smbclient + pkginst smbclient backupdist /etc/fstab prnt I "Adding Samba entries to /etc/fstab" + fstabchanged=true echo >> /etc/fstab if [[ ! $(grep $SMBSRV /etc/fstab) ]]; then echo "# Samba:" >> /etc/fstab @@ -75,6 +79,7 @@ conf_ceph() fi if [[ $success == yes ]]; then if [[ ! $(grep "^/srv/ceph/share" /etc/fstab) ]]; then + fstabchanged=true echo "/srv/ceph/share /share none defaults,_netdev,bind 0 0" >> /etc/fstab if [[ $SHARED_HOME == 1 ]]; then echo "/srv/ceph/share/home /home none defaults,_netdev,bind 0 0" >> /etc/fstab @@ -84,6 +89,11 @@ conf_ceph() prnt E "Failed creating original mount, not adding binded ones" fi + if [[ $fstabchanged == true ]]; then + tagfile /etc/fstab + fi + unset fstabchanged + # Mount Ceph volumes if required prnt I "Mounting ceph volumes" [[ ! $(mount | grep "on /srv/ceph") ]] && mount -v /srv/ceph || mount -v /srv/ceph/share diff --git a/modules/conf_locale.sh b/modules/conf_locale.sh index 8db4290..87fb16e 100644 --- a/modules/conf_locale.sh +++ b/modules/conf_locale.sh @@ -20,13 +20,14 @@ # Character table (ISO or UTF) # ------------------------------------------------------------------------------ -export VER_conf_locale="0.1.2" +export VER_conf_locale="0.1.3" conf_locale() { pkginst locales locales-all local gen_fname=/etc/locale.gen backupdist $gen_fname + tagfine $gen_fname # Removing locales not in the list prnt I "Deactivating initial locales from installation..." @@ -54,7 +55,7 @@ conf_locale() local sys_fname=/etc/default/locale backupdist $sys_fname - echo "# Generated by init on $(stdtime)" > $sys_fname + tagfile $sys_fname echo "LANG=$SYSLOCALE" >> $sys_fname for cfg in ADDRESS IDENTIFICATION MEASUREMENT MONETARY NAME NUMERIC PAPER \ TELEPHONE TIME; do diff --git a/modules/conf_mail.sh b/modules/conf_mail.sh index 80df422..1a01f84 100644 --- a/modules/conf_mail.sh +++ b/modules/conf_mail.sh @@ -13,7 +13,7 @@ # * MAIL_RELAY: Name of the mail relay server # ------------------------------------------------------------------------------ -export VER_conf_mail="0.0.4" +export VER_conf_mail="0.0.5" export DEP_conf_mail="upgrade_dist" conf_mail() @@ -21,11 +21,17 @@ conf_mail() prnt I "Installation de postfix..." pkginst postfix + local pfmain="/etc/postfix/main.cf" + prnt I "Configuration de postfix..." - installfile postfix/main.cf /etc/postfix/main.cf + installfile postfix/main.cf $pfmain + tagfile $pfmain sed -i -e "s/@HOSTNAME@/$HOSTNAME/" -e "s/@REALM@/$REALM/" \ - -e "s/@MAIL_RELAY@/$MAIL_RELAY/" /etc/postfix/main.cf + -e "s/@MAIL_RELAY@/$MAIL_RELAY/" $pfmain + + tagfile /etc/mailname echo $HOSTNAME.$REALM > /etc/mailname + svc_restart postfix } diff --git a/modules/conf_network.sh b/modules/conf_network.sh index 7ff9f9d..d44f239 100644 --- a/modules/conf_network.sh +++ b/modules/conf_network.sh @@ -20,7 +20,7 @@ # * NET{4,6}_MANUAL_FILE_$iface: filename for manual configuration of $iface # ------------------------------------------------------------------------------ -export VER_conf_syslog="0.0.1" +export VER_conf_syslog="0.0.2" conf_network() { @@ -29,6 +29,7 @@ conf_network() # The interfaces header contain loopback interface declaration install_file interfaces.head $if_file + tagfine $if_file # First configure IPv4 ifaces local iface= diff --git a/modules/conf_ntp.sh b/modules/conf_ntp.sh index 4d5308c..02b1fe6 100644 --- a/modules/conf_ntp.sh +++ b/modules/conf_ntp.sh @@ -11,7 +11,7 @@ # * NTPSERVERS: list of NTP servers # ------------------------------------------------------------------------------ -export VER_conf_ntp="0.1.3" +export VER_conf_ntp="0.1.4" export DEP_conf_ntp="" conf_ntp() @@ -29,6 +29,7 @@ conf_ntp() prnt I "Installation du fichier de configuration de NTP." local dest="/etc/ntp.conf.work" backupdist /etc/ntp.conf + tagfile $dest installfile ntp.conf $dest local line="" for srv in $NTP_SERVERS; do diff --git a/modules/conf_ssh.sh b/modules/conf_ssh.sh index 92e03f3..926d1e7 100644 --- a/modules/conf_ssh.sh +++ b/modules/conf_ssh.sh @@ -11,7 +11,7 @@ # none # ------------------------------------------------------------------------------ -export VER_conf_ssh="0.1.0" +export VER_conf_ssh="0.1.1" export DEP_conf_ssh="upgrade_dist" conf_ssh() @@ -25,7 +25,8 @@ conf_ssh() prnt I "Installation des fichiers de configuration de SSH..." for f in /etc/ssh/ssh{,d}_config; do backupdist $f - installfile ssh/$(basename $f) /etc/ssh/$(basename $f) + installfile ssh/$(basename $f) $f + tagfile $f done sed -i -e "s/@SSHD_PERMITROOT_RANGE@/$SSHD_PERMITROOT_RANGE/" /etc/ssh/sshd_config diff --git a/modules/conf_syslog.sh b/modules/conf_syslog.sh index ae9aea3..e10cf5f 100644 --- a/modules/conf_syslog.sh +++ b/modules/conf_syslog.sh @@ -11,14 +11,16 @@ # * SYSLOG_SRV: the syslog server name # ------------------------------------------------------------------------------ -export VER_conf_syslog="0.0.2" +export VER_conf_syslog="0.0.3" conf_syslog() { + local syslogconf=/etc/rsyslog.conf prnt I "Configuration de rsyslog..." - backupdist /etc/rsyslog.conf - installfile rsyslog.conf /etc/rsyslog.conf - sed -i -e "s/@SYSLOG_SRV@/$SYSLOG_SRV/" /etc/rsyslog.conf + backupdist $syslogconf + installfile rsyslog.conf $syslogconf + tagfile $syslogconf + sed -i -e "s/@SYSLOG_SRV@/$SYSLOG_SRV/" $syslogconf svc_restart rsyslog } diff --git a/modules/install_chromium.sh b/modules/install_chromium.sh index fb014b6..0790411 100644 --- a/modules/install_chromium.sh +++ b/modules/install_chromium.sh @@ -13,7 +13,7 @@ # none # ------------------------------------------------------------------------------ -export VER_install_chromium="0.0.1" +export VER_install_chromium="0.0.2" export DEP_install_chromium="upgrade_dist" install_chromium() @@ -30,6 +30,7 @@ install_chromium() # Install package manager conf file for Chromium installfile apt_chromium.conf /etc/apt/preferences.d/ + tagfile /etc/apt/preferences.d/apt_chromium.conf # Update package list and install prnt I "Mise à jour de la liste des dépots..." diff --git a/modules/install_mkagent.sh b/modules/install_mkagent.sh index 34710c7..1f16910 100644 --- a/modules/install_mkagent.sh +++ b/modules/install_mkagent.sh @@ -12,7 +12,7 @@ # * MK_PORT: Port check_mk agent will use to communicate with server # ------------------------------------------------------------------------------ -export VER_install_mkagent="0.0.4" +export VER_install_mkagent="0.0.5" export DEP_install_mkagent="upgrade_dist install_pkg" install_mkagent() @@ -23,9 +23,11 @@ install_mkagent() backupdist /etc/xinetd.d/check_mk installfile cmk/check_mk /etc/xinetd.d/check_mk + tagfile /etc/xinetd.d/check_mk + sed -i -e "s/@MK_SERVER_IP@/$MK_SERVER_IP/" /etc/xinetd.d/check_mk + mkdir -pv /usr/lib/check_mk_agent/plugins/28800 installfile cmk/mk_apt /usr/lib/check_mk_agent/plugins/28800/mk_apt - sed -i -e "s/@MK_SERVER_IP@/$MK_SERVER_IP/" /etc/xinetd.d/check_mk svc_restart xinetd } diff --git a/modules/install_pkg.sh b/modules/install_pkg.sh index 5c5cf0f..04b68b6 100644 --- a/modules/install_pkg.sh +++ b/modules/install_pkg.sh @@ -13,7 +13,7 @@ # * PKGSEL: List of package to install # ------------------------------------------------------------------------------ -export VER_install_pkg="0.1.2" +export VER_install_pkg="0.1.3" export DEP_install_pkg="upgrade_dist" install_pkg() @@ -31,6 +31,7 @@ install_pkg() local