added file dependency check, switched back to english, smaller fix and improvements

modules/authnz.sh

@@ -11,35 +11,47 @@
 #  * WITH_LDAP_KERB: Shall we install requirements for LDAP/Kerberos auth ?
 #  * REMOTE_USERS: List of remote users to add
 #  * LOCAL_USERS: List of local users to create
+#  * REMOVE_USERS: List of username to remove
 #  * DEFAULT_SHELL: The shell to use when creating new users
 # ------------------------------------------------------------------------------
 
-export VER_authnz=0.1.3
+export VER_authnz=0.1.4
 export DEP_authnz="upgrade_dist"
 
 # Users (from Ldap)
 add_remote_user()
 {
-    backupdist /etc/passwd /etc/shadow /etc/group
-    #sed -i -e '/^fatal/d' /etc/passwd /etc/shadow /etc/group
     echo "+$1::::::" >> /etc/passwd
     echo "+$1::::::::" >> /etc/shadow
 }
 
+# Remove users
+remove_user()
+{
+    # Using sed is more universal than any distro commands
+    sed -i -e "/^$1/d" /etc/passwd /etc/shadow /etc/group
+}
+
 # Create a local user
 create_user()
 {
     if [[ $(noerror --noout id $1) != 0 ]]; then
-        prnt I "Création de l'utilisateur $1 ..."
+        prnt I "Creating user $1..."
         useradd --create-home --shell $DEFAULT_SHELL --user-group $1
     else
-        prnt W "L'utilisateur $1 existe déjà. Rien à faire..."
+        prnt W "The user $1 already exists. Nothing to do..."
     fi
 }
 
 # Authentication
 authnz()
 {
+    backupdist /etc/passwd /etc/shadow /etc/group
+    for usr in $REMOVE_USERS; do
+        prnt I "Removing user $usr..."
+        remove_user $usr
+    done
+
     if [[ $WITH_LDAP_KERB == yes ]]; then
         pkginst krb5-user libpam-krb5 libnss-ldap libpam-ldap nscd
 
@@ -54,6 +66,7 @@ authnz()
         scv_restart nscd
 
         for usr in $REMOTE_USERS; do
+            prnt I "Adding remote user $usr..."
             add_remote_user $usr
         done
     fi
@@ -63,7 +76,7 @@ authnz()
     fi
 
     for usr in $LOCAL_USERS; do
-        prnt I "Création de l'utilisateur $usr..."
+        prnt I "Creating user $usr..."
         create_user $usr
     done
 }
@@ -72,21 +85,27 @@ precheck_authnz()
 {
     if [[ $WITH_LDAP_KERB == "yes" ]]; then
         if [[ -n $REMOTE_USERS ]]; then
-            prnt I "Les utilisateurs distants suivants seront accessible :"
+            prnt I "The following distant users will be accessible:"
             prnt m "\t* $REMOTE_USERS"
         else
-            prnt W "Pas d'utilisateur distant bien que LDAP/Kerberos soit activé !"
+            prnt W "No distant user but LDAP/Kerberos is activated!"
         fi
+        file_exists auth/{krb5,libnss-ldap,pam_ldap,nsswitch}.conf
+            pam/common-{session,account,password,auth}
     else
         if [[ -n $REMOTE_USERS ]]; then
-            prnt E "Impossible d'ajouter des utilisateurs distants sans les méchanismes d'authentication."
+            prnt E "Impossible to add distant users authentication mechanism."
             die 109
         fi
     fi
     if [[ -n $LOCAL_USERS ]]; then
-        prnt I "Les utilisateurs locaux suivants seront créés :"
+        prnt I "The following local users will be created:"
         prnt m "\t* $LOCAL_USERS"
     fi
+    if [[ -n $REMOvE_USERS ]]; then
+        prnt I "The following users will be removed:"
+        prnt m "\t* $REMOVE_USERS"
+    fi
 }
 
