antoine.perederii
/
IUT
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '3d87072159'
${ noResults }
IUT/vdn/distribs/guests/direct/debian/buster/prepare.sh

559 lines
15 KiB
Raw Blame History Escape

This file contains invisible Unicode characters!

This file contains invisible Unicode characters that may be processed differently from what appears below. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to reveal hidden characters.

#!/usr/bin/env bash
dir=$(readlink -f $(dirname $0));
dist=$(echo $dir | sed -re 's,/.*/([^/]+/[^/]+)$,\1,')
GUEST_RELEASE=$dist
[ -z "$http_proxy" ] && http_proxy=""
[ -z "$https_proxy" ] && https_proxy=""
set -eu
#http_proxy=http://193.49.118.36:8080
#https_proxy=http://193.49.118.36:8080
installAll() {
vdn-ssh -t root@$GUEST_NAME "
export http_proxy=$http_proxy
apt-get update -y; apt-get dist-upgrade -y; apt-get install rsync git mingetty
"
preInstallForTgz
installModulesReseaux
installDocker
installLamp
#installNagios3
#installBackportKernel # NE FONCTIONNE PAS, pas utile.
#installVdn
installForTgz
}
##
### Modules réseaux-1 et réseaux-2 ###
###
installModulesReseaux() {
# Bad to stretch from squeeze
# php5 php5-mysql smbfs cifs-utils console-tools dhcp3-client samba-doc dhcp3-server sux fuse-utils gproftpd xsmbrowser netkit-ping heartbeat-gui hapm
# Aucune version du paquet smbfs n'est disponible, mais il existe dans la base
#de données. Cela signifie en général que le paquet est manquant, qu'il est devenu obsolète
#ou qu'il n'est disponible que sur une autre source
#Cependant les paquets suivants le remplacent :
# cifs-utils
#Aucune version du paquet samba-doc n'est disponible, mais il existe dans la base
#de données. Cela signifie en général que le paquet est manquant, qu'il est devenu obsolète
#ou qu'il n'est disponible que sur une autre source
#Cependant les paquets suivants le remplacent :
# winbind smbclient samba-testsuite samba-common-bin samba-common samba
# registry-tools libsmbclient libpam-winbind
DEBS="less ssh mingetty rsync net-tools haveged rng-tools dnsutils zerofree"
#DEBS="$DEBS dhcp3-client dhcp3-server sux fuse-utils gproftpd xsmbrowser netkit-ping heartbeat-gui hapm"
#DEBS="$DEBS python-gtk-vnc"
#console-tools console-data console-common
DEBS="$DEBS vim slirp nfs-common nfs-kernel-server"
DEBS="$DEBS sshfs psmisc bsdutils strace busybox-static"
DEBS="$DEBS tcpdump wireshark-gtk nmap"
DEBS="$DEBS manpages"
DEBS="$DEBS curlftpfs ftp curl dillo"
DEBS="$DEBS libapache2-mod-php apache2-doc"
DEBS="$DEBS xbase-clients"
DEBS="$DEBS lynx psmisc file strace lsof telnet links links2"
DEBS="$DEBS iputils-ping"
DEBS="$DEBS rsync dialog"
DEBS="$DEBS firefox-esr"
DEBS="$DEBS nautilus"
DEBS="$DEBS user-mode-linux"
DEBS="$DEBS openvpn"
DEBS="$DEBS quagga proftpd isc-dhcp-server"
DEBS="$DEBS busybox-static rpcbind debootstrap"
DEBS="$DEBS user-mode-linux"
DEBS="$DEBS vim-gtk gedit"
DEBS="$DEBS gpm vde2"
DEBS="$DEBS spice-vdagent"
DEBS="$DEBS gcc make autoconf uidmap pkg-config glib-2.0-dev \
glib-2.0 libglib2.0-dev dpkg-dev \
libcap-dev libcap2 libseccomp2 libseccomp-dev"
# TP Pascal :
DEBS="$DEBS john hashcat sqlmap php default-mysql-server webcheck"
echo "apt-get..."
