#!/bin/bash # Script de configuration est utilisé par VDN. # Ne pas supprimer/modifier getRandomPasswd() { local k while :; do k=$(tr -dc _A-Z-a-z-0-9 < /dev/urandom 2> /dev/null | head -c${1:-32} ) if [ $(echo -n $k | wc -c) = 32 ]; then break fi echo "Wait for entropy avail : $(cat /proc/sys/kernel/random/entropy_avail)" >&2 sleep 1 done echo -n $k } set -x echo "Start rc.local (buster)..." echo "cmdline:$(cat /proc/cmdline)" lastDisk=$(lsblk -i -n -o PATH | grep '/...$' | tail -n 1) lastDiskSize=$(lsblk -n -b -o SIZE $lastDisk) # Disque supplémentaire (avec la clé publique, ...) ? #[ $lastDiskSize -gt 200000 ] && exit 0 # Si oui # Désarchive la configuration en provenance de VDN # le fichier /etc/vdn/rc.vdn n'est modifié que si absent # Consultez les répertoires distribs/guest/... [ ! -d /etc/vdn ] && mkdir /etc/vdn tar -C / -xzf $lastDisk [ -e /etc/vdn/config ] && { set -a . /etc/vdn/config } [ $VDN_DEBUG = 1 ] && set -x || : # set real / mode chmod 755 / chown root:root / /etc chown -R root:root /etc/vdn systemctl restart haveged # extract files (host, all, guest) if [ $MODE = "cow" ]; then for d in /etc/vdn/host /etc/vdn/all /etc/vdn/guest; do if [ -d $d ]; then ( cd $d && tar czf - . ) | ( cd / && tar --no-same-owner --sparse -xpzf - ) fi done fi # swap if [ $SWAP_SIZE != 0 ]; then swapDev=$(lsblk -n -o PATH | grep '/...$' | tail -n 2 | head -n 1) swapoff -a swapon $swapDev fi if [ ! -e /etc/vdn-$MODE-initialized ]; then # regenerate ssh_host_keys rm -f /etc/ssh/ssh_host_* dpkg-reconfigure openssh-server #systemctl restart ssh # Random root and test password echo "Random passwords." k=$(getRandomPasswd) #echo "root passwd : $k" passwdRoot=$k #$(cat /dev/urandom | tr -dc _A-Z-a-z-0-9 | head -c${1:-32};) k=$(getRandomPasswd) #echo "test passwd : $k" passwdTest=$k #$(cat /dev/urandom | tr -dc _A-Z-a-z-0-9 | head -c${1:-32};) cat <<- EOF | chpasswd root:$passwdRoot test:$passwdTest EOF touch /etc/vdn-$MODE-initialized fi # Add user id_rsa.pub to /root/.ssh/authorized_keys [ ! -d /root/.ssh ] && { mkdir /root/.ssh chmod 700 /root/.ssh } [ ! -e /root/.ssh/authorized_keys ] && touch /root/.ssh/authorized_keys k=$(cat /etc/vdn/.ssh/id_rsa.pub) [ -n "$k" ] && { ! fgrep -q "$k" /root/.ssh/authorized_keys && echo "$k" >> /root/.ssh/authorized_keys } # Add user id_rsa.pub to /home/test/.ssh/authorized_keys if [ -d "/home/test" ]; then if [ ! -d /home/test/.ssh ]; then mkdir /home/test/.ssh chown test: /home/test/.ssh chmod 700 /home/test/.ssh fi [ ! -e /home/test/.ssh/authorized_keys ] && touch /home/test/.ssh/authorized_keys chown test: /home/test/.ssh if [ -n "$k" ]; then ! fgrep -q "$k" /home/test/.ssh/authorized_keys && echo "$k" >> /home/test/.ssh/authorized_keys fi fi # init slirp connection lastEth=$(ifconfig -a | grep eth[0-9] | tail -n 1 | cut -d ':' -f 1) echo "lastEth=$lastEth" [ -n "$lastEth" ] && { ifconfig $lastEth down sleep 1 dhclient $lastEth if [ "$EXTRA_ETH_DEFAULT_ROUTE" = 0 ]; then # Set default root to host (slirp) #route add default gw 10.0.2.2 &> /dev/null route del default gw 10.0.2.2 &> /dev/null else echo "Set default route to 10.0.2.2" route add default gw 10.0.2.2 &> /dev/null fi ping -c 1 10.0.2.2 &> /dev/null & #echo "EXTRA_ETH_MASQUERADING:$EXTRA_ETH_MASQUERADING" if [ "$EXTRA_ETH_MASQUERADING" = 1 ]; then #echo "iptables -t nat -A POSTROUTING -o $lastEth -j MASQUERADE" iptables -t nat -A POSTROUTING -o $lastEth -j MASQUERADE fi } ### ON_BOOT if [ ! -z "$ON_BOOT" ]; then echo "ON_BOOT:$ON_BOOT" eval $ON_BOOT fi ### run rc scripts rcScripts=$(ls /etc/vdn/[0-9]* 2> /dev/null) # Add vdn.rc [ -e /etc/vdn/vdn.rc ] && rcScripts="$rcScripts /etc/vdn/vdn.rc" # run rc scripts for i in $rcScripts; do echo "Run script : $i" . $i done systemctl unmask ssh sleep 1 systemctl enable ssh systemctl start ssh