added tagfile and make use of it in modules
This commit is contained in:
@@ -211,6 +211,23 @@ patchfile()
|
||||
unset rights dstfile
|
||||
}
|
||||
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
# Put a small header in a file showing it have been automatically modified
|
||||
tagfile()
|
||||
{
|
||||
for f in $@; do
|
||||
local text="# File automatically modified by init.sh on $(stdtime)."
|
||||
if [[ -e $f ]]; then
|
||||
sed -i "1s/^/$text\n/" $f
|
||||
else
|
||||
echo $text > $f
|
||||
sed -i -e "s/modified/generated/" $f
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
# check a file exists and return error if not
|
||||
file_exists()
|
||||
|
||||
@@ -20,7 +20,7 @@
|
||||
# * DEFAULT_SHELL: The shell to use when creating new users
|
||||
# ------------------------------------------------------------------------------
|
||||
|
||||
export VER_authnz=0.1.4
|
||||
export VER_authnz=0.1.5
|
||||
export DEP_authnz="upgrade_dist"
|
||||
|
||||
# Users (from Ldap)
|
||||
@@ -42,6 +42,7 @@ create_user()
|
||||
{
|
||||
if [[ $(noerror --noout id $1) != 0 ]]; then
|
||||
prnt I "Creating user $1..."
|
||||
# The following should be replaced by a more universal version
|
||||
useradd --create-home --shell $DEFAULT_SHELL --user-group $1
|
||||
else
|
||||
prnt W "The user $1 already exists. Nothing to do..."
|
||||
@@ -52,6 +53,7 @@ create_user()
|
||||
authnz()
|
||||
{
|
||||
backupdist /etc/passwd /etc/shadow /etc/group
|
||||
tagfile /etc/passwd /etc/shadow /etc/group
|
||||
for usr in $REMOVE_USERS; do
|
||||
prnt I "Removing user $usr..."
|
||||
remove_user $usr
|
||||
@@ -67,18 +69,18 @@ authnz()
|
||||
installfile authnz/krb5.conf authnz/libnss-ldap.conf \
|
||||
authnz/pam_ldap.conf authnz/nsswitch.conf /etc
|
||||
|
||||
tagfile /etc/krb5.conf /etc/libnss-ldap.conf /etc/pam-ldap.conf
|
||||
sed -i -e "s/@REALM@/${REALM^^}/g" -e "s/@DOMAIN@/$REALM/g" \
|
||||
-e "s/@KDC_SERVER@/$KDC_SERVER/" -e "s/@KADM_SERVER@/$KADM_SERVER/" \
|
||||
/etc/krb5.conf
|
||||
sed -i -e "s/@BASE_CD@/$BASE_DC@/" -e "s/@LDAP_SERVER@/$LDAP_SERVER/" \
|
||||
/etc/libnss-ldap.conf
|
||||
sed -i -e "s/@BASE_CD@/$BASE_DC@/g" -e "s/@LDAP_SERVER@/$LDAP_SERVER/" \
|
||||
-e "s/@LDAP_ADM@/$LDAP_ADM/" /etc/libnss-ldap.conf
|
||||
-e "s/@LDAP_ADM@/$LDAP_ADM/" /etc/pam-ldap.conf
|
||||
|
||||
|
||||
installfile authnz/common-session authnz/common-account \
|
||||
authnz/common-password authnz/common-auth \
|
||||
/etc/pam.d
|
||||
installfile authnz/common-{session,account,password,auth} /etc/pam.d
|
||||
tagfile /etc/pam.d/common-{session,account,password,auth}
|
||||
|
||||
scv_restart nscd
|
||||
|
||||
|
||||
@@ -15,7 +15,7 @@
|
||||
# Mount points are hardcoded and should bet set differently
|
||||
# ------------------------------------------------------------------------------
|
||||
|
||||
export VER_conf_ceph="0.0.2"
|
||||
export VER_conf_ceph="0.0.3"
|
||||
export DEP_conf_ceph="upgrade_dist"
|
||||
|
||||
conf_ceph()
|
||||
@@ -26,6 +26,7 @@ conf_ceph()
|
||||
mkdir -pv /share
|
||||
|
||||
local success=undef
|
||||
local fstabchanged=false
|
||||
if [[ $CEPH_STATUS == ceph ]]; then
