From b71a0c2ee865d8497cf8de0aafc9a35c95d94d58 Mon Sep 17 00:00:00 2001 From: fatalerrors Date: Thu, 18 Nov 2021 14:53:11 +0100 Subject: [PATCH] added file dependency check, switched back to english, smaller fix and improvements --- conf/includes/pkgsel.base.conf.sh | 20 +++--- init.sh | 60 +++++++++-------- lib/aaa_errors.sh | 16 ++--- lib/display.sh | 14 ++-- lib/filefct.sh | 34 +++++++--- lib/pkgman.sh | 52 +++++++------- lib/services.sh | 4 +- lib/zzz_main_fct.sh | 50 +++++++------- mk_archive.sh | 4 +- modules/authnz.sh | 39 ++++++++--- modules/conf_ceph.sh | 108 ++++++++++++++++++++++++++++++ modules/conf_locale.sh | 25 ++++--- modules/conf_mail.sh | 8 ++- modules/conf_ntp.sh | 14 ++-- modules/conf_ssh.sh | 4 +- modules/conf_syslog.sh | 13 +++- modules/install_mkagent.sh | 23 +++++-- modules/install_profile.sh | 12 ++-- modules/patch_snmp.sh | 17 +++-- modules/select_system_proxy.sh | 2 +- modules/upgrade_dist.sh | 14 ++-- 21 files changed, 360 insertions(+), 173 deletions(-) create mode 100644 modules/conf_ceph.sh diff --git a/conf/includes/pkgsel.base.conf.sh b/conf/includes/pkgsel.base.conf.sh index 8ccbc30..9448193 100644 --- a/conf/includes/pkgsel.base.conf.sh +++ b/conf/includes/pkgsel.base.conf.sh @@ -1,19 +1,19 @@ -# Liste de paquets pour installation - Serveur minimale +# List of package to install - Minimal server -# Paquets à enlever après installation -export PKGS_RMLIST="apparmor laptop-detect resolvconf snapd" +# Packages to remove after installation +export PKGS_RMLIST="apparmor laptop-detect resolvconf snapd xauth wamerican chafa" -# Paquets dont l'installation est interdite -export PKGS_BLACKLIST="apparmor resolvconf snapd" +# Packages where installation is forbidden +export PKGS_BLACKLIST="apparmor resolvconf chafa snapd" # Base -export PKGS_BASE="debconf-utils debhelper deborphan ethtool hardinfo \ - cpufrequtils hwinfo lm-sensors libatasmart-bin lsscsi pciutils perl-doc \ - environment-modules vim emacs-nox mailutils htop lsof ltrace strace \ +export PKGS_BASE="debconf-utils debhelper deborphan ethtool cpufrequtils \ + hwinfo lm-sensors libatasmart-bin lsscsi pciutils vim emacs-nox \ + mailutils htop lsof ltrace strace bash-completion host dnsutils \ sysbench sysstat ifstat iftop iotop mtr-tiny tcpdump mc pbzip2 pigz \ xz-utils zip unzip plzip lzip ftp lftp bc dc dos2unix psmisc udunits-bin \ whois tmux screen debconf-doc dump figlet gawk gpm multitail neofetch nmap \ - nscd oping pv whois traceroute rsync" + oping pv whois traceroute rsync" -# Agrégation de tout par défaut +# Agregation of the package lists export PKGSEL="$PKGS_BASE" diff --git a/init.sh b/init.sh index e6ad95b..eddccb3 100755 --- a/init.sh +++ b/init.sh @@ -55,8 +55,8 @@ unset lib # ============================= function_exists prnt || ( - echo "*** ERREUR FATALE !" - echo "*** Il manque des fonctions vitales venant des bibliothèques." + echo "*** FATAL ERROR!" + echo "*** Some vital functions comming from libraries are missing." exit 3 ) @@ -89,7 +89,7 @@ else export LOGFILE=${LOGFILE:-"$MYPATH/log/init-$(uname -n)-$(stdtime).log"} fi -prnt I "Création du répertoire d'accueil du fichier log..." +prnt I "Creating log files welcoming directory..." if [[ ! -d $(dirname $LOGFILE) ]]; then mkdir -pv $(dirname $LOGFILE) fi @@ -99,12 +99,12 @@ exec 3>&1 4>&2 trap 'exec 2>&4 1>&3' 0 1 2 3 exec > >(tee -a $LOGFILE) exec 2> >(tee -a $LOGFILE >&2) -prnt I "Démarrage d'init version $VERSION." -prnt I "Le fichier de log est $LOGFILE." +prnt I "Starting init.sh version $VERSION." +prnt I "The log file is $LOGFILE." if [[ -n $SYS_CODE ]]; then - prnt I "Lancé sur $SYS_DIST version $SYS_VER ($SYS_CODE) architecture $SYS_ARCH" + prnt I "Launch on $SYS_DIST version $SYS_VER ($SYS_CODE) on $SYS_ARCH architecture" else - prnt I "Lancé sur $SYS_DIST version $SYS_VER architecture $SYS_ARCH" + prnt I "Launch on $SYS_DIST version $SYS_VER on $SYS_ARCH architecture" fi # -- Cannot be a function ends here @@ -112,7 +112,7 @@ fi if [[ -n $CHROOT_PATH && -z $CHROOT_DONE ]]; then chroot_bootstrap $@ - prnt I "Fin normale d'execution chrootée !" + prnt I "Normal end of chrooted execution!" exit 0 fi @@ -121,7 +121,7 @@ load_autoconf load_configuration # Load pre and post actions for package manager -for prepost in $MYPATH/prepost/*.sh; do +for prepost in $MYPATH/prepost.d/*.sh; do . $prepost done unset $prepost @@ -142,9 +142,9 @@ done unset mod if [[ $RUN_SHELL == true ]]; then - prnt I "Lancement d'un shell intéractif..." + prnt I "Launching an interactive shell..." bash --rcfile $MYPATH/bash.rc -i - prnt I "Sortie du script après exécution du shell." + prnt I "Script execution terminated after interactive shell execution." exit 0 fi @@ -162,14 +162,20 @@ if [[ $CRON_MODE == true ]]; then exit 0 fi +# Install basic dependencies if needed +if ! command -v wget &> /dev/null; then + prnt I "Installing wget as a requirement for init.sh to work..." + pkginst wget +fi + # Run prechecks if [[ JUMP != true ]]; then tmpfile=$(mktemp /tmp/init-XXXXXX) if [[ -n $MANUAL_MODULE_LIST ]]; then - prnt W "La vérification des dépendences est désactivé avec une liste manuelle de module." + prnt W "Dependency checks are deactivated with a