vdn-ssh -t root@$GUEST_NAME "
export http_proxy=$http_proxy
echo ==========
apt-get install -y $DEBS
"
# cas de lighttpd
vdn-ssh -t root@$GUEST_NAME "
export http_proxy=$http_proxy
apt-get install -y lighttpd
systemctl disable lighttpd
"
# disable services
local l="ModemManager NetworkManager NetworkManager-dispatcher NetworkManager-wait-online anacron apparmor autovt@ bgpd dbus-fi.w1.wpa_supplicant1 dbus-org.freedesktop.Avahi dbus-org.freedesktop.ModemManager1 dbus-org.freedesktop.nm-dispatcher dbus-org.freedesktop.timesync1 getty@ hddtemp isisd lighttpd lm-sensors network-manager nfs-kernel-server nmbd openbsd-inetd openvpn ospf6d ospfd pimd portmap pppd-dns ripd ripngd rpcbind rsync smbd speech-dispatcher syslog systemd-timesyncd udisks2 wpa_supplicant zebra nfs-blkmap uml-utilities apache2 proftpd isc-dhcp-server nfs-server"
vdn-ssh -t root@$GUEST_NAME "for i in $l; do echo \"Disable \$i\"; systemctl disable \$i; done"
# services (enable) :
#l="avahi-daemon console-setup cron inetd keyboard-setup networking rsyslog ssh sshd uml-utilities"
#l="$l apache2 haveged isc-dhcp-server nfs-server proftpd"
}
installBackportKernel() {
local kvers=$(vdn-ssh root@$GUEST_NAME uname -r)
if ! vdn-ssh root@$GUEST_NAME "grep -q backport /etc/apt/sources.list"; then
vdn-ssh root@$GUEST_NAME 'echo "deb http://ftp.debian.org/debian buster-backports main" >> /etc/apt/sources.list'
fi
vdn-ssh -t root@$GUEST_NAME "apt-get update; apt-get -y install linux-image-5.3.0-0.bpo.2-amd64"
vdn-ssh -t root@$GUEST_NAME 'grep -v buster-backports /etc/apt/sources.list > /tmp/o; mv /tmp/o /etc/apt/sources.list'
vdn-ssh -t root@$GUEST_NAME "apt-get update; apt-get -y install --reinstall linux-image-amd64; update-initramfs -u -k $kvers"
}
installDocker() {
set +u
[ -z "$http_proxy" ] && http_proxy="" || :
[ -z "$https_proxy" ] && https_proxy="" || :
set -u
# désactive le service docker, Voir les scripts de post-configuration
# n'ajoute aucun utilisateur au groupe docker par défaut. Voir les scripts de post-configuration
vdn-ssh -t root@$GUEST_NAME "
export http_proxy=$http_proxy
export https_proxy=$https_proxy
apt-get update
apt-get -y install apt-transport-https ca-certificates curl gnupg2 software-properties-common
curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
apt-key fingerprint 0EBFCD88
add-apt-repository \"deb [arch=amd64] https://download.docker.com/linux/debian \$(lsb_release -cs) stable\"
apt-get update
apt-get -y install docker-ce docker-ce-cli containerd.io docker-compose
curl -L https://raw.githubusercontent.com/docker/compose/1.24.1/contrib/completion/bash/docker-compose -o /etc/bash_completion.d/docker-compose
systemctl mask containerd docker
"
}
installLamp() {
vdn-ssh root@$GUEST_NAME "
export http_proxy=$http_proxy
apt-get -y install apache2 php mariadb-server libapache2-mod-php php-gd php-mysql
systemctl disable mariadb mysql
"
}
preInstallForTgz() {
echo "Set /etc/modprobe.d/blacklist-floppy.conf..."
vdn-ssh root@$GUEST_NAME "f=/etc/modprobe.d/blacklist-floppy.conf; ! grep -q floppy \$f && echo \"blacklist floppy\" >> \$f || :"
echo "Set /etc/initramfs-tools/modules..."
vdn-ssh root@$GUEST_NAME "f=/etc/initramfs-tools/modules; ! grep -q ne2k_pci \$f && echo ne2k_pci >> \$f || :"
vdn-ssh root@$GUEST_NAME "f=/etc/initramfs-tools/modules; ! grep -q 8390 \$f && echo 8390 >> \$f || :"
vdn-ssh root@$GUEST_NAME "f=/etc/initramfs-tools/modules; ! grep -q virtio_net \$f && echo virtio_net >> \$f || :"
vdn-ssh root@$GUEST_NAME "f=/etc/initramfs-tools/modules; ! grep -q overlay \$f && echo overlay >> \$f || :"
vdn-ssh root@$GUEST_NAME "f=/etc/initramfs-tools/modules; ! grep -q aufs \$f && echo aufs >> \$f || :"
echo "Create /etc/initramfs-tools/scripts/local-bottom/overlay.sh ..."
