fatalerrors/init.sh
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: fatalerrors:a02cb3b3bdc60eb459c5f3a6fb0bf5c7f9d622ad
Branches Tags
fatalerrors:master
..
compare: fatalerrors:master
Branches Tags
fatalerrors:master

35 Commits
a02cb3b3bd ... master

Author SHA1 Message Date
fatalerrors
a229263c25 reconfigure arayat 2025-10-30 15:56:40 +01:00
fatalerrors
6865b4f967 fix download file name 2025-10-30 15:56:40 +01:00
fatalerrors
cbea670dd8 conf update 2025-10-18 10:58:39 +02:00
fatalerrors
cf76b4e7c3 typos 2025-10-16 18:05:27 +02:00
fatalerrors
900801e27c remove way too long ago obsolete file 2025-10-16 16:09:05 +02:00
fatalerrors
f7bdab1bdb created var management lib, embryo removed from filefct lib 2025-10-16 15:36:35 +02:00
fatalerrors
1132d20796 detect mk version if latest not provided, install xinetd before agent where required 2025-10-16 15:28:46 +02:00
root
cf631ea9a3 adapted to devuan excalibur 2025-10-02 21:33:32 +02:00
fatalerrors
8985f3114f added new debian/devuan versions 2025-10-02 19:38:30 +02:00
fatalerrors
aea656675b add output, made some command verbose 2025-09-25 22:37:58 +02:00
fatalerrors
fdce8fd76d typo 2025-09-25 22:24:23 +02:00
fatalerrors
f2e3d3e3b9 latest not provided, back to fixed version 2025-09-25 22:22:18 +02:00
fatalerrors
6343d4185d premature ip change 2025-09-25 22:16:14 +02:00
fatalerrors
717b240d02 fix ceph mount point creation 2025-09-25 22:13:30 +02:00
fatalerrors
3e4ac11d5b fix typo 2025-09-25 22:02:48 +02:00
fatalerrors
5dfcfb383a typo 2025-09-25 22:01:51 +02:00
fatalerrors
1251ae519f fix comment 2025-09-25 21:55:38 +02:00
fatalerrors
7c5f280039 test over 2025-09-25 21:55:06 +02:00
fatalerrors
6538bb0305 test 2025-09-25 21:44:15 +02:00
fatalerrors
59acdb2ac8 typo 2025-09-25 21:37:32 +02:00
fatalerrors
e3714fb61d conf updated 2025-09-25 21:36:24 +02:00
fatalerrors
850831f51c restart network will have better success 2025-09-25 21:35:59 +02:00
fatalerrors
57cf93ac41 rework conf_ntp module 2025-09-25 20:44:35 +02:00
fatalerrors
e32501537d fusion commit 2025-09-25 20:42:59 +02:00
fatalerrors
b894c793c1 fix variable name 2025-09-25 10:54:18 +02:00
fatalerrors
7e8b3fb656 fix typo 2025-09-24 18:37:27 +02:00
fatalerrors
a05f3b25ab depends on ceph to install ceph... 2025-09-24 18:05:23 +02:00
fatalerrors
624b8d4c6e revert redirection change, change approach 2025-09-24 18:01:27 +02:00
fatalerrors
da53bfd721 version bump 2025-09-24 17:24:55 +02:00
fatalerrors
834cb9d307 prnt now output to STDERR allowing printing in functions returning results on STDOUT 2025-09-24 17:23:22 +02:00
fatalerrors
90be985777 fixed error on file detection 2025-09-24 17:00:56 +02:00
fatalerrors
ccc973c5ef check secret availability before run 2025-09-24 16:51:25 +02:00
fatalerrors
9803c4b312 added secrets availability checks 2025-09-24 16:50:42 +02:00
fatalerrors
a3b69a7c88 updated README file 2025-09-24 15:41:04 +02:00
fatalerrors
1e277ac209 fixed secret lib 2025-09-24 15:40:29 +02:00
22 changed files with 482 additions and 223 deletions
Expand all files Collapse all files

8
README.md
View File

@@ -328,6 +328,12 @@ The following table is giving a list of error codes with explanation:
| 18 | Module file don't exists or is empty | | 18 | Module file don't exists or is empty |
| 20 | Ambigous realm with autodetection | | 20 | Ambigous realm with autodetection |
| 21 | Unconsistant directory structure with configured realm | | 21 | Unconsistant directory structure with configured realm |
| 22 | Required secret management software missing |
| 23 | Secret key not found in secret database |
| 24 | File is not readable |
| 25 | Needed variable not set or not declared |
| 26 | Secret reference missing or malformed |
| 27 | Unknown secret reference |
| 50..100 | Error in module execution | | 50..100 | Error in module execution |
| 126 | Command exists but is not executable | | 126 | Command exists but is not executable |
| 127 | Command not found | | 127 | Command not found |
@@ -394,7 +400,7 @@ You can mail author to fatalerrors \<at\> geoffray-levasseur \<dot\> org.
----------------------------------------------------------------------------- -----------------------------------------------------------------------------
Documentation (c) 2019-2022 Geoffray Levasseur. Documentation (c) 2019-2025 Geoffray Levasseur.
This file is distributed under3-clause BSD license. The complete license This file is distributed under3-clause BSD license. The complete license
agreement can be obtained at: https://opensource.org/licenses/BSD-3-Clause agreement can be obtained at: https://opensource.org/licenses/BSD-3-Clause

4
README.txt
View File

@@ -1,4 +0,0 @@
This is deployment scripts for LEGOS git repository created on 2021-05-31-11:31:04
An english version for general purpose is available at https://www.geoffray-levasseur.org/init
Check README.md for details.