manual module list." fi if [[ $NO_DEPS == true ]]; then - prnt W "La vérification des dépendences à été désactivée manuellement." + prnt W "Dependency checks have been deactivated manually." fi if [[ $RESUME == true ]]; then cat $STAGE_FILE >> $tmpfile @@ -177,16 +183,16 @@ if [[ JUMP != true ]]; then for mod in $MODULE_LIST; do version=VER_$mod if [[ $RESUME == true ]] && [[ $(grep $mod $STAGE_FILE) ]]; then - prnt I "Vérification précédemment exécuté pour $mod version ${!version}." + prnt I "Checks previously executed for $mod version ${!version}." continue fi - prnt I "Vérification initiale pour $mod version ${!version}..." + prnt I "Running initial checks for $mod version ${!version}..." if [[ -z $MANUAL_MODULE_LIST && $NO_DEPS != true ]]; then deps=DEP_$mod for dep in ${!deps}; do if [[ ! $(grep $dep $tmpfile) ]]; then - prnt E "Le module $mod a des dépendances non satisfaite ou est exécuté trop tôt." - prnt E " * $dep doit être exécuté avant $mod, vérifiez votre liste de modules." + prnt E "Module $mod have unsatisfied dependencies or is executed too early." + prnt E " * $dep must be executed before $mod, please check your module list." die 9 fi done @@ -201,28 +207,28 @@ fi # If we only checks, we stop here if [[ $CHECK_ONLY == true ]]; then - prnt I "Mode de vérification seulement, on s'arrête là." + prnt I "Checking mode only, not going any further." exit 0 fi if [[ $JUMP == true ]]; then - prnt W "Les vérification sont évités, attention !" + prnt W "Not doing any checks, please use with care!" else - prnt I "Toutes les vérification ont été faites." + prnt I "All checks have been run successfully." fi echo if [[ $KEEPGOING == true ]]; then - echo -e "${BRed}ATTENTION : Vous avez demandé la poursuite du script en cas d'erreur.${DEFAULTCOL}" - echo -e "${BRed}ATTENTION : Cette option peut produires des résultats chaotiques.${DEFAULTCOL}" - echo -e "${BRed}ATTENTION : Cette option ne devrait être utilisé que sur système de test.${DEFAULTCOL}" + echo -e "${BRed}ATTENTION : You asked to continue the script even if error occurs.${DEFAULTCOL}" + echo -e "${BRed}ATTENTION : That option could produce some chaotic results.${DEFAULTCOL}" + echo -e "${BRed}ATTENTION : That option should be only used on test systems.${DEFAULTCOL}" echo fi -echo -e "${BYellow}Si vous continuez après cette étape le système sera modifié !${DEFAULTCOL}" +echo -e "${BYellow}If you continue after that step system will have changes!${DEFAULTCOL}" echo dump_key_buffer -read -n 1 -rsp $"Appuyer sur la touche pour continuer ou une autre pour s'arrêter..." key +read -n 1 -rsp $"Press pour key to continue or an other one to stop now..." key echo if [[ $key == "C" || $key == 'c' ]]; then @@ -233,14 +239,14 @@ if [[ $key == "C" || $key == 'c' ]]; then fi # We need this only if JUMP is set but doesn't matter if it's done again version=VER_$mod - prnt I "Application des modifications pour $mod version ${!version}..." + prnt I "Applying changes for $mod version ${!version}..." $mod echo $mod >> $STAGE_FILE # Mark as done for resuming function done unset mod echo else - echo -e "${Yellow}Le système n'a subit aucune modifications.${DEFAULTCOL}" + echo -e "${Yellow}The system has not undergone any modification.${DEFAULTCOL}" echo fi diff --git a/lib/aaa_errors.sh b/lib/aaa_errors.sh index 2f39c8a..5ad7880 100644 --- a/lib/aaa_errors.sh +++ b/lib/aaa_errors.sh @@ -19,12 +19,12 @@ function die() trap - ERR if [[ "$KEEPGOING" != "true" ]] || [[ "$2" == "--force" ]]; then - prnt E "Sortie prématuré avec erreur (code #$errorcode)." + prnt E "Premature exit with error (code #$errorcode)." # We remove KEEPGOING in case of --force so error() behave correctly export KEEPGOING=false exit $errorcode else - prnt W "On continue malgrés l'erreur #$errorcode." + prnt W "Continuing despite error #$errorcode." fi unset errorcode @@ -38,7 +38,7 @@ export -f die # Function trigered on Ctrl+C pressed or external kill affecting us function terminate() { - prnt E "$1 reçu, sortie immédiate." + prnt E "$1 recieved, exiting at once." die 128 --force } trap "terminate 'Ctrl + C'" SIGINT @@ -54,13 +54,13 @@ function error() local code="${3:-1}" # Print error header - prnt E "${BIWhite}*** ${BIRed}Une erreur fatale est intervenue, le script va s'arrêter immédiatement !$DEFAULTCOL" + prnt E "${BIWhite}*** ${BIRed}A fatal error occured, the script will stop now!$DEFAULTCOL" if [[ -n "$message" ]]; then - prnt E "Erreur ligne $parent_lineno, code d'erreur $code avec le message :" + prnt E "Error line $parent_lineno, code $code with message:" echo -e "\t\t$message" else - prnt E "Erreur ligne $(caller), avec le code d'erreur $code." + prnt E "Error ligne $(caller), with error code $code." fi unset parent_lineno message code } @@ -85,7 +85,7 @@ function err_exit # Print a backtrace function backtrace { - echo "======== Pile d'appel ========" + echo "========= Call stack =========" typeset -i i=0 local func= @@ -134,7 +134,7 @@ check_root() return 0 fi if [[ $EUID -ne 0 ]]; then - prnt E "Ce script doit être démarré en tant que root. Arrêt." + prnt E "That script must be run with root privileges." die 4 --force fi } diff --git a/lib/display.sh b/lib/display.sh