cat << EOF | vdn-ssh root@$GUEST_NAME "cat > /etc/initramfs-tools/scripts/local-bottom/overlay.sh"
#!/bin/sh
listDisks() {
if [ "\$EMULATOR" = linux ]; then
ls /dev/ubd[[:lower:]] # | grep -E 'udb[[:lower:]]r?'
else
ls /dev/?d[[:lower:]]
fi
}
PREREQ=""
prereqs()
{
echo "\$PREREQ"
}
case \$1 in
prereqs)
prereqs
exit 0
;;
esac
! grep -E -q 'vdn-mode=(tgz|overlay)' /proc/cmdline && {
echo "*** local-bottom/overlay.sh : exit (no mode tgz or overlay)" >&2
exit 0
}
echo
echo "*** local-bottom/overlay.sh ***"
echo "Extract configuration..."
listDisks
confDisk=\$(listDisks | tail -n 1)
echo confDisk=\$confDisk
mkdir /vdn
tar -C / -xvzf \$confDisk
if [ \$? -ne 0 ]; then
echo "Erreur lors de l'extraction de la configuration" >&2
echo "Lancement d'un shell pour inspection..." >&2
export PS1="initramfs:\w# "
/bin/sh -i
fi
if [ -e /etc/vdn/mount-root ]; then
sh /etc/vdn/mount-root
else
echo "/etc/vdn/mount-root introuvable !" >&2
echo "ARRÊT du système !">&2
while :; do sleep 1000; done
fi
EOF
vdn-ssh root@$GUEST_NAME chmod 755 /etc/initramfs-tools/scripts/local-bottom/overlay.sh
}
installForTgz() {
echo "Install for tgz..."
local kvers
kvers=$(vdn-ssh root@$GUEST_NAME ls /lib/modules | sort -Vr | head -n1)
[ -z "$kvers" ] && {
echo "Warning : /lib/modules is empty !" >&2
kvers=$(vdn-ssh root@$GUEST_NAME uname -r)
echo "Use current kernel : $kvers"
}
rsync -e vdn-ssh root@$GUEST_NAME:/boot/vmlinuz-$kvers $VDN_PATH/files
# initramfs (created it if necessary)
vdn-ssh root@$GUEST_NAME "
rm -f /boot/initrd.img-$kvers.keep
if [ -e /boot/initrd.img-$kvers ]; then
cp /boot/initrd.img-$kvers /boot/initrd.img-$kvers.keep
fi
echo \"update-initramfs ...\" >&2
update-initramfs -u -k $kvers
#cat /etc/initramfs-tools/scripts/local-bottom/overlay.sh
rm /etc/initramfs-tools/scripts/local-bottom/overlay.sh
cp /boot/initrd.img-$kvers /boot/initrd-tgz.img-$kvers
if [ -e /boot/initrd.img-$kvers.keep ]; then
mv /boot/initrd.img-$kvers.keep /boot/initrd.img-$kvers
fi
"
rsync -e vdn-ssh root@$GUEST_NAME:/boot/initrd-tgz.img-$kvers $VDN_PATH/files
}
installNagios1() {
# from https://www.itzgeek.com/how-tos/linux/debian/how-to-install-nagios-on-debian-9-stretch.html
vdn-ssh root@$GUEST_NAME "
export http_proxy=$http_proxy
apt update
apt install -y build-essential apache2 php openssl perl make php-gd libgd2-xpm-dev libapache2-mod-php libperl-dev libssl-dev daemon wget apache2-utils unzip
useradd nagios
groupadd nagcmd
usermod -a -G nagcmd nagios
usermod -a -G nagcmd www-data
cd /tmp/
wget https://assets.nagios.com/downloads/nagioscore/releases/nagios-4.4.5.tar.gz
tar -zxvf nagios-4.4.5.tar.gz
cd /tmp/nagios-4.4.5/
./configure --with-nagios-group=nagios --with-command-group=nagcmd --with-httpd_conf=/etc/apache2/sites-enabled/
make all
make install
make install-init
make install-config
make install-commandmode
make install-webconf
"
}
installNagios2() {