6
conf/auto/debian-13.conf.sh Normal file
View File

@@ -0,0 +1,6 @@
# Check debian.conf file for general declaration
# This is specific for version 13
export NTP_SERV=ntpsec
export SOURCE_EXT=source
export NO_MAIN_SOURCE=true

3
conf/auto/debian.conf.sh
View File

@@ -19,6 +19,9 @@ export COM_AUTOREM="autoremove --purge -y"
# This is not used by init.sh # This is not used by init.sh
export DEBIAN_FRONTEND=noninteractive export DEBIAN_FRONTEND=noninteractive
# Configure how apt behave regarding source.list files
export NO_MAIN_SOURCE=false
# Conf chemin # Conf chemin
export RC_SCRIPTS_PATH="/etc/init.d" export RC_SCRIPTS_PATH="/etc/init.d"

4
conf/auto/devuan-6.conf.sh Normal file
View File

@@ -0,0 +1,4 @@
# Check devuan.conf file for general declaration
# This is specific for version 6
export NTP_SERV=ntpsec

6
conf/geoffray-levasseur.org/arayat.conf.sh
View File

@@ -41,10 +41,10 @@ NET4_NS_eth0="192.168.1.205 192.168.1.206"
NET4_NS_SEARCH_eth0=$REALM NET4_NS_SEARCH_eth0=$REALM
NET4_MODE_eth1="static" NET4_MODE_eth1="static"
NET4_IP_eth1="192.168.74.220/24" NET4_IP_eth1="192.168.74.100/24"
NET4_MODE_eth2="static" NET4_MODE_eth2="static"
NET4_IP_eth2="10.0.254.220/16" NET4_IP_eth2="10.42.250.100/16"
IPV6_IFACES="eth0 eth1" IPV6_IFACES="eth0 eth1"
@@ -63,7 +63,7 @@ NET6_IP_eth1="2a03:7220:8081:b34a::dc/64"
INTALL_MODE=full INTALL_MODE=full
# Paquets additionnels # Paquets additionnels
PKGSEL="$PKGSEL iptables fail2ban curl" PKGSEL="$PKGSEL iptables curl"
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# -------------------------- Section modules d'init ---------------------------- # -------------------------- Section modules d'init ----------------------------

6
conf/geoffray-levasseur.org/labo.conf.sh
View File

@@ -26,8 +26,6 @@ MAINUSER=root
WITH_LDAP_KERB=no WITH_LDAP_KERB=no
# Users to create, add or remove # Users to create, add or remove
#LOCAL_USERS="$MAINUSER"
#REMOTE_USERS="kroot"
REMOVE_USERS="fatal" REMOVE_USERS="fatal"
# Network # Network
@@ -40,7 +38,7 @@ NET4_NS_eth0="192.168.1.205 192.168.1.206"
NET4_NS_SEARCH_eth0=$REALM NET4_NS_SEARCH_eth0=$REALM
NET4_MODE_eth1="static" NET4_MODE_eth1="static"
NET4_IP_eth1="10.42.0.207/16" NET4_IP_eth1="10.42.250.180/16"
IPV6_IFACES="" IPV6_IFACES=""
@@ -64,5 +62,5 @@ PKGSEL="$PKGSEL nsd ldnsutils haveged"
# Liste des modules à executer (surchargeable en ligne de commande) # Liste des modules à executer (surchargeable en ligne de commande)
MODULE_LIST="conf_ntp upgrade_dist conf_ceph authnz conf_locale conf_ssh \ MODULE_LIST="conf_ntp upgrade_dist conf_ceph authnz conf_locale conf_ssh \
conf_mail install_pkg install_profile patch_snmp install_mkagent \ conf_mail install_pkg install_profile patch_snmp \
conf_syslog conf_network" conf_syslog conf_network"

3
conf/geoffray-levasseur.org/latukan.conf.sh
View File

@@ -50,10 +50,11 @@ NET6_GW_eth0="2a03:7220:8081:b301::e7"
NET6_NS_eth0="2a03:7220:8081:b301::cd 2a03:7220:8081:b301::ce" NET6_NS_eth0="2a03:7220:8081:b301::cd 2a03:7220:8081:b301::ce"
NET6_NS_SEARCH_eth0=$REALM NET6_NS_SEARCH_eth0=$REALM
# Gestionnaire de paquet :
# Mode d'installation : # Mode d'installation :
# * dev : installe les paquets un par un avec apt (lent) # * dev : installe les paquets un par un avec apt (lent)
# * full : envoie d'un seul coup la liste de tous les paquets à apt (rapide) # * full : envoie d'un seul coup la liste de tous les paquets à apt (rapide)
NO_MAIN_SOURCE=false
INTALL_MODE=full INTALL_MODE=full
# Paquets additionnels # Paquets additionnels