index 4626cd6..7fe2122 100644 --- a/lib/display.sh +++ b/lib/display.sh @@ -89,7 +89,7 @@ export On_IWhite='\e[0;107m' # ------------------------------------------------------------------------------ # Display status with color and timestamp # (-n on first parameter to stay on the same line) -# ($1 accepted values: I=info, W=warning, E=error, m=des espaces (allignement) +# ($1 accepted values: I=info, W=warning, E=error, m=spaces (alignment) # no header if anything else) prnt() { @@ -101,19 +101,19 @@ prnt() fi case $1 in "I") - local heads="[ ${IGreen}info${DEFAULTFG} ]" - shift ## + local heads="[ ${IGreen}info${DEFAULTFG} ]" + shift ;; "W") - local heads="[${IYellow}Attention${DEFAULTFG}]" + local heads="[${IYellow}Warning${DEFAULTFG}]" shift ;; "E") - local heads="[ ${IRed}ERREUR${DEFAULTFG} ]" + local heads="[ ${IRed}ERROR${DEFAULTFG} ]" shift ;; "m") - local heads=" " + local heads=" " shift ;; esac @@ -134,7 +134,7 @@ dsleep() if [[ -n $2 ]]; then echo -n "$2" else - echo -n "${i} " + echo -n " ${i}" fi (( i=i-1 )) sleep 1 diff --git a/lib/filefct.sh b/lib/filefct.sh index e58994e..0aa3c35 100644 --- a/lib/filefct.sh +++ b/lib/filefct.sh @@ -24,23 +24,24 @@ backupdist() local tmstmp=$(stdtime) if [[ -L ${file} ]]; then # With symbolik links we call again backupdist to treat target + prnt I "Following the symbolic link $file to do a proper backup..." backupdist $(readlink -f ${file}) elif [[ -f ${file} ]]; then - prnt I "Création d'une sauvegarde de ${file} du $tmstmp..." + prnt I "Creating a backup of ${file} on $tmstmp..." cp -av $file ${file}.dist.${tmstmp} if [[ $? -ne 0 ]]; then - prnt E "backupdist(): Échec de copie du fichier." + prnt E "backupdist(): Failed copying file." die 12 fi elif [[ -d ${file} ]]; then - prnt I "Création d'une sauvegarde du répertoire ${file} du $tmstmp..." + prnt I "Creation a backup of the directory ${file} on $tmstmp..." cp -av $file ${file}.dist.${tmstmp} if [[ $? -ne 0 ]]; then - prnt E "backupdist(): Échec de copie du répertoire." + prnt E "backupdist(): Failed copyind directory recursively." die 12 fi else - prnt W "backupdist(): $file n'existe pas, rien à faire." + prnt W "backupdist(): $file don't exists, nothing to do." fi unset tmstmp done @@ -103,14 +104,14 @@ installfile() unset file if [[ -d $(dirname $i) ]]; then - prnt I "Création du répertoire $(dirname $i) d'accueil..." + prnt I "Creating required target directory $(dirname $i)..." mkdir -pv $(dirname $i) if [[ $? -ne 0 ]]; then - prnt E "installfile(): Can't create target dirrectory!" + prnt E "installfile(): Can't create target directory!" die 12 fi fi - prnt I "Copie des fichiers ${filelist}..." + prnt I "Copying files ${filelist} to target directory $(dirname $i)..." cp -av $filelist if [[ $? -ne 0 ]]; then prnt E "installfile(): Couldn't copy some required files!" @@ -135,7 +136,7 @@ appendfile() die 13 fi - prnt I "Ajout de contenu au fichier $dstfile..." + prnt I "Adding content to file $dstfile..." cat $srcfile >> $dstfile if [[ $? -ne 0 ]]; then prnt E "appendfile(): Couldn't append a file!" @@ -176,7 +177,7 @@ patchfile() local workfile=${dstfile}.work if [[ ! -s $srcfile ]]; then - prnt E "Le fichier source est vide, n'est pas un fichier ou n'existe pas" + prnt E "The source file is empty, is not a file or don't exists!" die 10 fi @@ -210,4 +211,17 @@ patchfile() unset rights dstfile } +# ------------------------------------------------------------------------------ +# check a file exists and return error if not +file_exists() +{ + prnt I "Checking $@ files existance..." + for f in $@; do + if [[ ! -f $(select_file $f) ]]; then + prnt E "The $f file is missing, cannot continue." + die 10 + fi + done +} + # EOF diff --git a/lib/pkgman.sh b/lib/pkgman.sh index 21b721e..9325567 100644 --- a/lib/pkgman.sh +++ b/lib/pkgman.sh @@ -13,7 +13,7 @@ # Upgrade package database pkgupdt() { - prnt I "Mise à jour de la liste des paquets..." + prnt I "Updating package list..." $PKG_MAN $COM_UPDATE } export -f pkgupdt @@ -23,21 +23,21 @@ export -f pkgupdt # Installation pkginst() { - prnt I "Installation de paquets..." + prnt I "Installing packages..." if [[ $# -lt 1 ]]; then - prnt E "pkginst(): des paramètres sont requis." + prnt E "pkginst(): some required parameters are missing." exit 11 fi if [[ ! $INSTALL_MODE == dev ]]; then - exec_preinst $@ +# exec_preinst $@ $PKG_MAN $COM_INSTALL $@ - exec_postinst $@ +# exec_postinst else local pkg= for pkg in $@; do - exec_preinst $pkg +# exec_preinst $pkg $PKG_MAN $COM_INSTALL $pkg - exec_postinst $pkg +# exec_postinst done unset pkg fi @@ -49,10 +49,10 @@ export -f pkginst # Upgrade pkgupgd() { - prnt I "Application de la mise à jours du système..." - exec_preupgd + prnt I "Applying system upgrade..." +# exec_preupgd $PKG_MAN $COM_UPGRADE - exec_postupgd +# exec_postupgd } export -f pkgupgd @@ -61,21 +61,21 @@ export -f pkgupgd # Uninstallation pkgrm() { - prnt I "Désinstallation de paquets..." + prnt I "Uninstalling packages..." if [[ $# -lt 1 ]]; then - prnt E "pkgrem(): des paramètres sont requis." + prnt E "pkgrem(): some required parameters are missing." exit 11 fi if [[ ! $INSTALL_MODE == dev ]]; then - exec_prerm $@ +# exec_prerm $@ $PKG_MAN $COM_REMOVE $@ - exec_postrm +# exec_postrm else local pkg= for pkg in $@; do - exec_prerm $pkg +# exec_prerm $pkg $PKG_MAN $COM_REMOVE $pkg - exec_postrm +# exec_postrm done uset pkg fi @@ -87,10 +87,10 @@ export -f pkgrm # Cleanup pkgautorm() { - prnt I "Désinstallation de paquets superflus..." - exec_preautorm + prnt I "Uninstalling unneeded packages..." +# exec_preautorm $PKG_MAN $COM_AUTOREM - exec_postautorm +# exec_postautorm } export -f pkgautorm @@ -104,7 +104,7 @@ exec_preinst() unset $cmd for pkg in $pkglist; do if [[ $(function_exists preinst_$pkg) ]]; then - prnt I "Exécution de la préinstallation de $pkg ..." + prnt I "Running $pkg preinstallation script..." preinst_$pkg fi done @@ -123,7 +123,7 @@ exec_postinst() fi for pkg in $POSTINSTLIST; do if [[ $(function_exists postinst_$pkg) ]]; then - prnt I "Exécution de la postinstallation de $pkg ..." + prnt I "Running $pkg postinstallation script..." postinst_$pkg fi done @@ -141,7 +141,7 @@ exec_prerm() unset $cmd for pkg in $pkglist; do if [[ $(function_exists prerm_$pkg) ]]; then - prnt I "Exécution du préretrait de $pkg ..." + prnt I "Running $pkg preremove script..." prerm_$pkg fi done @@ -160,7 +160,7 @@ exec_postrm() fi for pkg in $POSTRMLIST; do if [[ $(function_exists postrm_$pkg) ]]; then - prnt I "Exécution de la postretrait de $pkg ..." + prnt I "Running $pkg postremove script..." postrm_$pkg fi done @@ -176,7 +176,7 @@ exec_preupgd() local pkglist=$($GET_UPGRADELIST) for pkg in $pkglist; do if [[ $(function_exists preupgd_$pkg) ]]; then - prnt I "Exécution de la pré mise à jour de $pkg ..." + prnt I "Running $pkg preupgrade script..." preupgd_$pkg fi done @@ -195,7 +195,7 @@ exec_postupgd() fi for pkg in $POSTUPGDLIST; do if [[ $(function_exists postupgd_$pkg) ]]; then - prnt I "Exécution de la post mise à jour de $pkg ..." + prnt I "Running $pkg postupgrade script..." postupgd_$pkg fi done @@ -211,7 +211,7 @@ exec_preautorm() local pkglist=$($GET_AUTOREMLIST) for pkg in $pkglist; do if [[ $(function_exists prerm_$pkg) ]]; then - prnt I "Exécution du préretrait de $pkg ..." + prnt I "Running $pkg preremove script..." prerm_$pkg fi done diff --git a/lib/services.sh b/lib/services.sh index 4aa9ff4..a1b10b7 100644 --- a/lib/services.sh +++ b/lib/services.sh @@ -15,7 +15,7 @@ exec_serv() { if [[ $# -lt 2 ]]; then - prnt E "exec_serv(): Erreur de syntaxe !" + prnt E "exec_serv(): Syntax error!" exit 11 fi @@ -27,7 +27,7 @@ exec_serv() -e s/%com%/$command/) unset svcname command - prnt I "Lancement de la commande $command du services $svcname" + prnt I "Launching command $command for the service $svcname" $lineexec return $? unset lineexec diff --git a/lib/zzz_main_fct.sh b/lib/zzz_main_fct.sh index cb7a839..e1ca2f0 100644 --- a/lib/zzz_main_fct.sh +++ b/lib/zzz_main_fct.sh @@ -16,7 +16,7 @@ read_commandline() { syntax_error() { - prnt E "Erreur d'analyse de la ligne de commande, vérifiez vos paramètres." + prnt E "Error while analysing command line, please check your parameters." die 1 --force } @@ -52,8 +52,8 @@ read_commandline() if [[ -s $STAGE_FILE ]]; then export RESUME=true else - prnt E "Le fichier d'état n'existe pas ou est vide !" - prnt E "Sans ce fichier, la reprise n'est pas possible." + prnt E "The state file doesn't exists or is empty!" + prnt E "Without it, resuming is impossible." die 1 --force fi ;; @@ -90,8 +90,8 @@ read_commandline() export MANUAL_MODULE_LIST=$opt want_module=false else - prnt E "Une liste de module à déjà été fournie !" - prnt E "La ligne de commande ne tolère qu'un seul paramètre --module." + prnt E "A module list have already been given!" + prnt E "Commande line only tolerate one --module parameter." die 1 --force fi elif [[ $want_logfile == true ]]; then @@ -102,7 +102,7 @@ read_commandline() export NEW_LOGFILE=$opt want_logfile=false else - prnt E "Il n'est pas possible de spécifier plusieurs fichiers de log." + prnt E "It's impossible to specify several log files." die 1 --force fi elif [[ $want_conffile == true ]]; then @@ -119,11 +119,11 @@ read_commandline() export CHROOT_PATH=$opt want_chroot=false else - prnt E "Un chemin pour chroot à déjà été fournis." + prnt E "A chroot path have already been given." die 1 --force fi else - prnt E "Paramètre \"$opt\" non géré." + prnt E "Unknow parameter \"$opt\"." die 1 --force fi ;; @@ -161,13 +161,13 @@ chroot_bootstrap() bootstrap_items="$bootstrap_items $STAGE_FILE" fi - prnt I "Préparation du changement de racine." + prnt I "Preparing root change." cp -av $bootstrap_items $tmpdir - prnt I "Changement de racine et démarrage d'un fork d'init.sh..." + prnt I "Changing root and starting a fork of init.sh..." chroot $CHROOT_PATH /bin/bash -c 'CHROOT_DONE=true; $tmpdir/init.sh $@' - prnt I "Retours au système hote et nettoyage." + prnt I "Back to host system and clean up." rm -rf $tmpdir } @@ -222,26 +222,26 @@ load_configuration() if [[ -n $CONFFILES ]]; then local f= for f in $CONFFILES; do - prnt I "Chargement de $f spécifié manuellement." + prnt I "Loading $f manuelly specified." if [[ -s $f ]]; then . $f else - prnt E "Le fichier $f n'existe pas ou est vide." + prnt E "The $f file doesn't exists or is empty." die 6 --force fi done unset f else - prnt I "Chargement de la configuration..." + prnt I "Loading configuration..." if [[ -e $MYPATH/conf/$HOSTNAME.conf.sh ]]; then - prnt I "Une configuration spécifique sera utilisé." + prnt I "A specific configuration will be used." . $MYPATH/conf/$HOSTNAME.conf.sh else if [[ -e $MYPATH/conf/init.conf.sh ]]; then - prnt I "Une configuration générique sera utilisé." + prnt I "A generic configuration will be used." . $MYPATH/conf/init.conf.sh else - prnt E "Aucune configuration trouvée, impossible de continuer." + prnt E "No configuration found, impossible to continue." die 6 --force fi fi @@ -257,46 +257,46 @@ process_commandline_and_vars() # Check unconsistant parameters if [[ $CHECK_ONLY == true ]]; then if [[ $JUMP == true ]]; then - prnt E "Les options --check-only et --jump s'excluent mutuellement !" + prnt E "The options --check-only and --jump are mutually exclusive!" die 1 --force fi if [[ $KEEPGOING == true ]]; then - prnt E "Les options --keep-going et --check-only sont incompatible !" + prnt E "The options --keep-going and --check-only are not compatible!" die 1 --force fi fi if [[ $RESUME == true ]]; then if [[ $CHECK_ONLY == true ]]; then - prnt E "La reprise n'a pas de sens avec --check-only." + prnt E "Resuming doesn't make sense with --check-only." die 1 --force fi if [[ $MANUAL_MODULE_LIST ]]; then - prnt E "Le mode reprise ne fonctionne pas avec une liste de modules passé manuellement." + prnt E "Recovery mode can't work with a manual module list." die 1 --force fi fi if [[ $CRON_MODE == true ]]; then if [[ $CHECK_ONLY == true || $JUMP == true ]]; then - prnt E "Des paramètres sont incompatibles avec le mode cron." + prnt E "Some parameters are incompatible with cron mode." die 16 --force fi fi # Configure module list if [[ -n $MANUAL_MODULE_LIST ]]; then - prnt W "Une liste de modules manuelle sera utilisé." + prnt W "A manual module list will be used." export MODULE_LIST=$(echo $MANUAL_MODULE_LIST | sed "s/,/ /g") fi # Check for module list existance and basic syntax if [[ -n $MODULE_LIST ]]; then if [[ $(echo $MODULE_LIST | grep '-') ]]; then - prnt E "Le tiret est interdit dans les noms de module." + prnt E "Dash is forbidden in module name." die 5 fi else - prnt E "Aucun module à exécuter !" + prnt E "No module to execute!" die 5 fi } diff --git a/mk_archive.sh b/mk_archive.sh index 221405c..b04af5d 100755 --- a/mk_archive.sh +++ b/mk_archive.sh @@ -29,8 +29,8 @@ echo echo "***" echo "*** Copying files..." echo "***" -cp -av bash.rc conf doc init.sh lib LICENSE mk_archive.sh modules README.* \ - repo $TMPDIR +cp -av bash.rc conf doc init.sh lib LICENSE mk_archive.sh modules prepost.d \ + README.* repo $TMPDIR cd $(dirname $TMPDIR) echo diff --git a/modules/authnz.sh b/modules/authnz.sh index 1dfcffe..7c9b7cd 100644 --- a/modules/authnz.sh +++ b/modules/authnz.sh @@ -11,35 +11,47 @@ # * WITH_LDAP_KERB: Shall we install requirements for LDAP/Kerberos auth ? # * REMOTE_USERS: List of remote users to add # * LOCAL_USERS: List of local users to create +# * REMOVE_USERS: List of username to remove # * DEFAULT_SHELL: The shell to use when creating new users # ------------------------------------------------------------------------------ -export VER_authnz=0.1.3 +export VER_authnz=0.1.4 export DEP_authnz="upgrade_dist" # Users (from Ldap) add_remote_user() { - backupdist /etc/passwd /etc/shadow /etc/group - #sed -i -e '/^fatal/d' /etc/passwd /etc/shadow /etc/group echo "+$1::::::" >> /etc/passwd echo "+$1::::::::" >> /etc/shadow } +# Remove users +remove_user() +{ + # Using sed is more universal than any distro commands + sed -i -e "/^$1/d" /etc/passwd /etc/shadow /etc/group +} + # Create a local user create_user() { if [[ $(noerror --noout id $1) != 0 ]]; then - prnt I "Création de l'utilisateur $1 ..." + prnt I "Creating user $1..." useradd --create-home --shell $DEFAULT_SHELL --user-group $1 else - prnt W "L'utilisateur $1 existe déjà. Rien à faire..." + prnt W "The user $1 already exists. Nothing to do..." fi } # Authentication authnz() { + backupdist /etc/passwd /etc/shadow /etc/group + for usr in $REMOVE_USERS; do + prnt I "Removing user $usr..." + remove_user $usr + done + if [[ $WITH_LDAP_KERB == yes ]]; then pkginst krb5-user libpam-krb5 libnss-ldap libpam-ldap nscd @@ -54,6 +66,7 @@ authnz() scv_restart nscd for usr in $REMOTE_USERS; do + prnt I "Adding remote user $usr..." add_remote_user $usr done fi @@ -63,7 +76,7 @@ authnz() fi for usr in $LOCAL_USERS; do - prnt I "Création de l'utilisateur $usr..." + prnt I "Creating user $usr..." create_user $usr done } @@ -72,21 +85,27 @@ precheck_authnz() { if [[ $WITH_LDAP_KERB == "yes" ]]; then if [[ -n $REMOTE_USERS ]]; then - prnt I "Les utilisateurs distants suivants seront accessible :" + prnt I "The following distant users will be accessible:" prnt m "\t* $REMOTE_USERS" else - prnt W "Pas d'utilisateur distant bien que LDAP/Kerberos soit activé !" + prnt W "No distant user but LDAP/Kerberos is activated!" fi + file_exists auth/{krb5,libnss-ldap,pam_ldap,nsswitch}.conf + pam/common-{session,account,password,auth} else if [[ -n $REMOTE_USERS ]]; then - prnt E "Impossible d'ajouter des