|
||||
# Install ceph package
|
||||
pkginst ceph-common
|
||||
@@ -34,6 +35,7 @@ conf_ceph()
|
||||
if [[ ! $(grep "# Ceph" /etc/hosts) ]]; then
|
||||
prnt I "Adding server list to /etc/hosts"
|
||||
backupdist /etc/hosts
|
||||
tagfile /etc/hosts
|
||||
echo >> /etc/hosts
|
||||
echo "# Ceph servers:" >> /etc/hosts
|
||||
for srv in $CEPH_SRV_NAMES; do
|
||||
@@ -47,6 +49,7 @@ conf_ceph()
|
||||
|
||||
backupdist /etc/fstab
|
||||
prnt I "Adding ceph entries to /etc/fstab"
|
||||
fstabchanged=true
|
||||
echo >> /etc/fstab
|
||||
local srvlist=$(echo $CEPH_SRV_NAMES | sed "s/ /,/g")
|
||||
if [[ ! $(grep $srvlist /etc/fstab) ]]; then
|
||||
@@ -58,10 +61,11 @@ conf_ceph()
|
||||
unset srvlist
|
||||
success=yes
|
||||
elif [[ $CEPH_STATUS == smb ]]; then
|
||||
pkginst smbclient
|
||||
pkginst smbclient
|
||||
|
||||
backupdist /etc/fstab
|
||||
prnt I "Adding Samba entries to /etc/fstab"
|
||||
fstabchanged=true
|
||||
echo >> /etc/fstab
|
||||
if [[ ! $(grep $SMBSRV /etc/fstab) ]]; then
|
||||
echo "# Samba:" >> /etc/fstab
|
||||
@@ -75,6 +79,7 @@ conf_ceph()
|
||||
fi
|
||||
if [[ $success == yes ]]; then
|
||||
if [[ ! $(grep "^/srv/ceph/share" /etc/fstab) ]]; then
|
||||
fstabchanged=true
|
||||
echo "/srv/ceph/share /share none defaults,_netdev,bind 0 0" >> /etc/fstab
|
||||
if [[ $SHARED_HOME == 1 ]]; then
|
||||
echo "/srv/ceph/share/home /home none defaults,_netdev,bind 0 0" >> /etc/fstab
|
||||
@@ -84,6 +89,11 @@ conf_ceph()
|
||||
prnt E "Failed creating original mount, not adding binded ones"
|
||||
fi
|
||||
|
||||
if [[ $fstabchanged == true ]]; then
|
||||
tagfile /etc/fstab
|
||||
fi
|
||||
unset fstabchanged
|
||||
|
||||
# Mount Ceph volumes if required
|
||||
prnt I "Mounting ceph volumes"
|
||||
[[ ! $(mount | grep "on /srv/ceph") ]] && mount -v /srv/ceph || mount -v /srv/ceph/share
|
||||
|
||||
@@ -20,13 +20,14 @@
|
||||
# Character table (ISO or UTF)
|
||||
# ------------------------------------------------------------------------------
|
||||
|
||||
export VER_conf_locale="0.1.2"
|
||||
export VER_conf_locale="0.1.3"
|
||||
|
||||
conf_locale()
|
||||
{
|
||||
pkginst locales locales-all
|
||||
local gen_fname=/etc/locale.gen
|
||||
backupdist $gen_fname
|
||||
tagfine $gen_fname
|
||||
|
||||
# Removing locales not in the list
|
||||
prnt I "Deactivating initial locales from installation..."
|
||||
@@ -54,7 +55,7 @@ conf_locale()
|
||||
|
||||
local sys_fname=/etc/default/locale
|
||||
backupdist $sys_fname
|
||||
echo "# Generated by init on $(stdtime)" > $sys_fname
|
||||
tagfile $sys_fname
|
||||
echo "LANG=$SYSLOCALE" >> $sys_fname
|
||||
for cfg in ADDRESS IDENTIFICATION MEASUREMENT MONETARY NAME NUMERIC PAPER \
|
||||
TELEPHONE TIME; do
|
||||
|
||||
@@ -13,7 +13,7 @@
|
||||
# * MAIL_RELAY: Name of the mail relay server
|
||||
# ------------------------------------------------------------------------------
|
||||
|
||||
export VER_conf_mail="0.0.4"
|
||||
export VER_conf_mail="0.0.5"
|
||||
export DEP_conf_mail="upgrade_dist"
|
||||
|
||||
conf_mail()
|
||||
@@ -21,11 +21,17 @@ conf_mail()
|
||||
prnt I "Installation de postfix..."