 export -f authnz

modules/conf_ceph.sh

@@ -0,0 +1,108 @@
+# ------------------------------------------------------------------------------
+# Configure machine for ceph (or samba) mount
+# This file is part of the init.sh project
+# Copyright (c) 2019-2021 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
+# ------------------------------------------------------------------------------
+# This file is distributed under 3-clause BSD license.
+# The complete license agreement can be obtained at:
+# https://opensource.org/licenses/BSD-3-Clause
+# ------------------------------------------------------------------------------
+# Variable:
+#   * CEPHSRVNAMES: hosts names of ceph servers
+#   * CEPHIP_srv: with "srv" being a ceph server hostname, its corresponding IP
+#   * SHAREDHOME: Set at yes if homedir is a directory of the ceph mount
+#   * SMBSRV: Fallback samba server on unsupported architectures
+# Mount points are hardcoded and should bet set differently
+# ------------------------------------------------------------------------------
+
+export VER_conf_ceph="0.0.2"
+export DEP_conf_ceph="upgrade_dist"
+
+conf_ceph()
+{
+    # Create mount point directories
+    echo "Creating mount points"
+    mkdir -pv /srv/ceph/share
+    mkdir -pv /share
+
+    local success=undef
+    if [[ $CEPH_STATUS == ceph ]]; then
+        # Install ceph package
+        pkginst ceph-common
+
+        # hosts files required for Ceph bootstrap when DNS not yet started
+        if [[ ! $(grep "# Ceph" /etc/hosts) ]]; then
+            prnt I "Adding server list to /etc/hosts"
+            backupdist /etc/hosts
+            echo >> /etc/hosts
+            echo "# Ceph servers:" >> /etc/hosts
+            for srv in $CEPH_SRV_NAMES; do
+                local line="$(eval echo \$CEPHIP_$srv)    $srv.$MAINDOM   $srv"
+                prnt m "     - Adding line $line to /etc/hosts"
+                echo "$line" >> /etc/hosts
+            done
+        else
+            prnt W "Ceph servers already in /etc/hosts, nothing to do"
+        fi
+
+        backupdist /etc/fstab
+        prnt I "Adding ceph entries to /etc/fstab"
+        echo >> /etc/fstab
+        local srvlist=$(echo $CEPH_SRV_NAMES | sed "s/ /,/g")
+        if [[ ! $(grep $srvlist /etc/fstab) ]]; then
+            echo "# Ceph :" >> /etc/fstab
+            echo "$srvlist:/    /srv/ceph       ceph    defaults,_netdev,name=admin,secret=$CEPH_SECRET  0 0" >> /etc/fstab
+        else
+            prnt W "Ceph entry already in /etc/fstab, nothing to do"
+        fi
+        unset srvlist
+        success=yes
+    elif [[ $CEPH_STATUS == smb ]]; then
+	pkginst smbclient
+
+        backupdist /etc/fstab
+        prnt I "Adding Samba entries to /etc/fstab"
+        echo >> /etc/fstab
+        if [[ ! $(grep $SMBSRV /etc/fstab) ]]; then
+            echo "# Samba:" >> /etc/fstab
+            echo "//$SMBSRV/share       /srv/ceph/share cifs    defaults,_netdev,username=root,password=        0 0" >> /etc/fstab
+        else
+            prnt W "Samba entry already in /etc/fstab, nothing to do"
+        fi
+        success=yes
+    else
+        prnt E "Ceph status not understood, the next tasks will probably fail"
+    fi
+    if [[ $success == yes ]]; then
+        if [[ ! $(grep "^/srv/ceph/share" /etc/fstab) ]]; then
+            echo "/srv/ceph/share       /share  none    defaults,_netdev,bind   0 0" >> /etc/fstab
+            if [[ $SHARED_HOME == 1 ]]; then
+                echo "/srv/ceph/share/home      /home   none    defaults,_netdev,bind   0 0" >> /etc/fstab
+            fi
+        fi
+    else
+        prnt E "Failed creating original mount, not adding binded ones"
+    fi
+
+    # Mount Ceph volumes if required
+    prnt I "Mounting ceph volumes"
+    [[ ! $(mount | grep "on /srv/ceph") ]] && mount -v /srv/ceph || mount -v /srv/ceph/share
+    [[ ! $(mount | grep "on /share") ]] && mount -v /share
+    if [[ $SHARED_HOME == "true" ]]; then
+        [[ ! $(mount | grep "on /home") ]] && mount -v /home
+    fi
+}
+
+precheck_conf_ceph()
+{
+    if [[ $SYS_ARCH == "x86_64" ]]; then
+        prnt I "Installing ceph client package..."
+        CEPH_STATUS=ceph
+    else
+        prnt W "System incompatible with ceph, falling back to samba..."
+        CEPH_STATUS=smb
+    fi
+}
+
+export -f conf_ceph
+export -f precheck_conf_ceph

modules/conf_locale.sh

@@ -24,15 +24,18 @@ export VER_conf_locale="0.1.2"
 
 conf_locale()
 {
+    pkginst locales locales-all
     local gen_fname=/etc/locale.gen
     backupdist $gen_fname
 