utilisateurs distants sans les méchanismes d'authentication." + prnt E "Impossible to add distant users authentication mechanism." die 109 fi fi if [[ -n $LOCAL_USERS ]]; then - prnt I "Les utilisateurs locaux suivants seront créés :" + prnt I "The following local users will be created:" prnt m "\t* $LOCAL_USERS" fi + if [[ -n $REMOvE_USERS ]]; then + prnt I "The following users will be removed:" + prnt m "\t* $REMOVE_USERS" + fi } export -f authnz diff --git a/modules/conf_ceph.sh b/modules/conf_ceph.sh new file mode 100644 index 0000000..ed7aaff --- /dev/null +++ b/modules/conf_ceph.sh @@ -0,0 +1,108 @@ +# ------------------------------------------------------------------------------ +# Configure machine for ceph (or samba) mount +# This file is part of the init.sh project +# Copyright (c) 2019-2021 Geoffray Levasseur +# ------------------------------------------------------------------------------ +# This file is distributed under 3-clause BSD license. +# The complete license agreement can be obtained at: +# https://opensource.org/licenses/BSD-3-Clause +# ------------------------------------------------------------------------------ +# Variable: +# * CEPHSRVNAMES: hosts names of ceph servers +# * CEPHIP_srv: with "srv" being a ceph server hostname, its corresponding IP +# * SHAREDHOME: Set at yes if homedir is a directory of the ceph mount +# * SMBSRV: Fallback samba server on unsupported architectures +# Mount points are hardcoded and should bet set differently +# ------------------------------------------------------------------------------ + +export VER_conf_ceph="0.0.2" +export DEP_conf_ceph="upgrade_dist" + +conf_ceph() +{ + # Create mount point directories + echo "Creating mount points" + mkdir -pv /srv/ceph/share + mkdir -pv /share + + local success=undef + if [[ $CEPH_STATUS == ceph ]]; then + # Install ceph package + pkginst ceph-common + + # hosts files required for Ceph bootstrap when DNS not yet started + if [[ ! $(grep "# Ceph" /etc/hosts) ]]; then + prnt I "Adding server list to /etc/hosts" + backupdist /etc/hosts + echo >> /etc/hosts + echo "# Ceph servers:" >> /etc/hosts + for srv in $CEPH_SRV_NAMES; do + local line="$(eval echo \$CEPHIP_$srv) $srv.$MAINDOM $srv" + prnt m " - Adding line $line to /etc/hosts" + echo "$line" >> /etc/hosts + done + else + prnt W "Ceph servers already in /etc/hosts, nothing to do" + fi + + backupdist /etc/fstab + prnt I "Adding ceph entries to /etc/fstab" + echo >> /etc/fstab + local srvlist=$(echo $CEPH_SRV_NAMES | sed "s/ /,/g") + if [[ ! $(grep $srvlist /etc/fstab) ]]; then + echo "# Ceph :" >> /etc/fstab + echo "$srvlist:/ /srv/ceph ceph defaults,_netdev,name=admin,secret=$CEPH_SECRET 0 0" >> /etc/fstab + else + prnt W "Ceph entry already in /etc/fstab, nothing to do" + fi + unset srvlist + success=yes + elif [[ $CEPH_STATUS == smb ]]; then + pkginst smbclient + + backupdist /etc/fstab + prnt I "Adding Samba entries to /etc/fstab" + echo >> /etc/fstab + if [[ ! $(grep $SMBSRV /etc/fstab) ]]; then + echo "# Samba:" >> /etc/fstab + echo "//$SMBSRV/share /srv/ceph/share cifs defaults,_netdev,username=root,password= 0 0" >> /etc/fstab + else + prnt W "Samba entry already in /etc/fstab, nothing to do" + fi + success=yes + else + prnt E "Ceph status not understood, the next tasks will probably fail" + fi + if [[ $success == yes ]]; then + if [[ ! $(grep "^/srv/ceph/share" /etc/fstab) ]]; then + echo "/srv/ceph/share /share none defaults,_netdev,bind 0 0" >> /etc/fstab + if [[ $SHARED_HOME == 1 ]]; then + echo "/srv/ceph/share/home /home none defaults,_netdev,bind 0 0" >> /etc/fstab + fi + fi + else + prnt E "Failed creating original mount, not adding binded ones" + fi + + # Mount Ceph volumes if required + prnt I "Mounting ceph volumes" + [[ ! $(mount | grep "on /srv/ceph") ]] && mount -v /srv/ceph || mount -v /srv/ceph/share + [[ ! $(mount | grep "on /share") ]] && mount -v /share + if [[ $SHARED_HOME == "true" ]]; then + [[ ! $(mount | grep "on /home") ]] && mount -v /home + fi +} + +precheck_conf_ceph() +{ + if [[ $SYS_ARCH == "x86_64" ]]; then + prnt I "Installing ceph client package..." + CEPH_STATUS=ceph + else + prnt W "System incompatible with ceph, falling back to samba..." + CEPH_STATUS=smb + fi +} + +export -f conf_ceph +export -f precheck_conf_ceph diff --git a/modules/conf_locale.sh b/modules/conf_locale.sh index 3c8a7ba..8db4290 100644 --- a/modules/conf_locale.sh +++ b/modules/conf_locale.sh @@ -24,15 +24,18 @@ export VER_conf_locale="0.1.2" conf_locale() { + pkginst locales locales-all local gen_fname=/etc/locale.gen backupdist $gen_fname # Removing locales not in the list - prnt I "Désactivation des locales initiales..." - grep -v '^#' $gen_fname | grep -v -e '^[[:space:]]*$' | - while read -r line; do - sed -i "s/$line/# $line/" $gen_fname - done + prnt I "Deactivating initial locales from installation..." + if [[ $(grep -v '^#' $gen_fname | grep -v -e '^[[:space:]]*$') ]]; then + grep -v '^#' $gen_fname | grep -v -e '^[[:space:]]*$' | + while read -r line; do + sed -i "s/$line/# $line/" $gen_fname + done + fi # Adding locales not yet enabled for loc in $LOCALESET; do @@ -42,10 +45,10 @@ conf_locale() unset loc unset gen_fname - prnt I "Régénération du cache de locale..." + prnt I "Regenerating locales cache..." locale-gen - prnt I "Définition de la langue du systême..." + prnt I "Definingdsystem language..." [[ ! $SYSLOCALE ]] && export SYSLOCALE=C @@ -62,16 +65,16 @@ conf_locale() precheck_conf_locale() { if [[ -z $LOCALESET ]]; then - prnt W "Aucune locale définie !" + prnt W "No locales definition!" else - prnt m "Les locales disponibles seront : $LOCALESET" + prnt m "Available locales will be: $LOCALESET" fi if [[ -z $SYSLOCALE ]]; then - prnt W "Pas de locale systême définie, C sera utilié." + prnt W "No system locale defined, we'll use s." export SYSLOCALE="C" fi - prnt m "La locale par défaut sera : $SYSLOCALE" + prnt m "The default locale will be $SYSLOCALE" } export -f conf_locale diff --git a/modules/conf_mail.sh b/modules/conf_mail.sh index 67db85e..1a76c54 100644 --- a/modules/conf_mail.sh +++ b/modules/conf_mail.sh @@ -10,9 +10,10 @@ # Variable: # * HOSTNAME: Name of the host # * MAINDOM: Default main domain name +# * MAIL_RELAY: Name of the mail relay server # ------------------------------------------------------------------------------ -export VER_conf_mail="0.0.3" +export VER_conf_mail="0.0.4" export DEP_conf_mail="upgrade_dist" conf_mail() @@ -21,9 +22,9 @@ conf_mail() pkginst postfix prnt I "Configuration de postfix..." - installfile postfix_main.cf /etc/postfix/main.cf + installfile postfix/main.cf /etc/postfix/main.cf sed -i -e "s/@HOSTNAME@/$HOSTNAME/" -e "s/@MAINDOM@/$MAINDOM/" \ - /etc/postfix/main.cf + -e "s/@MAIL_RELAY@/$MAIL_RELAY/" /etc/postfix/main.cf echo $HOSTNAME.$MAINDOM > /etc/mailname svc_restart postfix } @@ -34,6 +35,7 @@ precheck_conf_mail() prnt E "Aucun domaine principal renseigné." die 158 fi + file_exists postfix/main.cf } export -f conf_mail diff --git a/modules/conf_ntp.sh b/modules/conf_ntp.sh index a4f4e90..ccfc6eb 100644 --- a/modules/conf_ntp.sh +++ b/modules/conf_ntp.sh @@ -21,9 +21,9 @@ conf_ntp() systemctl disable systemd-timesyncd || true fi - prnt I "Installation du démon ntp..." + prnt I "Installing ntp daemon..." pkginst ntp - prnt I "Arrêt du service ntp..." + prnt I "Stopping service ntp..." svc_stop ntp prnt I "Installation du fichier de configuration de NTP." @@ -38,23 +38,21 @@ conf_ntp() echo "# Generated on $(stdtime)" >> $dest && mv -fv $dest /etc/ntp.conf - prnt I "Démarrage du service ntp..." + prnt I "Starting service ntp..." svc_start ntp sleep 2 # short sleep so we're sure daemon is ready ntptime - - prnt -n I "Attente de 5 secondes pour synchronisation de l'heure" - dsleep 5 } # NTP precheck_conf_ntp() { if [[ -z $NTPSERVERS ]]; then - prnt E "Pas de serveur NTP configuré !" + prnt E "No configured NTP server!" die 151 else - prnt m "Les serveurs ntp utilisés seront : $NTPSERVERS" + file_exists ntp.conf + prnt m "The NTP servers to be used will be: $NTPSERVERS" fi } diff --git a/modules/conf_ssh.sh b/modules/conf_ssh.sh index 904a5f2..b33e303 100644 --- a/modules/conf_ssh.sh +++ b/modules/conf_ssh.sh @@ -25,7 +25,7 @@ conf_ssh() prnt I "Installation des fichiers de configuration de SSH..." for f in /etc/ssh/ssh{,d}_config; do backupdist $f - installfile $(basename $f) /etc/ssh/$(basename $f) + installfile ssh/$(basename $f) /etc/ssh/$(basename $f) done prnt I "Démarrage du sevice ssh..." @@ -34,7 +34,7 @@ conf_ssh() precheck_conf_ssh() { - : # Nothing to check + file_exists ssh/ssh{,d}_config } export -f conf_ssh diff --git a/modules/conf_syslog.sh b/modules/conf_syslog.sh index 749b469..ae9aea3 100644 --- a/modules/conf_syslog.sh +++ b/modules/conf_syslog.sh @@ -7,20 +7,29 @@ # The complete license agreement can be obtained at: # https://opensource.org/licenses/BSD-3-Clause # ------------------------------------------------------------------------------ +# Variables: +# * SYSLOG_SRV: the syslog server name +# ------------------------------------------------------------------------------ -export VER_conf_syslog="0.0.1" +export VER_conf_syslog="0.0.2" conf_syslog() { prnt I "Configuration de rsyslog..." backupdist /etc/rsyslog.conf installfile rsyslog.conf /etc/rsyslog.conf + sed -i -e "s/@SYSLOG_SRV@/$SYSLOG_SRV/" /etc/rsyslog.conf svc_restart rsyslog } precheck_conf_syslog() { - : # Nothing to check + if [[ -z $SYSLOG_SRV ]]; then + prnt E "Undeclared syslog server name !" + die 181 + else + file_exists rsyslog.conf + fi } export -f conf_syslog diff --git a/modules/install_mkagent.sh b/modules/install_mkagent.sh index 06be1fb..34710c7 100644 --- a/modules/install_mkagent.sh +++ b/modules/install_mkagent.sh @@ -12,28 +12,39 @@ # * MK_PORT: Port check_mk agent will use to communicate with server # ------------------------------------------------------------------------------ -export VER_install_mkagent="0.0.2" +export VER_install_mkagent="0.0.4" export DEP_install_mkagent="upgrade_dist install_pkg" install_mkagent() { - pkginst $MYPATH/repo/mk_agents/check-mk-agent_${MKVERSION}_all.deb + wget $MK_URL -O /tmp/check-mk-agent_${MK_VERSION}_all.deb + pkginst xinetd /tmp/check-mk-agent_${MK_VERSION}_all.deb + rm /tmp/check-mk-agent_${MK_VERSION}_all.deb + backupdist /etc/xinetd.d/check_mk - installfile check_mk /etc/xinetd.d/check_mk - sed -i -e "s/@MK_SERVER@/$MK_SERVER/" /etc/xinetd.d/check_mk + installfile cmk/check_mk /etc/xinetd.d/check_mk + mkdir -pv /usr/lib/check_mk_agent/plugins/28800 + installfile cmk/mk_apt /usr/lib/check_mk_agent/plugins/28800/mk_apt + sed -i -e "s/@MK_SERVER_IP@/$MK_SERVER_IP/" /etc/xinetd.d/check_mk + svc_restart xinetd } precheck_install_mkagent() { - if [[ -n $MKVERSION ]]; then + if [[ -z $MK_VERSION ]]; then prnt E "Undeclared check_mk version of the agent to install." die 162 fi - if [[ -n $MK_SERVER ]]; then + if [[ -z $MK_URL ]]; then + prnt E "Undeclared check_mk download URL." + die 162 + fi + if [[ -z $MK_SERVER_IP ]]; then prnt E "Undeclared check_mk server." die 162 fi + file_exists cmk/check_mk cmk/mk_apt } export -f install_mkagent diff --git a/modules/install_profile.sh b/modules/install_profile.sh index 4f70a33..a159a2c 100644 --- a/modules/install_profile.sh +++ b/modules/install_profile.sh @@ -13,7 +13,7 @@ export DEP_install_profile="install_pkg" install_profile() { - #installfile ansi_shadow.flf /usr/share/figlet/ansi_shadow.flf + installfile profile/ansi_shadow.flf /usr/share/figlet/ansi_shadow.flf local usrlist="/root" if find /home -mindepth 1 -maxdepth 1 -type d | read; then @@ -22,15 +22,19 @@ install_profile() # Create a dir in home so /home/* is always interpreted correctly for usr in $usrlist; do - backupdist $usr/{,.}profile $usr/.bashrc - installfile {.,}profile .bashrc $usr/ + backupdist $usr/{.,}profile $usr/.bashrc + installfile profile/{{.,}profile,.bashrc} $usr/ + installfile profile/.tmux/.tmux.conf{,.local} $usr/ done unset usrlist + + backupdist /etc/motd + installfile profile/motd /etc/motd } precheck_install_profile() { - : + file_exists profile/{{.,}profile,.bashrc,.tmux/.tmux.conf{,.local}} } export -f install_profile diff --git a/modules/patch_snmp.sh b/modules/patch_snmp.sh index 79db1b7..c5702bf 100644 --- a/modules/patch_snmp.sh +++ b/modules/patch_snmp.sh @@ -13,20 +13,27 @@ export DEP_patch_snmp="install_pkg" patch_snmp() { + pkginst snmpd backupdist /etc/snmp/snmpd.conf /etc/default/snmpd \ /lib/systemd/system/snmpd.service /etc/init.d/snmpd - installfile snmpd.conf /etc/snmp/snmpd.conf - installfile snmpd.init /etc/init.d/snmpd + installfile snmpd/snmpd.conf /etc/snmp/snmpd.conf + installfile snmpd/snmpd.init /etc/init.d/snmpd + installfile snmpd/snmpd.default /etc/default/snmpd if [[ -e /lib/systemd/system/snmpd.service ]]; then - installfile snmpd.service /lib/systemd/system/snmpd.service - systemctl daemon-reload + installfile snmpd/snmpd.service /lib/systemd/system/snmpd.service + if command -v systemctl &> /dev/null; then + systemctl daemon-reload + fi fi svc_restart snmpd } precheck_patch_snmp() { - : + file_exists snmpd/snmpd.{conf,init,default} + if [[ -e /lib/systemd/system/snmpd.service ]]; then + file_exists snmpd/snmpd.service + fi } export -f patch_snmp diff --git a/modules/select_system_proxy.sh b/modules/select_system_proxy.sh index 531cc06..e345995 100644 --- a/modules/select_system_proxy.sh +++ b/modules/select_system_proxy.sh @@ -24,7 +24,7 @@ select_system_proxy() precheck_select_system_proxy() { - : + file_exists proxy.rc.local } export -f select_system_proxy diff --git a/modules/upgrade_dist.sh b/modules/upgrade_dist.sh index e3c5442..2578c28 100644 --- a/modules/upgrade_dist.sh +++ b/modules/upgrade_dist.sh @@ -22,9 +22,14 @@ export DEP_upgrade_dist="conf_ntp" upgrade_dist() { local proxyfile=/etc/apt/apt.conf.d/00proxy + local norecommends=/etc/apt/apt.conf.d/99no-recommends # We backup entire apt dir as future version will normalise source.list files backupdist /etc/apt + prnt I "Basic apt configuration..." + echo 'APT::Install-Recommends "false";' > $norecommends + echo 'APT::AutoRemove::RecommendsImportant "false";' >> $norecommends + echo 'APT::AutoRemove::SuggestsImportant "false";' >> $norecommends prnt I "Configuration du proxy pour APT..." if [[ -n $PROXYAPT ]]; then @@ -35,7 +40,7 @@ upgrade_dist() ) fi echo "# Generated automatically on $(stdtime) by $0" > $proxyfile - echo "Acquire::http::Proxy \"http://${PROXYAPT}:${PROXYAPTPORT}\";" >> $proxyfile + echo "Acquire::http::Proxy \"http://${PROXYAPT}:${PROXYAPT_PORT}\";" >> $proxyfile elif [[ -n $http_proxy ]]; then echo "# Generated automatically on $(stdtime) by $0" > $proxyfile echo "Acquire::http::Proxy \"http://${http_proxy}\";" >> $proxyfile @@ -44,7 +49,7 @@ upgrade_dist() fi # Remplace source.list from dist with ours (be smarter) - installfile "${SYS_DIST}_${SYS_VER}.list" /etc/apt/sources.list + installfile "pkgman/${SYS_DIST}_${SYS_VER}.list" /etc/apt/sources.list prnt I "Mise à jour de la liste des paquets..." pkgupdt @@ -61,13 +66,14 @@ precheck_upgrade_dist() prnt I "Vérification du réseau..." if [[ $(noerror wget -q --tries=10 --timeout=20 --spider http://www.cnrs.fr) != 0 ]]; then - prnt E "Réseau non fonctionnel ! Abandon." + prnt E "It seems network configuration is not functionnal! Giving up." die 160 fi - if [[ -n $PROXYAPT && -z $PROXYAPTPORT ]]; then + if [[ -n $PROXYAPT && -z $PROXYAPT_PORT ]]; then prnt E "Un serveur proxy a été spécifié mais pas son port d'usage." die 160 fi + file_exists pkgman/${SYS_DIST}_${SYS_VER}.list } cron_upgrade_dist()