|
||||
pkginst postfix
|
||||
|
||||
local pfmain="/etc/postfix/main.cf"
|
||||
|
||||
prnt I "Configuration de postfix..."
|
||||
installfile postfix/main.cf /etc/postfix/main.cf
|
||||
installfile postfix/main.cf $pfmain
|
||||
tagfile $pfmain
|
||||
sed -i -e "s/@HOSTNAME@/$HOSTNAME/" -e "s/@REALM@/$REALM/" \
|
||||
-e "s/@MAIL_RELAY@/$MAIL_RELAY/" /etc/postfix/main.cf
|
||||
-e "s/@MAIL_RELAY@/$MAIL_RELAY/" $pfmain
|
||||
|
||||
tagfile /etc/mailname
|
||||
echo $HOSTNAME.$REALM > /etc/mailname
|
||||
|
||||
svc_restart postfix
|
||||
}
|
||||
|
||||
|
||||
@@ -20,7 +20,7 @@
|
||||
# * NET{4,6}_MANUAL_FILE_$iface: filename for manual configuration of $iface
|
||||
# ------------------------------------------------------------------------------
|
||||
|
||||
export VER_conf_syslog="0.0.1"
|
||||
export VER_conf_syslog="0.0.2"
|
||||
|
||||
conf_network()
|
||||
{
|
||||
@@ -29,6 +29,7 @@ conf_network()
|
||||
|
||||
# The interfaces header contain loopback interface declaration
|
||||
install_file interfaces.head $if_file
|
||||
tagfine $if_file
|
||||
|
||||
# First configure IPv4 ifaces
|
||||
local iface=
|
||||
|
||||
@@ -11,7 +11,7 @@
|
||||
# * NTPSERVERS: list of NTP servers
|
||||
# ------------------------------------------------------------------------------
|
||||
|
||||
export VER_conf_ntp="0.1.3"
|
||||
export VER_conf_ntp="0.1.4"
|
||||
export DEP_conf_ntp=""
|
||||
|
||||
conf_ntp()
|
||||
@@ -29,6 +29,7 @@ conf_ntp()
|
||||
prnt I "Installation du fichier de configuration de NTP."
|
||||
local dest="/etc/ntp.conf.work"
|
||||
backupdist /etc/ntp.conf
|
||||
tagfile $dest
|
||||
installfile ntp.conf $dest
|
||||
local line=""
|
||||
for srv in $NTP_SERVERS; do
|
||||
|
||||
@@ -11,7 +11,7 @@
|
||||
# none
|
||||
# ------------------------------------------------------------------------------
|
||||
|
||||
export VER_conf_ssh="0.1.0"
|
||||
export VER_conf_ssh="0.1.1"
|
||||
export DEP_conf_ssh="upgrade_dist"
|
||||
|
||||
conf_ssh()
|
||||
@@ -25,7 +25,8 @@ conf_ssh()
|
||||
prnt I "Installation des fichiers de configuration de SSH..."
|
||||
for f in /etc/ssh/ssh{,d}_config; do
|
||||
backupdist $f
|
||||
installfile ssh/$(basename $f) /etc/ssh/$(basename $f)
|
||||
installfile ssh/$(basename $f) $f
|
||||
tagfile $f
|
||||
done
|
||||
sed -i -e "s/@SSHD_PERMITROOT_RANGE@/$SSHD_PERMITROOT_RANGE/" /etc/ssh/sshd_config
|
||||
|
||||
|
||||
@@ -11,14 +11,16 @@
|
||||
# * SYSLOG_SRV: the syslog server name
|
||||
# ------------------------------------------------------------------------------
|
||||
|
||||
export VER_conf_syslog="0.0.2"
|
||||
export VER_conf_syslog="0.0.3"
|
||||
|
||||
conf_syslog()
|
||||
{
|
||||
local syslogconf=/etc/rsyslog.conf
|
||||
prnt I "Configuration de rsyslog..."