8
conf/includes/gl.conf.sh
View File

@@ -24,7 +24,7 @@ export CEPHIP_mayon="192.168.1.254"
export CEPHIP_pinatubo="192.168.1.253" export CEPHIP_pinatubo="192.168.1.253"
export CEPHIP_ragang="192.168.1.252" export CEPHIP_ragang="192.168.1.252"
export CEPHIP_taal="192.168.1.251" export CEPHIP_taal="192.168.1.251"
export CEPH_SECRET="file:/share/services/gestparc/ceph_secret" export CEPH_SECRET="file:/tmp/ceph_secret"
export CEPH_MOUNTS="datastore mediastore" export CEPH_MOUNTS="datastore mediastore"
export CEPH_MP_datastore="/srv/ceph" export CEPH_MP_datastore="/srv/ceph"
export CEPH_MP_mediastore="/srv/media" export CEPH_MP_mediastore="/srv/media"
@@ -34,12 +34,12 @@ export SHARED_HOME="false"
export SSHD_PERMITROOT_RANGE="192.168.1.0/24" export SSHD_PERMITROOT_RANGE="192.168.1.0/24"
# Check MK # Check MK
#export MK_VERSION="2.3.0p27-1" No longer needed #export MK_VERSION="2.4.0p12-1" #shoud be autodetected now
export MK_SERVER_IP="10.250.42.20" export MK_SERVER_IP="192.168.1.201"
export MK_SITE="check_mk" export MK_SITE="check_mk"
export MK_URL="http://$MK_SERVER_IP/$MK_SITE/check_mk/agents/check-mk-agent_latest_all.deb" export MK_URL="http://$MK_SERVER_IP/$MK_SITE/check_mk/agents/check-mk-agent_latest_all.deb"
export MK_SECRET="file:/share/services/gestparc/mk_secret" export MK_SECRET="file:/share/services/gestparc/mk_secret"
export MK_USER="cmk-agent"
# Samba # Samba
export SMBSRV="silay.$REALM" export SMBSRV="silay.$REALM"

4
conf/includes/pkgsel.base.conf.sh
View File

@@ -7,12 +7,12 @@ export PKGS_RMLIST="apparmor laptop-detect resolvconf snapd wamerican chafa"
export PKGS_BLACKLIST="apparmor resolvconf chafa snapd" export PKGS_BLACKLIST="apparmor resolvconf chafa snapd"
# Base # Base
export PKGS_BASE="debconf-utils debhelper deborphan ethtool cpufrequtils \ export PKGS_BASE="debconf-utils debhelper ethtool \
curl hwinfo lm-sensors libatasmart-bin lsscsi pciutils vim emacs-nox \ curl hwinfo lm-sensors libatasmart-bin lsscsi pciutils vim emacs-nox \
mailutils htop lsof ltrace strace bash-completion host dnsutils \ mailutils htop lsof ltrace strace bash-completion host dnsutils \
sysstat ifstat iftop iotop mtr-tiny tcpdump mc pbzip2 pigz \ sysstat ifstat iftop iotop mtr-tiny tcpdump mc pbzip2 pigz \
xz-utils zip unzip plzip lzip ftp lftp bc dc dos2unix psmisc udunits-bin \ xz-utils zip unzip plzip lzip ftp lftp bc dc dos2unix psmisc udunits-bin \
whois tmux screen debconf-doc dump figlet gawk multitail neofetch nmap \ whois tmux screen debconf-doc dump figlet gawk multitail fastfetch nmap \
oping pv traceroute rsync tree git qemu-guest-agent ca-certificates" oping pv traceroute rsync tree git qemu-guest-agent ca-certificates"
# Agregation of the package lists # Agregation of the package lists

2
init.sh
View File

@@ -36,7 +36,7 @@ export LC_ALL=C
export LANG=C export LANG=C
# Version of init # Version of init
export VERSION="0.99.23" export VERSION="0.99.24"
# Store script's path (realpath -s resolve symlinks if init.sh is a symlink) # Store script's path (realpath -s resolve symlinks if init.sh is a symlink)
export MYPATH=$(dirname "$(realpath -s "$0")") export MYPATH=$(dirname "$(realpath -s "$0")")