dest=/etc/apt/preferences.d/blacklist_$pkg installfile pkgman/blacklist.conf $dest && sed -i -e "s/@pkg@/pkg/" $dest + tagfile $dest # If blacklisted we suppose uninstall as well (if neeeded) pkgrm $pkg diff --git a/modules/install_profile.sh b/modules/install_profile.sh index 2e606d7..ed889e4 100644 --- a/modules/install_profile.sh +++ b/modules/install_profile.sh @@ -8,7 +8,7 @@ # https://opensource.org/licenses/BSD-3-Clause # ------------------------------------------------------------------------------ -export VER_install_profile="0.0.4" +export VER_install_profile="0.0.5" export DEP_install_profile="install_pkg" install_profile() @@ -23,12 +23,15 @@ install_profile() for usr in $usrlist; do backupdist $usr/{.,}profile $usr/.bashrc installfile profile/{{.,}profile,.bashrc} $usr/ + tagfile $usr/{{.,}profile,.bashrc} installfile profile/.tmux/.tmux.conf{,.local} $usr/ + tagfile $usr/profile/.tmux/.tmux.conf{,.local} done unset usrlist backupdist /etc/motd installfile profile/motd /etc/motd + tagfile /etc/motd } precheck_install_profile() diff --git a/modules/patch_snmp.sh b/modules/patch_snmp.sh index 13edbd8..e10d783 100644 --- a/modules/patch_snmp.sh +++ b/modules/patch_snmp.sh @@ -8,7 +8,7 @@ # https://opensource.org/licenses/BSD-3-Clause # ------------------------------------------------------------------------------ -export VER_patch_snmp="0.0.2" +export VER_patch_snmp="0.0.3" export DEP_patch_snmp="install_pkg" patch_snmp() @@ -17,9 +17,11 @@ patch_snmp() backupdist /etc/snmp/snmpd.conf /etc/default/snmpd \ /lib/systemd/system/snmpd.service /etc/init.d/snmpd installfile snmpd/snmpd.conf /etc/snmp/snmpd.conf + tagfile /etc/snmp/snmpd.conf # No longer required with Debian >= 11 or Devuan >= 4 # installfile snmpd/snmpd.init /etc/init.d/snmpd installfile snmpd/snmpd.default /etc/default/snmpd + tagfile /etc/default/snmpd if [[ -e /lib/systemd/system/snmpd.service ]]; then installfile snmpd/snmpd.service /lib/systemd/system/snmpd.service if command -v systemctl &> /dev/null; then @@ -31,7 +33,7 @@ patch_snmp() precheck_patch_snmp() { - file_exists snmpd/snmpd.{conf,init,default} + file_exists snmpd/snmpd.{conf,default} if [[ -e /lib/systemd/system/snmpd.service ]]; then file_exists snmpd/snmpd.service fi diff --git a/modules/upgrade_dist.sh b/modules/upgrade_dist.sh index 2f8fcba..94d1d47 100644 --- a/modules/upgrade_dist.sh +++ b/modules/upgrade_dist.sh @@ -15,7 +15,7 @@ # * PROXY_SRV_PORT: Working port for general purpose proxy if one declared # ------------------------------------------------------------------------------ -export VER_upgrade_dist="0.2.1" +export VER_upgrade_dist="0.2.2" # As aptitude might fail if clock is too far from real time, we need to depend # on ntp @@ -29,7 +29,7 @@ upgrade_dist() # We backup entire apt dir as future version will normalise source.list files backupdist /etc/apt prnt I "Basic apt configuration..." - echo "# Generated automatically on $(stdtime) by $0" > $norecommend + tagfile $norecommend echo 'APT::Install-Recommends "false";' >> $norecommends echo 'APT::AutoRemove::RecommendsImportant "false";' >> $norecommends echo 'APT::AutoRemove::SuggestsImportant "false";' >> $norecommends @@ -42,10 +42,10 @@ upgrade_dist() die 60 ) fi - echo "# Generated automatically on $(stdtime) by $0" > $proxyfile + tagfile $proxyfile echo "Acquire::http::Proxy \"http://${PROXY_APT}:${PROXY_APT_PORT}\";" >> $proxyfile elif [[ -n $PROXY_SRV ]]; then - echo "# Generated automatically on $(stdtime) by $0" > $proxyfile + tagfile $proxyfile echo "Acquire::http::Proxy \"http://${PROXY_SRV}:${PROXY_SRV_PORT}\";" >> $proxyfile else prnt I "No proxy configured, nothing to do."