     # Removing locales not in the list
-    prnt I "Désactivation des locales initiales..."
-    grep -v '^#' $gen_fname | grep -v -e '^[[:space:]]*$' |
-        while read -r line; do
-            sed -i "s/$line/# $line/" $gen_fname
-        done
+    prnt I "Deactivating initial locales from installation..."
+    if [[ $(grep -v '^#' $gen_fname | grep -v -e '^[[:space:]]*$') ]]; then
+        grep -v '^#' $gen_fname | grep -v -e '^[[:space:]]*$' |
+            while read -r line; do
+                sed -i "s/$line/# $line/" $gen_fname
+            done
+    fi
 
     # Adding locales not yet enabled
     for loc in $LOCALESET; do
@@ -42,10 +45,10 @@ conf_locale()
     unset loc
     unset gen_fname
 
-    prnt I "Régénération du cache de locale..."
+    prnt I "Regenerating locales cache..."
     locale-gen
 
-    prnt I "Définition de la langue du systême..."
+    prnt I "Definingdsystem language..."
     [[ ! $SYSLOCALE ]] &&
         export SYSLOCALE=C
 
@@ -62,16 +65,16 @@ conf_locale()
 precheck_conf_locale()
 {
     if [[ -z $LOCALESET ]]; then
-        prnt W "Aucune locale définie !"
+        prnt W "No locales definition!"
     else
-        prnt m "Les locales disponibles seront : $LOCALESET"
+        prnt m "Available locales will be: $LOCALESET"
     fi
 
     if [[ -z $SYSLOCALE ]]; then
-        prnt W "Pas de locale systême définie, C sera utilié."
+        prnt W "No system locale defined, we'll use s."
         export SYSLOCALE="C"
     fi
-    prnt m "La locale par défaut sera : $SYSLOCALE"
+    prnt m "The default locale will be $SYSLOCALE"
 }
 
 export -f conf_locale

modules/conf_mail.sh

@@ -10,9 +10,10 @@
 # Variable:
 #  * HOSTNAME: Name of the host
 #  * MAINDOM: Default main domain name
+#  * MAIL_RELAY: Name of the mail relay server
 # ------------------------------------------------------------------------------
 
-export VER_conf_mail="0.0.3"
+export VER_conf_mail="0.0.4"
 export DEP_conf_mail="upgrade_dist"
 
 conf_mail()
@@ -21,9 +22,9 @@ conf_mail()
     pkginst postfix
 
     prnt I "Configuration de postfix..."
-    installfile postfix_main.cf /etc/postfix/main.cf
+    installfile postfix/main.cf /etc/postfix/main.cf
     sed -i -e "s/@HOSTNAME@/$HOSTNAME/" -e "s/@MAINDOM@/$MAINDOM/" \
-        /etc/postfix/main.cf
+        -e "s/@MAIL_RELAY@/$MAIL_RELAY/" /etc/postfix/main.cf
     echo $HOSTNAME.$MAINDOM > /etc/mailname
     svc_restart postfix
 }
@@ -34,6 +35,7 @@ precheck_conf_mail()
         prnt E "Aucun domaine principal renseigné."
         die 158
     fi
+    file_exists postfix/main.cf
 }
 
 export -f conf_mail

modules/conf_ntp.sh

@@ -21,9 +21,9 @@ conf_ntp()
         systemctl disable systemd-timesyncd || true
     fi
 
-    prnt I "Installation du démon ntp..."
+    prnt I "Installing ntp daemon..."
     pkginst ntp
-    prnt I "Arrêt du service ntp..."
+    prnt I "Stopping service ntp..."
     svc_stop ntp
 
     prnt I "Installation du fichier de configuration de NTP."
@@ -38,23 +38,21 @@ conf_ntp()
         echo "# Generated on $(stdtime)" >> $dest &&
         mv -fv $dest /etc/ntp.conf
 
-    prnt I "Démarrage du service ntp..."
+    prnt I "Starting service ntp..."
     svc_start ntp
     sleep 2 # short sleep so we're sure daemon is ready
     ntptime
-
-    prnt -n I "Attente de 5 secondes pour synchronisation de l'heure"
-    dsleep 5
 }
 