49
lib/filefct.sh
View File

@@ -231,52 +231,6 @@ export -f is_dir_empty
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
# copy and patch a file replacing all @var@ by the corresponding value in
# the environment or the variable list given in parameter
patch_file()
{
local srcfile=$(select_file $1) && shift
local dstfile=$1 && shift
local workfile=${dstfile}.work
if [[ ! -s $srcfile ]]; then
prnt E "patch_file(): Source file is empty, is not a file or don't exists!"
die 10
fi
# Create a sub-process, to avoid bash environment pollution
(
local varlist='' pattern=''
if [[ $# -eq 0 ]] ; then
pattern="-e s/<\(.*\)>/\$\1\$\1/g"
else
local var=
for var in $* ; do
if ! declare -p $var >/dev/null 2>&1 ; then
local $var=$(eval echo \$$var)
fi
pattern="$pattern -e s/@$var@/\$$var/g"
varlist=$varlist\$$var
done
fi
# sed replace <VAR> with \$$VAR and envsubst do the replace by value
sed $pattern $srcfile | envsubst ${varlist:+"$varlist"} > "$workfile"
)
local -a rights=( $(stat --printf="%a %u %g" "$srcfile") )
unset srcfile
mv "$workfile" "$dstfile"
chmod ${rights[0]} "$dstfile"
chown ${rights[1]}:${rights[2]} "$dstfile"
unset rights dstfile
}
export -f patch_file
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Put a small header in a file showing it have been automatically modified # Put a small header in a file showing it have been automatically modified
tag_file() tag_file()
@@ -286,8 +240,7 @@ tag_file()
if [[ -e $f ]]; then if [[ -e $f ]]; then
sed -i "1s/^/$text\n/" $f sed -i "1s/^/$text\n/" $f
else else
echo $text > $f echo $text | sed "s/modified/generated/" > $f
sed -i -e "s/modified/generated/" $f
fi fi
done done
} }

116
lib/secret.sh
View File

@@ -11,13 +11,14 @@
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Passbolt # Get Passbolt
get_passbolt_secret() { get_passbolt_secret()
{
local name="$1" secret local name="$1" secret
if ! command -v passbolt >/dev/null 2>&1; then if ! command -v passbolt >/dev/null 2>&1; then
prnt E "Passbolt CLI not found (required to fetch passbolt:$name)." prnt E "Passbolt CLI not found (required to fetch passbolt:$name)."
return 3 die 22
fi fi
# Exemple basé sur CLI Passbolt + jq # Exemple basé sur CLI Passbolt + jq
@@ -26,26 +27,28 @@ get_passbolt_secret() {
if [[ -z "$secret" || "$secret" == "null" ]]; then if [[ -z "$secret" || "$secret" == "null" ]]; then
prnt E "Secret '$name' not found in Passbolt." prnt E "Secret '$name' not found in Passbolt."
return 4 die 23
fi fi
printf '%s' "$secret" printf '%s' "$secret"
} }
export -f get_passbolt_secret
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# File # Get File
get_file_secret() { get_file_secret()
{
local path="$1" secret local path="$1" secret
if [[ -z "$path" ]]; then if [[ ! -s "$path" ]]; then
prnt E "get_file_secret: missing path" prnt E "get_file_secret: missing secret file"
return 5 die 10
fi fi
if [[ ! -r "$path" ]]; then if [[ ! -r "$path" ]]; then
prnt E "get_file_secret: '$path' not readable" prnt E "get_file_secret: '$path' not readable"
return 6 die 24
fi fi
secret=$(<"$path") secret=$(<"$path")
@@ -53,21 +56,23 @@ get_file_secret() {
secret="${secret%$'\n'}" secret="${secret%$'\n'}"
printf '%s' "$secret" printf '%s' "$secret"
} }
export -f get_file_secret
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Environment variable # Get Environment variable
get_var_secret() { get_var_secret()
{
local var="$1" secret local var="$1" secret
if [[ -z "$var" ]]; then if [[ -z "$var" ]]; then
prnt E "get_var_secret: missing variable name" prnt E "get_var_secret: missing variable name"
return 7 die 25
fi fi
if ! printenv "$var" >/dev/null 2>&1; then if ! printenv "$var" >/dev/null 2>&1; then
prnt E "get_var_secret: variable '$var' not set" prnt E "get_var_secret: variable '$var' not set"
return 8 die 25
fi fi
secret="$(printenv "$var")" secret="$(printenv "$var")"
@@ -75,18 +80,21 @@ get_var_secret() {
secret="${secret%$'\n'}" secret="${secret%$'\n'}"
printf '%s' "$secret" printf '%s' "$secret"
} }
export -f get_var_secret
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Main dispatcher # Main get dispatcher
# Usage: fetch_secret "scheme:identifier" # Usage: fetch_secret "scheme:identifier"
fetch_secret() { fetch_secret()
{
local ref="$1" local ref="$1"
local scheme identifier func local scheme identifier func
if [[ -z "$ref" ]]; then if [[ -z "$ref" ]]; then
prnt E "fetch_secret: no reference provided" prnt E "fetch_secret: no reference provided"
return 1 die 26
fi fi
# par défaut, si pas de scheme -> "file" # par défaut, si pas de scheme -> "file"
@@ -102,7 +110,7 @@ fetch_secret() {
if ! declare -f "$func" >/dev/null 2>&1; then if ! declare -f "$func" >/dev/null 2>&1; then
prnt E "fetch_secret: unsupported scheme '$scheme' (no function $func)" prnt E "fetch_secret: unsupported scheme '$scheme' (no function $func)"
return 2 die 27
fi fi
"$func" "$identifier" "$func" "$identifier"
@@ -111,4 +119,76 @@ export -f fetch_secret
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
# Check Passbolt
check_passbolt_secret() {
local name="$1" found
if ! command -v passbolt >/dev/null 2>&1; then
return 1
fi
found=$(passbolt secret list --json 2>/dev/null | jq -e --arg NAME "$name" \
'.[] | select(.name == $NAME) | .secrets[0].data' 2>/dev/null)
[[ -n "$found" && "$found" != "null" ]]
}
export -f check_passbolt_secret
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
# Check File
check_file_secret() {
local path="$1"
[[ -r "$path" && -s "$path" ]]
}
export -f check_file_secret
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
# Check Environment variable
check_var_secret() {
local var="$1"
[[ -n "$var" ]] && printenv "$var" >/dev/null 2>&1
}
export -f check_var_secret
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
# Check Dispatcher
check_secret() {
local ref="$1"
local scheme identifier func
if [[ -z "$ref" ]]; then
prnt E "check_secret: no reference provided"
return 1
fi
if [[ "$ref" != *:* ]]; then
scheme="file"
identifier="$ref"
else
scheme="${ref%%:*}"
identifier="${ref#*:}"
fi
func="check_${scheme}_secret"
if ! declare -f "$func" >/dev/null 2>&1; then
prnt E "check_secret: unsupported scheme '$scheme' (no function $func)"
return 1
fi
"$func" "$identifier"
}
export -f check_secret
# ------------------------------------------------------------------------------
# EOF # EOF