### sudo nano /usr/local/nagios/etc/objects/contacts.cfg
vdn-ssh root@$GUEST_NAME "
export http_proxy=$http_proxy
#sed -i -re 's/^.*email.*$/email root@localhost ;/' /usr/local/nagios/etc/objects/contacts.cfg
htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin
a2enmod cgi
systemctl restart apache2
cd /tmp
wget https://nagios-plugins.org/download/nagios-plugins-2.2.1.tar.gz
tar -zxvf /tmp/nagios-plugins-2.2.1.tar.gz
cd /tmp/nagios-plugins-2.2.1/
./configure --with-nagios-user=nagios --with-nagios-group=nagios
make
make install
/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg
"
}
installNagios3() {
vdn-ssh root@$GUEST_NAME "
export http_proxy=$http_proxy
apt install -y nagios-nrpe-server nagios-plugins
apt -y install nagios-nrpe-plugin
"
}
installVdn() {
vdn-ssh root@$GUEST_NAME "
export http_proxy=$http_proxy
cd /tmp
rm -Rf vdn
git clone http://opale.u-clermont1.fr/vdn/git/vdn.git
echo "vdn/bin/vdn-prepare $GUEST_RELEASE"
vdn/bin/vdn-prepare $GUEST_RELEASE
"
}
# début des fonctions
synopsis() {
cat << EOF
Usage : `basename $0` [-i identity] system
EOF
}
help() {
cat << EOF
`basename $0` prepare un système virtuel pour fonctionner en mode DIRECT.
`synopsis`
Une identification par clé pour ssh est mise en place (cf. -i identity)
pour éviter les identification par mot de passe lors des connexions ssh
de l'hôte vers l'invité nécessaires à l'opération.
Les mots de passes sont fixés de façon aléatoire
-h : affiche cette aide
-i identity : chemin de la clé publique à utiliser.
EOF
}
usage() {
synopsis
exit 2
}
args() {
local opt
while getopts "hi:" opt; do
case $opt in
h) help; exit 0;;
i) IDENTITY="$OPTARG";;
?) usage;;
esac
done
shift $(($OPTIND - 1))
[ $# -ne 1 ] && usage
GUEST_NAME="$1"
if echo $GUEST_NAME | grep -q '/'; then
error "$GUEST_NAME est un nom de système invalide"
fi
}
# Programme principal
VDN_PATH=$(readlink -f $(dirname $0)/../../../../..); . $VDN_PATH/bin/functions.sh
args "$@"
PROG_DIR=$(readlink -f $(dirname $0))
if ! $VDN_PATH/bin/vdn-alive $GUEST_NAME; then
error "Le système $GUEST_NAME n'est pas démarré"
fi
loadGuestVars $GUEST_NAME
foundIdentity=0
for i in $SSH_IDENTITY; do
if [ -e $i ]; then
IDENTITY=$i
foundIdentity=1
fi
done
[ $foundIdentity = 0 ] && error "Aucune clé SSH !"
if vdn-ssh -n -o PasswordAuthentication=no root@$GUEST_NAME exit 0 ; then
vdn-ssh-copy-id -i $IDENTITY root@$GUEST_NAME
fi
#echo "apt-get..."
#vdn-ssh root@$GUEST_NAME apt-get install rsync net-tools
#echo "Set /etc/initramfs-tools/modules..."
#vdn-ssh root@$GUEST_NAME "f=/etc/initramfs-tools/modules; ! grep -q ne2k_pci \$f && echo ne2k_pci >> \$f || :"
#vdn-ssh root@$GUEST_NAME "f=/etc/initramfs-tools/modules; ! grep -q 8390 \$f && echo 8390 >> \$f || :"
#vdn-ssh root@$GUEST_NAME "f=/etc/initramfs-tools/modules; ! grep -q virtio_net \$f && echo virtio_net >> \$f || :"
#echo "Set /etc/modprobe.d/blacklist-floppy.conf..."