 # NTP
 precheck_conf_ntp()
 {
     if [[ -z $NTPSERVERS ]]; then
-        prnt E "Pas de serveur NTP configuré !"
+        prnt E "No configured NTP server!"
         die 151
     else
-        prnt m "Les serveurs ntp utilisés seront : $NTPSERVERS"
+        file_exists ntp.conf
+        prnt m "The NTP servers to be used will be: $NTPSERVERS"
     fi
 }
 

modules/conf_ssh.sh

@@ -25,7 +25,7 @@ conf_ssh()
     prnt I "Installation des fichiers de configuration de SSH..."
     for f in /etc/ssh/ssh{,d}_config; do
         backupdist $f
-        installfile $(basename $f) /etc/ssh/$(basename $f)
+        installfile ssh/$(basename $f) /etc/ssh/$(basename $f)
     done
 
     prnt I "Démarrage du sevice ssh..."
@@ -34,7 +34,7 @@ conf_ssh()
 
 precheck_conf_ssh()
 {
-    : # Nothing to check
+    file_exists ssh/ssh{,d}_config
 }
 
 export -f conf_ssh

modules/conf_syslog.sh

@@ -7,20 +7,29 @@
 # The complete license agreement can be obtained at:
 # https://opensource.org/licenses/BSD-3-Clause
 # ------------------------------------------------------------------------------
+# Variables:
+#  * SYSLOG_SRV: the syslog server name
+# ------------------------------------------------------------------------------
 
-export VER_conf_syslog="0.0.1"
+export VER_conf_syslog="0.0.2"
 
 conf_syslog()
 {
     prnt I "Configuration de rsyslog..."
     backupdist /etc/rsyslog.conf
     installfile rsyslog.conf /etc/rsyslog.conf
+    sed -i -e "s/@SYSLOG_SRV@/$SYSLOG_SRV/" /etc/rsyslog.conf
     svc_restart rsyslog
 }
 
 precheck_conf_syslog()
 {
-    : # Nothing to check
+    if [[ -z $SYSLOG_SRV ]]; then
+        prnt E "Undeclared syslog server name !"
+        die 181
+    else
+        file_exists rsyslog.conf
+    fi
 }
 
 export -f conf_syslog

modules/install_mkagent.sh

@@ -12,28 +12,39 @@
 #  * MK_PORT: Port check_mk agent will use to communicate with server
 # ------------------------------------------------------------------------------
 
-export VER_install_mkagent="0.0.2"
+export VER_install_mkagent="0.0.4"
 export DEP_install_mkagent="upgrade_dist install_pkg"
 
 install_mkagent()
 {
-    pkginst $MYPATH/repo/mk_agents/check-mk-agent_${MKVERSION}_all.deb
+    wget $MK_URL -O /tmp/check-mk-agent_${MK_VERSION}_all.deb
+    pkginst xinetd /tmp/check-mk-agent_${MK_VERSION}_all.deb
+    rm /tmp/check-mk-agent_${MK_VERSION}_all.deb
+
     backupdist /etc/xinetd.d/check_mk
-    installfile check_mk /etc/xinetd.d/check_mk
-    sed -i -e "s/@MK_SERVER@/$MK_SERVER/" /etc/xinetd.d/check_mk
+    installfile cmk/check_mk /etc/xinetd.d/check_mk
+    mkdir -pv /usr/lib/check_mk_agent/plugins/28800
+    installfile cmk/mk_apt /usr/lib/check_mk_agent/plugins/28800/mk_apt
+    sed -i -e "s/@MK_SERVER_IP@/$MK_SERVER_IP/" /etc/xinetd.d/check_mk
+
     svc_restart xinetd
 }
 
 precheck_install_mkagent()
 {
-    if [[ -n $MKVERSION ]]; then
+    if [[ -z $MK_VERSION ]]; then
         prnt E "Undeclared check_mk version of the agent to install."
         die 162
     fi
-    if [[ -n $MK_SERVER ]]; then
+    if [[ -z $MK_URL ]]; then
+        prnt E "Undeclared check_mk download URL."
+        die 162
+    fi
+    if [[ -z $MK_SERVER_IP ]]; then
         prnt E "Undeclared check_mk server."
         die 162
     fi
+    file_exists cmk/check_mk cmk/mk_apt
 }
 
 export -f install_mkagent

modules/install_profile.sh

@@ -13,7 +13,7 @@ export DEP_install_profile="install_pkg"
 
 install_profile()
 {
-    #installfile ansi_shadow.flf /usr/share/figlet/ansi_shadow.flf
+    installfile profile/ansi_shadow.flf /usr/share/figlet/ansi_shadow.flf
 
     local usrlist="/root"
     if find /home -mindepth 1 -maxdepth 1 -type d | read; then
@@ -22,15 +22,19 @@ install_profile()
 