108
lib/vars.sh Normal file
View File

@@ -0,0 +1,108 @@
#!/bin/bash
# ------------------------------------------------------------------------------
# Variables substitution function
# This file is part of the init.sh project
# Copyright (c) 2019-2024 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# ------------------------------------------------------------------------------
# This file is distributed under 3-clause BSD license.
# The complete license agreement can be obtained at:
# https://opensource.org/licenses/BSD-3-Clause
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
# Replace @VAR@ in a text file by the corresponding $VAR value
# The --delimiter or -d option allow to use something else than @
setvar()
{
local delimiter="@"
local vars=()
local file
# Parse arguments
while [[ $# -gt 0 ]]; do
case "$1" in
--delimiter|-d)
shift
delimiter="${1:-@}"
;;
-*)
prnt E "setvar(): Unknown option: $1"
die 7
;;
*)
if [[ -f $1 && $# -eq 1 ]]; then
file="$1"
else
vars+=("$1")
fi
;;
esac
shift
done
if [[ -z $file ]]; then
prnt E "Usage: setvar [--delimiter D] VAR1 [VAR2 ...] <file>"
die 7
fi
if [[ ${#vars[@]} -eq 0 ]]; then
prnt E "No variable name(s) provided."
die 7
fi
local var val escaped pattern
for var in "${vars[@]}"; do
val="${!var}"
if [[ -z $val ]]; then
prnt W "Variable '$var' is unset or empty; skipped."
continue
fi
# Échapper les caractères spéciaux pour sed
escaped=$(printf '%s' "$val" | sed -e 's/[\/&]/\\&/g')
pattern="${delimiter}${var}${delimiter}"
prnt I "Replacing $pattern with $val in $file"
sed -i -e "s|$pattern|$escaped|g" "$file"
done
}
export -f setvar
# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
# Replace @VAR@ in a text file by the corresponding values available in the
# environment. The --delimiter or -d option allow to use something else than @
setvars_from_env()
{
local file delimiter="@"
while [[ $# -gt 0 ]]; do
case "$1" in
-d|--delimiter)
shift
delimiter="${1:-@}"
;;
*)
file="$1"
;;
esac
shift
done
[[ -f $file ]] || {
prnt E "File not found: $file"
die 10
}
local vars
vars=$(grep -o "${delimiter}[A-Z0-9_]\+${delimiter}" "$file" | sort -u | tr -d "$delimiter")
[[ -z $vars ]] && return 0
setvar --delimiter "$delimiter" $vars "$file"
}
export -f setvars_from_env
# ------------------------------------------------------------------------------
# EOF