#vdn-ssh root@$GUEST_NAME "f=/etc/modprobe.d/blacklist-floppy.conf; ! grep -q floppy \$f && echo \"blacklist floppy\" >> \$f || :"
vdn-ssh -t root@$GUEST_NAME chmod 755 /
echo "Add test user to kvm group (for nested)"
vdn-ssh root@$GUEST_NAME "addgroup test kvm"
echo "Add test user to kvm group (for nested)"
vdn-ssh root@$GUEST_NAME "addgroup test docker || :"
#echo "Add test user to sudo group"
#vdn-ssh root@$GUEST_NAME "addgroup test sudo"
echo "Set vim syntax=on"
vdn-ssh root@$GUEST_NAME "cat /etc/vim/vimrc | sed -re 's/^.*syntax on.*$/syntax on/' > /etc/vim/vimrc.new"
vdn-ssh root@$GUEST_NAME "mv /etc/vim/vimrc.new /etc/vim/vimrc"
vdn-ssh root@$GUEST_NAME "cp /etc/vim/vimrc ~/.vimrc"
vdn-ssh root@$GUEST_NAME "cp /etc/vim/vimrc /home/test/.vimrc; chown test: /home/test/.vimrc"
echo "Allow root autologin on ttyS0"
vdn-ssh root@$GUEST_NAME "sed -i -re 's,^ExecStart=.*$,ExecStart=-/sbin/mingetty --noclear --autologin root %I,' /lib/systemd/system/serial-getty@.service"
# kernel params (in grub )
echo "Allow net.ifnames=0 in GRUB "
vdn-ssh root@$GUEST_NAME "sed -i -re 's,^GRUB_CMDLINE_LINUX_DEFAULT=.*$,GRUB_CMDLINE_LINUX_DEFAULT=\"net.ifnames=0 console=ttyS0\,115200n8\",' /etc/default/grub"
echo " 1s timout for menu"
vdn-ssh root@$GUEST_NAME "sed -i -re 's,^GRUB_TIMEOUT=.*$,GRUB_TIMEOUT=1,' /etc/default/grub"
vdn-ssh root@$GUEST_NAME "update-grub"
##########################
export http_proxy=\"$http_proxy\"
export https_proxy=\"$https_proxy\"
echo "http_proxy:$http_proxy"
echo "https_proxy:$https_proxy"
#echo "For debug : exit to guit"
#vdn-ssh root@$GUEST_NAME
installAll
vdn-ssh root@$GUEST_NAME "systemctl mask nagios"
##########################
echo "Set rc.local..."
if [ -e $PROG_DIR/rc.local ]; then
vdn-scp -p $PROG_DIR/rc.local root@$GUEST_NAME:/etc
vdn-ssh root@$GUEST_NAME chmod 755 /etc/rc.local
fi
## Install lxdm
#echo "Install lxdm..."
#
#vdn-ssh -t root@$GUEST_NAME "
#apt-get -y install lxdm
#apt-get -y remove openbox
#"
#echo "Default xsession : xfce4 "
#vdn-ssh root@$GUEST_NAME "sed -i -re 's,^# session=.*$,session=/usr/bin/startxfce4,' /etc/lxdm/lxdm.conf"
#echo "For debug : exit to guit"
#vdn-ssh root@$GUEST_NAME
# Clear
echo "Clear /var/log, history, ..."
vdn-ssh -t root@$GUEST_NAME '
export http_proxy=$http_proxy
rm -Rf /etc/vdn
#for i in $(find /var/log -type f); do cat /dev/null > $i; done
find /var/log -name "*.gz" -delete
echo "Clear .bash_history"
rm -f /root/.bash_history
touch /root/.bash_history
chmod 600 /root/.bash_history
rm -f /home/test/.bash_history
touch /home/test/.bash_history
chmod 600 /home/test/.bash_history
echo "Clear .cache .mozilla"
for d in /root /home/test; do
rm -Rf $d/.cache
rm -Rf $d/.mozilla
done
echo "Clear authorized_keys"
for d in /root /home/test; do
rm -f $d/.ssh/authorized_keys
rm -f $d/.ssh/authorized_keys
done
echo "Clear apt-cache..."
apt autoremove -y
sleep 1
apt-get clean
echo end of cleaning !
'
Reference in new issue View Git Blame Copy Permalink