rhizogenes/configs
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
configs/postinstall.sh
onalyrg 1c55a9baed
Merge branch 'infra_first_commit'
2025-05-09 23:25:40 +02:00

213 lines
7.8 KiB
Bash
Executable file
Raw Permalink Blame History

#!/bin/bash
ZONE="rhizogen.es.eu.org"
#ZONE="rzgn.es.eu.org"
SUBZONE=${ZONE}
#ADMINUSER="onalyrg"
ADMINUSER="ansible"
#FRONTEND="auto-ansible.rhizogen.es.eu.org"
FRONTEND="ansible.rhizogen.es.eu.org"
#FRONTEND="localhost"
REPO_DIR=/mnt/ac/projects/doc_tutos/vps_gandi/configs
REMOTE_REPO_DIR=git/configs
#PASS_REPO=${HOME}/git/pass-ansible
VM_NAME=''
VM_FQDN=''
usage() {
printf '%s\n' "USAGE: $0 [ -f frontend ] [ -u <default_user> ] [ -c pw|key ] [ -e su|sudo ] [ -p <default_password> ] [ -P <default_root_password> ] [ -s <target_admin_password> ] [ -S <target_root_password> ] [ -t <ssh_port> ] [ -T <target_ssh_port> ] <vm_name>"
printf "%s\n"
printf '%s\n' "frontend is either localhost or auto-ansible"
printf '%s\n' "If absent, it's assumed to be localhost"
printf '%s\n'
printf '%s\n' "EXAMPLE 1: $0 -f localhost -u debian -c key -e sudo -t 22 -T 22222 vm_name"
printf '%s\n' "EXAMPLE 2: $0 -f auto-ansible -u root -c pw -p 'PW_1' -t 22 vm_name"
printf '%s\n' "EXAMPLE 3: $0 -f auto-ansible -u root -c key -t 22 vm_name"
printf '%s\n' "EXAMPLE 4: $0 -f auto-ansible -u debian -c pw -e su -p 'PW_1' -P 'PW_2' -t 22 vm_name"
printf '%s\n' "EXAMPLE 5: $0 -f auto-ansible -u debian -c pw -e sudo -p 'PW_1' -t 22 vm_name"
printf '%s\n' "EXAMPLE 6: $0 -f auto-ansible -u debian -c key -e su -P 'PW_2' -t 22 vm_name"
printf '%s\n' "EXAMPLE 7: $0 -f auto-ansible -u debian -c key -e sudo -t 22 vm_name"
printf '%s\n' "EXAMPLE 8: $0 -f localhost -u sysadmin -c key -e sudo -t 22222 vm_name"
# printf '%s\n' "EXAMPLE 9: $0 -f localhost -u sysadmin -t 22222 vm_name"
}
DEFAULTPWOPT=""
P_DEFAULTPWOPT=""
DEFAULT_ROOTPWOPT=""
P_DEFAULTROOTPWOPT=""
ARGLIST=""
P_ARGLIST=""
if [ $# -ge 1 ]; then
while getopts 'f:u:c:e:p:P:s:S:t:T:h' opt; do
case $opt in
f) FRONTEND=$OPTARG ;;
u) DEFAULT_USER=$OPTARG
ARGLIST="$ARGLIST -u $DEFAULT_USER"
P_ARGLIST="$P_ARGLIST -u $DEFAULT_USER"
;;
c) CX_METHOD=$OPTARG
ARGLIST="$ARGLIST -c $CX_METHOD"
P_ARGLIST="$P_ARGLIST -c $CX_METHOD"
;; # connexion method can be pw or key. If not given the script will try to guess