     # Create a dir in home so /home/* is always interpreted correctly
     for usr in $usrlist; do
-        backupdist $usr/{,.}profile $usr/.bashrc
-        installfile {.,}profile .bashrc $usr/
+        backupdist $usr/{.,}profile $usr/.bashrc
+        installfile profile/{{.,}profile,.bashrc} $usr/
+        installfile profile/.tmux/.tmux.conf{,.local} $usr/
     done
     unset usrlist
+
+    backupdist /etc/motd
+    installfile profile/motd /etc/motd
 }
 
 precheck_install_profile()
 {
-    :
+    file_exists profile/{{.,}profile,.bashrc,.tmux/.tmux.conf{,.local}}
 }
 
 export -f install_profile

modules/patch_snmp.sh

@@ -13,20 +13,27 @@ export DEP_patch_snmp="install_pkg"
 
 patch_snmp()
 {
+    pkginst snmpd
     backupdist /etc/snmp/snmpd.conf /etc/default/snmpd \
         /lib/systemd/system/snmpd.service /etc/init.d/snmpd
-    installfile snmpd.conf /etc/snmp/snmpd.conf
-    installfile snmpd.init /etc/init.d/snmpd
+    installfile snmpd/snmpd.conf /etc/snmp/snmpd.conf
+    installfile snmpd/snmpd.init /etc/init.d/snmpd
+    installfile snmpd/snmpd.default /etc/default/snmpd
     if [[ -e /lib/systemd/system/snmpd.service ]]; then
-        installfile snmpd.service /lib/systemd/system/snmpd.service
-        systemctl daemon-reload
+        installfile snmpd/snmpd.service /lib/systemd/system/snmpd.service
+        if command -v systemctl &> /dev/null; then
+             systemctl daemon-reload
+        fi
     fi
     svc_restart snmpd
 }
 
 precheck_patch_snmp()
 {
-    :
+    file_exists snmpd/snmpd.{conf,init,default}
+    if [[ -e /lib/systemd/system/snmpd.service ]]; then
+        file_exists snmpd/snmpd.service
+    fi
 }
 
 export -f patch_snmp

modules/select_system_proxy.sh

@@ -24,7 +24,7 @@ select_system_proxy()
 
 precheck_select_system_proxy()
 {
-    :
+    file_exists proxy.rc.local
 }
 
 export -f select_system_proxy

modules/upgrade_dist.sh

@@ -22,9 +22,14 @@ export DEP_upgrade_dist="conf_ntp"
 upgrade_dist()
 {
     local proxyfile=/etc/apt/apt.conf.d/00proxy
+    local norecommends=/etc/apt/apt.conf.d/99no-recommends
 
     # We backup entire apt dir as future version will normalise source.list files
     backupdist /etc/apt
+    prnt I "Basic apt configuration..."
+    echo 'APT::Install-Recommends "false";' > $norecommends
+    echo 'APT::AutoRemove::RecommendsImportant "false";' >> $norecommends
+    echo 'APT::AutoRemove::SuggestsImportant "false";' >> $norecommends
 
     prnt I "Configuration du proxy pour APT..."
     if [[ -n $PROXYAPT ]]; then
@@ -35,7 +40,7 @@ upgrade_dist()
             )
         fi
         echo "# Generated automatically on $(stdtime) by $0" > $proxyfile
-        echo "Acquire::http::Proxy \"http://${PROXYAPT}:${PROXYAPTPORT}\";" >> $proxyfile
+        echo "Acquire::http::Proxy \"http://${PROXYAPT}:${PROXYAPT_PORT}\";" >> $proxyfile
     elif [[ -n $http_proxy ]]; then
         echo "# Generated automatically on $(stdtime) by $0" > $proxyfile
         echo "Acquire::http::Proxy \"http://${http_proxy}\";" >> $proxyfile
@@ -44,7 +49,7 @@ upgrade_dist()
     fi
 
     # Remplace source.list from dist with ours (be smarter)
-    installfile "${SYS_DIST}_${SYS_VER}.list" /etc/apt/sources.list
+    installfile "pkgman/${SYS_DIST}_${SYS_VER}.list" /etc/apt/sources.list
 
     prnt I "Mise à jour de la liste des paquets..."
     pkgupdt
@@ -61,13 +66,14 @@ precheck_upgrade_dist()
     prnt I "Vérification du réseau..."
 
     if [[ $(noerror wget -q --tries=10 --timeout=20 --spider http://www.cnrs.fr) != 0 ]]; then
-        prnt E "Réseau non fonctionnel ! Abandon."
+        prnt E "It seems network configuration is not functionnal! Giving up."
         die 160
     fi
-    if [[ -n $PROXYAPT && -z $PROXYAPTPORT ]]; then
+    if [[ -n $PROXYAPT && -z $PROXYAPT_PORT ]]; then
         prnt E "Un serveur proxy a été spécifié mais pas son port d'usage."
         die 160
     fi
+    file_exists pkgman/${SYS_DIST}_${SYS_VER}.list
 }
 
 cron_upgrade_dist()