20
modules/conf_ceph.sh
View File

@@ -21,7 +21,7 @@
# higher priority. # higher priority.
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
export VER_conf_ceph="1.0.1" export VER_conf_ceph="1.0.2"
export DEP_conf_ceph="" export DEP_conf_ceph=""
conf_ceph() conf_ceph()
@@ -65,14 +65,18 @@ conf_ceph()
prnt I "Adding ceph entries to /etc/fstab" prnt I "Adding ceph entries to /etc/fstab"
tag_file /etc/fstab tag_file /etc/fstab
echo >> /etc/fstab echo >> /etc/fstab
local srvlist=${CEPH_SRV_NAMES/ /,} local srvlist=${CEPH_SRV_NAMES// /,}
prnt I "Fetching secret $CEPH_SECRET..."
local secret local secret
secret=$(fetch_secret "$CEPH_SECRET") secret=$(fetch_secret "$CEPH_SECRET")
if ! grep -q "$srvlist" /etc/fstab; then if ! grep -q "$srvlist" /etc/fstab; then
echo "# Ceph :" >> /etc/fstab echo "# Ceph :" >> /etc/fstab
for mnt in $CEPH_MOUNTS; do for mnt in $CEPH_MOUNTS; do
mkdir -pv "$mnt" local mp=$(eval echo \$CEPH_MP_$mnt)
echo "$srvlist:/ $(eval echo \$CEPH_MP_$mnt) ceph defaults,_netdev,name=admin,secret=$secret,id=$mnt 0 0" >> /etc/fstab mkdir -pv "$mp"
echo "$srvlist:/ $mp ceph defaults,_netdev,name=admin,secret=$secret,mds_namespace=$mnt 0 0" >> /etc/fstab
unset mp
done done
else else
prnt W "Ceph entry already in /etc/fstab, nothing to do" prnt W "Ceph entry already in /etc/fstab, nothing to do"
@@ -89,7 +93,10 @@ conf_ceph()
if ! grep -q "$SMBSRV" /etc/fstab; then if ! grep -q "$SMBSRV" /etc/fstab; then
echo "# Samba:" >> /etc/fstab echo "# Samba:" >> /etc/fstab
for mnt in $CEPH_MOUNTS; do for mnt in $CEPH_MOUNTS; do
echo "//$SMBSRV/$mnt $(eval echo \$CEPH_MP_$mnt) cifs defaults,_netdev,username=root,password= 0 0" >> /etc/fstab local mp=$(eval echo \$CEPH_MP_$mnt)
mkdir -pv $mp
echo "//$SMBSRV/$mnt $mp cifs defaults,_netdev,username=root,password= 0 0" >> /etc/fstab
unset $mp
done done
else else
prnt W "Samba entry already in /etc/fstab, nothing to do" prnt W "Samba entry already in /etc/fstab, nothing to do"
@@ -149,6 +156,9 @@ precheck_conf_ceph()
prnt m "you need to export it temporarily in your environment, using the" prnt m "you need to export it temporarily in your environment, using the"
prnt m "\"CEPH_SECRET\" variable." prnt m "\"CEPH_SECRET\" variable."
die 181 die 181
elif ! check_secret $CEPH_SECRET; then
prnt E "The declared $CEPH_SECRET is not accessible."
die 183
fi fi
if [[ -z $CEPH_MOUNTS ]]; then if [[ -z $CEPH_MOUNTS ]]; then
prnt E "No CEPH mounts declared, despite reachable servers." prnt E "No CEPH mounts declared, despite reachable servers."

9
modules/conf_network.sh
View File

@@ -100,11 +100,10 @@ conf_network()
fi fi
done done
prnt I "Trying to raise down iface up. Allready configured iface will require a reboot" prnt I "Restart network to apply changes"
ifup -a || true && prnt W "Ignoring errors here." svc_restart networking || true && prnt W "Ignoring errors here."
unset iface if_file unset iface if_file
export NEED_REBOOT=true
} }
precheck_conf_network() precheck_conf_network()
@@ -119,7 +118,7 @@ precheck_conf_network()
die 175 die 175
else else
if [[ $(grep "up" /sys/class/net/$iface/operstate) ]]; then if [[ $(grep "up" /sys/class/net/$iface/operstate) ]]; then
prnt W "The IPv4 iface $iface, is already configured, a reboot will be required." prnt W "The IPv4 iface $iface, is already configured, a reboot could be required."
fi fi
fi fi
if [[ -z $(eval echo \$NET4_MODE_$iface) ]]; then if [[ -z $(eval echo \$NET4_MODE_$iface) ]]; then
@@ -157,7 +156,7 @@ precheck_conf_network()
die 175 die 175
else else
if [[ $(grep "up" /sys/class/net/$iface/operstate) ]]; then if [[ $(grep "up" /sys/class/net/$iface/operstate) ]]; then
prnt W "The IPv6 iface $iface, is already configured, a reboot will be required." prnt W "The IPv6 iface $iface, is already configured, a reboot could be required."
fi fi
fi fi
if [[ -z $(eval echo \$NET6_MODE_$iface) ]]; then if [[ -z $(eval echo \$NET6_MODE_$iface) ]]; then

11
modules/conf_ntp.sh
View File

@@ -11,7 +11,7 @@
# * NTPSERVERS: list of NTP servers # * NTPSERVERS: list of NTP servers
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
export VER_conf_ntp="0.1.6" export VER_conf_ntp="0.2.0"
export DEP_conf_ntp="" export DEP_conf_ntp=""
conf_ntp() conf_ntp()
@@ -21,16 +21,13 @@ conf_ntp()
systemctl disable systemd-timesyncd || true systemctl disable systemd-timesyncd || true
fi fi
NTP_SERV=${NTP_SERV:-ntp}
prnt I "Installing ntp daemon..." prnt I "Installing ntp daemon..."
pkginst ntp pkginst $NTP_SERV
prnt I "Stopping service ntp..." prnt I "Stopping service ntp..."
if [[ -n $NTP_SERV ]]; then
svc_stop $NTP_SERV svc_stop $NTP_SERV
else
svc_stop ntp
fi
if [[ -n $NTP_SERV ]]; then if [[ $NTP_SERV == ntpsec ]]; then
local conf_file="/etc/$NTP_SERV/ntp.conf" local conf_file="/etc/$NTP_SERV/ntp.conf"
else else
local conf_file="/etc/ntp.conf" local conf_file="/etc/ntp.conf"