e) SU_METHOD=$OPTARG
ARGLIST="$ARGLIST -e $SU_METHOD"
P_ARGLIST="$P_ARGLIST -e $SU_METHOD"
;; # authorization method can be su or sudo. If not given the script will try to guess with additional steps which may require interaction
p) DEFAULT_PW=$OPTARG
DEFAULTPWOPT="-p ${DEFAULT_PW}"
P_DEFAULTPWOPT="-p \${DEFAULT_PW}"
;; #for now we'll assume the VM doesn't need a pw by default (key auth)
P) DEFAULT_ROOTPW=$OPTARG
DEFAULT_ROOTPWOPT="-P ${DEFAULT_ROOTPW}"
P_DEFAULTROOTPWOPT="-P \${DEFAULT_ROOTPW}"
;; #for now we'll assume the VM doesn't need a pw by default (key auth)
s) VM_ADMINPW=$OPTARG
VM_ADMINPWOPT="-s ${VM_ADMINPW}"
P_VMADMINPWOPT="-s \${VM_ADMINPW}"
;;
S) VM_ROOTPW=$OPTARG
VM_ROOTPWOPT="-S ${VM_ROOTPW}"
P_VMROOTPWOPT="-S \${VM_ROOTPW}"
;;
t) PORT=$OPTARG
ARGLIST="$ARGLIST -t $PORT"
P_ARGLIST="$P_ARGLIST -t $PORT"
;;
T) TPORT=$OPTARG
ARGLIST="$ARGLIST -T $TPORT"
P_ARGLIST="$P_ARGLIST -T $TPORT"
;;
h) usage && exit 0;;
esac
done
fi;
shift $(($OPTIND-1))
ARGLIST="$ARGLIST $@"
if [ $# -eq 1 ]; then
VM_ARG="$1"
else
usage && exit 1;
fi;
# Here we turn the name given on the command line into a short name
# and a FQDN
printf '%s\n' "$VM_ARG" | grep "$ZONE" >/dev/null
if [ $? -eq 1 ]; then
VM_NAME=${VM_ARG}
VM_FQDN=${VM_ARG}.${SUBZONE}
else
printf '%s\n' "$VM_ARG" | grep "$SUBZONE" >/dev/null
if [ $? -eq 1 ]; then
VM_NAME=''
else
VM_NAME=${VM_ARG%.${SUBZONE}}
fi
VM_FQDN=${VM_ARG}
fi
# Here we refresh the server-side SSH keys
if [ "$TPORT" != "" ]; then
printf '%s\n' "* ${REPO_DIR}/lib/refreshkeys.sh -p $TPORT $VM_FQDN"
${REPO_DIR}/lib/refreshkeys.sh -p $TPORT $VM_FQDN
fi
printf '%s\n' "* ${REPO_DIR}/lib/refreshkeys.sh -p $PORT $VM_FQDN"
${REPO_DIR}/lib/refreshkeys.sh -p $PORT $VM_FQDN
# Here we set some unset variables
if [ "$DEFAULT_USER" = "" ]; then
printf '%s\n' "DEFAULT_USER not set, we'll assume it's $ADMINUSER"
DEFAULT_USER=$ADMINUSER
fi
if [ "$DEFAULT_USER" = "root" ] && [ "$DEFAULT_ROOTPW" != "" ]; then
DEFAULT_PW=$DEFAULT_ROOTPW
fi
# Here we determine if we use the pass repository, in which case we
# can fetch the SSH and SU/SUDO passwords from there instead of
# prompting for them
nopass=1
nopassrepo=1
BIN_PASS=$(command -v pass >/dev/null)
nopass=$?
if [ "x$PASS_REPO" != "x" ] && [ -d $PASS_REPO ]; then
nopassrepo=$?