|
||||
backupdist /etc/rsyslog.conf
|
||||
installfile rsyslog.conf /etc/rsyslog.conf
|
||||
sed -i -e "s/@SYSLOG_SRV@/$SYSLOG_SRV/" /etc/rsyslog.conf
|
||||
backupdist $syslogconf
|
||||
installfile rsyslog.conf $syslogconf
|
||||
tagfile $syslogconf
|
||||
sed -i -e "s/@SYSLOG_SRV@/$SYSLOG_SRV/" $syslogconf
|
||||
svc_restart rsyslog
|
||||
}
|
||||
|
||||
|
||||
@@ -13,7 +13,7 @@
|
||||
# none
|
||||
# ------------------------------------------------------------------------------
|
||||
|
||||
export VER_install_chromium="0.0.1"
|
||||
export VER_install_chromium="0.0.2"
|
||||
export DEP_install_chromium="upgrade_dist"
|
||||
|
||||
install_chromium()
|
||||
@@ -30,6 +30,7 @@ install_chromium()
|
||||
|
||||
# Install package manager conf file for Chromium
|
||||
installfile apt_chromium.conf /etc/apt/preferences.d/
|
||||
tagfile /etc/apt/preferences.d/apt_chromium.conf
|
||||
|
||||
# Update package list and install
|
||||
prnt I "Mise à jour de la liste des dépots..."
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
# * MK_PORT: Port check_mk agent will use to communicate with server
|
||||
# ------------------------------------------------------------------------------
|
||||
|
||||
export VER_install_mkagent="0.0.4"
|
||||
export VER_install_mkagent="0.0.5"
|
||||
export DEP_install_mkagent="upgrade_dist install_pkg"
|
||||
|
||||
install_mkagent()
|
||||
@@ -23,9 +23,11 @@ install_mkagent()
|
||||
|
||||
backupdist /etc/xinetd.d/check_mk
|
||||
installfile cmk/check_mk /etc/xinetd.d/check_mk
|
||||
tagfile /etc/xinetd.d/check_mk
|
||||
sed -i -e "s/@MK_SERVER_IP@/$MK_SERVER_IP/" /etc/xinetd.d/check_mk
|
||||
|
||||
mkdir -pv /usr/lib/check_mk_agent/plugins/28800
|
||||
installfile cmk/mk_apt /usr/lib/check_mk_agent/plugins/28800/mk_apt
|
||||
sed -i -e "s/@MK_SERVER_IP@/$MK_SERVER_IP/" /etc/xinetd.d/check_mk
|
||||
|
||||
svc_restart xinetd
|
||||
}
|
||||
|
||||
@@ -13,7 +13,7 @@
|
||||
# * PKGSEL: List of package to install
|
||||
# ------------------------------------------------------------------------------
|
||||
|
||||
export VER_install_pkg="0.1.2"
|
||||
export VER_install_pkg="0.1.3"
|
||||
export DEP_install_pkg="upgrade_dist"
|
||||
|
||||
install_pkg()
|
||||
@@ -31,6 +31,7 @@ install_pkg()
|
||||
local dest=/etc/apt/preferences.d/blacklist_$pkg
|
||||
installfile pkgman/blacklist.conf $dest &&
|
||||
sed -i -e "s/@pkg@/pkg/" $dest
|
||||
tagfile $dest
|
||||
|
||||
# If blacklisted we suppose uninstall as well (if neeeded)
|
||||
pkgrm $pkg
|
||||
|
||||
@@ -8,7 +8,7 @@
|
||||
# https://opensource.org/licenses/BSD-3-Clause
|
||||
# ------------------------------------------------------------------------------
|
||||
|
||||
export VER_install_profile="0.0.4"
|
||||
export VER_install_profile="0.0.5"
|
||||
export DEP_install_profile="install_pkg"
|
||||
|
||||
install_profile()
|
||||
@@ -23,12 +23,15 @@ install_profile()
|
||||
for usr in $usrlist; do
|
||||
backupdist $usr/{.,}profile $usr/.bashrc
|
||||
installfile profile/{{.,}profile,.bashrc} $usr/
|
||||
tagfile $usr/{{.,}profile,.bashrc}