101
modules/install_mkagent.sh
View File

@@ -18,18 +18,93 @@
export VER_install_mkagent="0.1.0" export VER_install_mkagent="0.1.0"
export DEP_install_mkagent="" export DEP_install_mkagent=""
# ------------------------------------------------------------------------------
# Extract CheckMK version from the server
get_checkmk_version_from_server()
{
local ip="$1"
local site="${2:-$MK_SITE}"
local proto out v header
local re_version='[0-9]+\.[0-9]+(\.[0-9]+)?p?[0-9]+'
[[ -n "$MK_VERSION" ]] && { printf '%s' "$MK_VERSION"; return 0; }
for proto in http https; do
# 1) Tentative via version.py (souvent non protégée)
if out=$(curl -fsS --max-time 3 "$proto://$ip/$site/check_mk/version.py" 2>/dev/null); then
v=$(grep -oE "$re_version" <<<"$out" | head -n1)
[[ -n "$v" ]] && { printf '%s' "$v"; return 0; }
fi
# 2) Tentative via login.py (page de connexion)
if out=$(curl -fsS --max-time 3 "$proto://$ip/$site/check_mk/login.py" 2>/dev/null); then
v=$(grep -oE "$re_version" <<<"$out" | grep -vE '2\.[0-9]{1,3}\.[0-9]{2,3}' | head -n1)
[[ -n "$v" ]] && { printf '%s' "$v"; return 0; }
fi
# 3) En-têtes HTTP éventuels
header=$(curl -fsSI --max-time 3 "$proto://$ip/$site/" 2>/dev/null || true)
if [[ -n "$header" ]]; then
v=$(grep -oiE "$re_version" <<<"$header" | head -n1)
[[ -n "$v" ]] && { printf '%s' "$v"; return 0; }
fi
# 4) Fallback : page d'accueil, mais filtrer les faux positifs du JS
out=$(curl -fsS --max-time 5 "$proto://$ip/$site/" 2>/dev/null || true)
if [[ -n "$out" ]]; then
# Filtre plus strict : commence par 1.x ou 2.x et max 2 chiffres après le point
v=$(grep -oE "$re_version" <<<"$out" \
| grep -E '^2\.[0-9]+(\.[0-9]+)?p?[0-9]*$' \
| grep -vE '\.[0-9]{3,}' \
| head -n1)
[[ -n "$v" ]] && { printf '%s' "$v"; return 0; }
fi
done
return 1
}
install_mkagent() install_mkagent()
{ {
# Download and install agent local debfile="/tmp/check-mk-agent_latest_all.deb"
wget "$MK_URL" -O /tmp/check-mk-agent_latest_all.deb prnt I "Downloading CheckMK agent from: $MK_URL"
pkginst /tmp/check-mk-agent_latest_all.deb
rm /tmp/check-mk-agent_latest_all.deb
# Activate correct service depending on system configuration # try primary URL
if ! wget -q "$MK_URL" -O "$debfile"; then
prnt W "Primary download failed. Attempting to detect server version and fallback..."
local mkver
mkver=$(get_checkmk_version_from_server "$MK_SERVER_IP" 2>/dev/null || true)
if [[ -n "$mkver" ]]; then
prnt I "Detected Check_MK version: $mkver — building fallback URL"
# replace the literal 'latest' token in MK_URL with the detected version
local fallback_url
fallback_url="${MK_URL/latest/$mkver-1}"
prnt I "Trying fallback URL: $fallback_url"
if ! wget -q "$fallback_url" -O "$debfile"; then
prnt E "Fallback download with version $mkver failed."
die 163
fi
else
prnt E "Unable to detect Check_MK version on $MK_SERVER_IP and primary download failed."
die 163
fi
fi
# On non-systemd systems, install xinetd before the .deb to avoid postinst failures
if ! pidof systemd >/dev/null; then
pkginst xinetd
fi
# Install agent package
pkginst "$debfile"
rm -f "$debfile"
# Enable service depending on init system
if pidof systemd >/dev/null; then if pidof systemd >/dev/null; then
systemctl enable --now check-mk-agent.socket systemctl enable --now check-mk-agent.socket
else else
pkginst xinetd
backup_dist /etc/xinetd.d/check-mk-agent backup_dist /etc/xinetd.d/check-mk-agent
install_file cmk/check_mk /etc/xinetd.d/check-mk-agent install_file cmk/check_mk /etc/xinetd.d/check-mk-agent
tag_file /etc/xinetd.d/check-mk-agent tag_file /etc/xinetd.d/check-mk-agent
@@ -37,28 +112,30 @@ install_mkagent()
svc_restart xinetd svc_restart xinetd
fi fi
# Install apt plugin (for Debian) # Debian plugin
if [[ $PKG_MAN == "apt-get" ]]; then if [[ $PKG_MAN == "apt-get" ]]; then
mkdir -pv /usr/lib/check_mk_agent/plugins/3600 mkdir -pv /usr/lib/check_mk_agent/plugins/3600
install_file cmk/mk_apt /usr/lib/check_mk_agent/plugins/3600/mk_apt install_file cmk/mk_apt /usr/lib/check_mk_agent/plugins/3600/mk_apt
fi fi
# Cmk > 2.1, configure agent # Registration (if secret provided)
if [[ -n $MK_SECRET ]]; then if [[ -n $MK_SECRET ]]; then
local secret local secret
prnt I "Fetching secret $MK_SECRET..."
secret=$(fetch_secret "$MK_SECRET") secret=$(fetch_secret "$MK_SECRET")
if [[ -e /var/lib/cmk-agent/cmk-agent-ctl.gz ]]; then if [[ -e /var/lib/cmk-agent/cmk-agent-ctl.gz ]]; then
gunzip -f /var/lib/cmk-agent/cmk-agent-ctl.gz gunzip -v -f /var/lib/cmk-agent/cmk-agent-ctl.gz
chmod +x /var/lib/cmk-agent/cmk-agent-ctl chmod -v +x /var/lib/cmk-agent/cmk-agent-ctl
fi fi
if [[ -e /var/lib/cmk-agent/cmk-agent-ctl ]]; then if [[ -x /var/lib/cmk-agent/cmk-agent-ctl ]]; then
/var/lib/cmk-agent/cmk-agent-ctl register \ /var/lib/cmk-agent/cmk-agent-ctl register \
--hostname "$HOSTNAME" \ --hostname "$HOSTNAME" \
--server "$MK_SERVER_IP" \ --server "$MK_SERVER_IP" \
--site "$MK_SITE" \ --site "$MK_SITE" \
--user "$MK_USER" \ --user "$MK_USER" \
--password "$secret" --password "$secret"
else
prnt W "Agent control tool not found; skipping registration."
fi fi
unset secret unset secret
else else