fi
# if pass is present and pass repo is present
# if CX_METHOD is pw and DEFAULT_PW not given
# try to get the password from pass
# if SU_METHOD is su and DEFAULT_ROOTPW not given
# try to get the password from pass
if [ "$nopass" -eq 0 ] && [ "$nopassrepo" -eq 0 ]; then
PASSWORD_STORE_DIR=${PASS_REPO} pass git pull
if [ "$CX_METHOD" = "pw" ] && [ "x$DEFAULT_PW" = "x" ]; then
if [ -e ${PASS_REPO}/virtual/linux/${VM_NAME}/${DEFAULT_USER}.gpg ]; then
DEFAULT_PW=$(PASSWORD_STORE_DIR=${PASS_REPO} pass virtual/linux/${VM_NAME}/${DEFAULT_USER})
elif [ -e ${PASS_REPO}/virtual/linux/default/${DEFAULT_USER}.gpg ]; then
printf '%s\n' "${PASS_REPO}/virtual/linux/${VM_NAME}/${DEFAULT_USER}.gpg not found. Using default ${DEFAULT_USER} password." 1>&2
DEFAULT_PW=$(PASSWORD_STORE_DIR=${PASS_REPO} pass virtual/linux/default/${DEFAULT_USER})
else
printf '%s\n' "${PASS_REPO}/virtual/linux/\{${VM_NAME},default\}/${DEFAULT_USER}.gpg not found. You'll be prompted for the ${DEFAULT_USER} password." 1>&2
fi
fi
if [ "$SU_METHOD" = "su" ] && [ "x$DEFAULT_ROOTPW" = "x" ]; then
if [ -e ${PASS_REPO}/virtual/linux/${VM_NAME}/root.gpg ]; then
DEFAULT_ROOTPW=$(PASSWORD_STORE_DIR=${PASS_REPO} pass virtual/linux/${VM_NAME}/root)
elif [ -e ${PASS_REPO}/virtual/linux/default/root.gpg ]; then
printf '%s\n' "${PASS_REPO}/virtual/linux/${VM_NAME}/root.gpg not found. Using default root password." 1>&2
DEFAULT_ROOTPW=$(PASSWORD_STORE_DIR=${PASS_REPO} pass virtual/linux/default/root)
else
printf '%s\n' "${PASS_REPO}/virtual/linux/\{${VM_NAME},default\}/root.gpg not found. You'll be prompted for the root password." 1>&2
fi
fi
fi
if [ "$DEFAULT_PW" != "" ]; then
DEFAULTPWOPT="-p ${DEFAULT_PW}"
P_DEFAULTPWOPT="-p \${DEFAULT_PW}"
fi
if [ "$DEFAULT_ROOTPW" != "" ]; then
DEFAULT_ROOTPWOPT="-P ${DEFAULT_ROOTPW}"
P_DEFAULTROOTPWOPT="-P \${DEFAULT_ROOTPW}"
fi
ARGLIST="$ARGLIST ${DEFAULTPWOPT}"
P_ARGLIST="$P_ARGLIST ${P_DEFAULTPWOPT}"
ARGLIST="$ARGLIST ${DEFAULT_ROOTPWOPT}"
P_ARGLIST="$P_ARGLIST ${P_DEFAULTROOTPWOPT}"
ARGLIST="$ARGLIST ${VM_ADMINPWOPT}"
P_ARGLIST="$P_ARGLIST ${P_VMADMINPWOPT}"
ARGLIST="$ARGLIST ${VM_ROOTPWOPT}"
P_ARGLIST="$P_ARGLIST ${P_VMROOTPWOPT}"
# If the FRONTEND is localhost, we run libpostinstall.sh directly
# if an other FRONTEND is specified, we run libpostinstall.sh from there.
if [ "$FRONTEND" = "localhost" ] || [ "x$FRONTEND" = "x" ]; then
printf '%s\n' "./lib/libpostinstall.sh $ARGLIST"
./lib/libpostinstall.sh $ARGLIST
else
printf '%s\n' "$FRONTEND" | grep "$ZONE" >/dev/null
if [ $? -eq 1 ]; then
FRONT_NAME=${FRONTEND}
FRONT_FQDN=${FRONTEND}.${SUBZONE}
else
printf '%s\n' "$FRONTEND" | grep "$SUBZONE" >/dev/null
if [ $? -eq 1 ]; then
FRONT_NAME=''
else
FRONT_NAME=${FRONTEND%.${SUBZONE}}
fi
FRONT_FQDN=${FRONTEND}
fi
printf '%s %s %s\n' "ssh -t -A ${ADMINUSER}@${FRONT_FQDN}" '. /etc/profile ; ${CONFIGS_DIR}/lib/libpostinstall.sh' "$ARGLIST"
ssh -t -A ${ADMINUSER}@${FRONT_FQDN} '. /etc/profile ; ${CONFIGS_DIR}/lib/libpostinstall.sh' "$ARGLIST"
fi
printf "%s\n" "==== $0 done."
Reference in a new issue View git blame Copy permalink