|
||||
installfile profile/.tmux/.tmux.conf{,.local} $usr/
|
||||
tagfile $usr/profile/.tmux/.tmux.conf{,.local}
|
||||
done
|
||||
unset usrlist
|
||||
|
||||
backupdist /etc/motd
|
||||
installfile profile/motd /etc/motd
|
||||
tagfile /etc/motd
|
||||
}
|
||||
|
||||
precheck_install_profile()
|
||||
|
||||
@@ -8,7 +8,7 @@
|
||||
# https://opensource.org/licenses/BSD-3-Clause
|
||||
# ------------------------------------------------------------------------------
|
||||
|
||||
export VER_patch_snmp="0.0.2"
|
||||
export VER_patch_snmp="0.0.3"
|
||||
export DEP_patch_snmp="install_pkg"
|
||||
|
||||
patch_snmp()
|
||||
@@ -17,9 +17,11 @@ patch_snmp()
|
||||
backupdist /etc/snmp/snmpd.conf /etc/default/snmpd \
|
||||
/lib/systemd/system/snmpd.service /etc/init.d/snmpd
|
||||
installfile snmpd/snmpd.conf /etc/snmp/snmpd.conf
|
||||
tagfile /etc/snmp/snmpd.conf
|
||||
# No longer required with Debian >= 11 or Devuan >= 4
|
||||
# installfile snmpd/snmpd.init /etc/init.d/snmpd
|
||||
installfile snmpd/snmpd.default /etc/default/snmpd
|
||||
tagfile /etc/default/snmpd
|
||||
if [[ -e /lib/systemd/system/snmpd.service ]]; then
|
||||
installfile snmpd/snmpd.service /lib/systemd/system/snmpd.service
|
||||
if command -v systemctl &> /dev/null; then
|
||||
@@ -31,7 +33,7 @@ patch_snmp()
|
||||
|
||||
precheck_patch_snmp()
|
||||
{
|
||||
file_exists snmpd/snmpd.{conf,init,default}
|
||||
file_exists snmpd/snmpd.{conf,default}
|
||||
if [[ -e /lib/systemd/system/snmpd.service ]]; then
|
||||
file_exists snmpd/snmpd.service
|
||||
fi
|
||||
|
||||
@@ -15,7 +15,7 @@
|
||||
# * PROXY_SRV_PORT: Working port for general purpose proxy if one declared
|
||||
# ------------------------------------------------------------------------------
|
||||
|
||||
export VER_upgrade_dist="0.2.1"
|
||||
export VER_upgrade_dist="0.2.2"
|
||||
|
||||
# As aptitude might fail if clock is too far from real time, we need to depend
|
||||
# on ntp
|
||||
@@ -29,7 +29,7 @@ upgrade_dist()
|
||||
# We backup entire apt dir as future version will normalise source.list files
|
||||
backupdist /etc/apt
|
||||
prnt I "Basic apt configuration..."
|
||||
echo "# Generated automatically on $(stdtime) by $0" > $norecommend
|
||||
tagfile $norecommend
|
||||
echo 'APT::Install-Recommends "false";' >> $norecommends
|
||||
echo 'APT::AutoRemove::RecommendsImportant "false";' >> $norecommends
|
||||
echo 'APT::AutoRemove::SuggestsImportant "false";' >> $norecommends
|
||||
@@ -42,10 +42,10 @@ upgrade_dist()
|
||||
die 60
|
||||
)
|
||||
fi
|
||||
echo "# Generated automatically on $(stdtime) by $0" > $proxyfile
|
||||
tagfile $proxyfile
|
||||
echo "Acquire::http::Proxy \"http://${PROXY_APT}:${PROXY_APT_PORT}\";" >> $proxyfile
|
||||
elif [[ -n $PROXY_SRV ]]; then
|
||||
echo "# Generated automatically on $(stdtime) by $0" > $proxyfile
|
||||
tagfile $proxyfile
|
||||
echo "Acquire::http::Proxy \"http://${PROXY_SRV}:${PROXY_SRV_PORT}\";" >> $proxyfile
|
||||
else
|
||||
prnt I "No proxy configured, nothing to do."
|
||||
|
||||
Reference in New Issue
Block a user