15
modules/upgrade_dist.sh
View File

@@ -18,12 +18,14 @@
# TODO: This is Debian only, make this universal (at least yum/dnf compatible) # TODO: This is Debian only, make this universal (at least yum/dnf compatible)
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
export VER_upgrade_dist="0.2.5" export VER_upgrade_dist="0.3.0"
# As aptitude might fail if clock is too far from real time, we need to depend # As aptitude might fail if clock is too far from real time, we need to depend
# on ntp # on ntp
export DEP_upgrade_dist="conf_ntp" export DEP_upgrade_dist="conf_ntp"
export SOURCE_EXT="${SOURCE_EXT:-list}"
upgrade_dist() upgrade_dist()
{ {
local proxyfile=/etc/apt/apt.conf.d/00proxy local proxyfile=/etc/apt/apt.conf.d/00proxy
@@ -67,7 +69,12 @@ upgrade_dist()
fi fi
# Remplace source.list from dist with ours (be smarter) # Remplace source.list from dist with ours (be smarter)
install_file "pkgman/${SYS_DIST}_${SYS_VER}.list" /etc/apt/sources.list if [[ NO_MAIN_SOURCE == true ]]; then
install_file "pkgman/${SYS_DIST}_${SYS_VER}.list" "/etc/apt/sources.list.d/debian.${SOURCE_EXT}"
else
# We don't use SOURCE_EXT
install_file "pkgman/${SYS_DIST}_${SYS_VER}.list" "/etc/apt/sources.list"
fi
prnt I "Updating package list..." prnt I "Updating package list..."
pkgupdt pkgupdt
@@ -96,6 +103,10 @@ precheck_upgrade_dist()
die 160 die 160
fi fi
file_must_exists pkgman/${SYS_DIST}_${SYS_VER}.list file_must_exists pkgman/${SYS_DIST}_${SYS_VER}.list
if [[ -z $NO_MAIN_SOURCE ]]; then
prnt E "A required variable to configure apt is not defined."
die 160
fi
} }
cron_upgrade_dist() cron_upgrade_dist()

2
repo/common/pkgman/devuan_5.list
View File

@@ -6,4 +6,4 @@ deb http://fr.deb.devuan.org/merged daedalus-updates main contrib non-free non-f
deb-src http://fr.deb.devuan.org/merged daedalus-updates main contrib non-free non-free-firmware deb-src http://fr.deb.devuan.org/merged daedalus-updates main contrib non-free non-free-firmware
deb http://fr.deb.devuan.org/merged daedalus-security main contrib non-free non-free-firmware deb http://fr.deb.devuan.org/merged daedalus-security main contrib non-free non-free-firmware
deb-src http://fr.deb.devuan.org/merged daedalus-securtity main contrib non-free non-free-firmware deb-src http://fr.deb.devuan.org/merged daedalus-security main contrib non-free non-free-firmware

10
repo/common/pkgman/devuan_6.list Normal file
View File

@@ -0,0 +1,10 @@
deb http://fr.deb.devuan.org/merged excalibur main non-free-firmware contrib
deb-src http://fr.deb.devuan.org/merged excalibur main non-free-firmware contrib
deb http://fr.deb.devuan.org/merged excalibur-security main non-free-firmware contrib
deb-src http://fr.deb.devuan.org/merged excalibur-security main non-free-firmware contrib
# excalibur-updates, to get updates before a point release is made;
# see https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_updates_and_backports
deb http://fr.deb.devuan.org/merged excalibur-updates main non-free-firmware contrib
deb-src http://fr.deb.devuan.org/merged excalibur-updates main non-free-firmware contrib