2 set -e -f ${DRY_RUN:+-n} -u ${TRACE:+-x}
9 DESCRIPTION: ce script regroupe des fonctions utilitaires
10 pour gérer la VM des ateliers _depuis_ la VM hébergée ;
11 il sert à la fois d'outil et de documentation.
12 Voir \`$tool/ateliers_host' pour les utilitaires côté machine hôte.
13 SYNTAX: $0 \$RULE \${RULE}_SYNTAX
15 $(sed -ne 's/^rule_\([^ ]*\) () {\( *#.*\|\)/\t\1\2/p' "$0")
17 $(sed -ne 's/^readonly \([^ =]*\).*}\( *#.*\|\)$/\t$\1\2/p' "$tool"/env.sh "$0")
21 rule_filesystem_mount
() {
23 mount
-t proc proc
/proc
25 mount
-t sysfs sys
/sys
28 rule_filesystem_unmount
() {
34 rule_shell_source
() {
37 rule_network_init
() {
38 mk_reg mod
= own
= /etc
/hostname
<<-EOF
41 grep -q " $vm\$" /etc
/hosts ||
42 mk_reg mod
= own
= --append /etc
/hosts
<<-EOF
43 127.0.0.1 $vm.local $vm
45 mk_reg mod
= own
= /etc
/network
/interfaces
<<-EOF
47 iface lo inet loopback
50 iface grenode inet static
52 gateway $vm_ipv4 # NOTE: proxy_arp sur la passerelle permet d'utiliser la même adresse
55 netmask 255.255.255.255
56 mtu 1300 # TODO: voir si c'est nécessaire à Lyon
57 up ip address add $vm_ipv4/32 dev \$IFACE
58 down ip address delete $vm_ipv4/32 dev \$IFACE
62 mk_reg mod
= own
= /etc
/apt
/sources.list
<<-EOF
63 deb http://ftp.fr.debian.org/debian $vm_lsb_name main contrib non-free
65 mk_reg mod
= own
= /etc
/apt
/sources.list.d
/openerp.list
<<-EOF
66 deb http://nightly.openerp.com/trunk/nightly/deb/ ./
68 mk_reg mod
= own
= /etc
/apt
/sources.list.d
/$vm_lsb_name-backports.list
<<-EOF
69 deb http://backports.debian.org/debian-backports $vm_lsb_name-backports main contrib non-free
71 mk_reg mod
= own
= /etc
/apt
/preferences
<<-EOF
73 Pin: release a=$vm_lsb_name
77 Pin: release a=$vm_lsb_name-backports
82 mk_reg mod
= own
= /etc
/fstab
<<-EOF
83 # <file system> <mount point> <type> <options> <dump> <pass>
84 LABEL=boot /boot ext2 defaults,no-auto 0 0
85 proc /proc proc defaults 0 0
86 sysfs /sys sysfs defaults 0 0
87 tmpfs /tmp tmpfs rw,nosuid,nodev,auto,size=200m,nr_inodes=1000k,mode=1777,noatime,nodiratime 0 0
88 /dev/mapper/${vm}_root_deciphered / ext4 defaults,errors=remount-ro,acl,noatime 0 1
89 /dev/mapper/${vm}_var_deciphered /var ext4 defaults,errors=remount-ro,acl,noatime 0 1
90 /dev/mapper/${vm}_home_deciphered /home ext4 defaults,errors=remount-ro,acl,noatime,usrquota,grpquota 0 0
91 /dev/mapper/${vm}_swap_deciphered swap swap sw 0 0
93 mk_reg mod
= own
= /etc
/crypttab
<<-EOF
94 # <target name> <source device> <key file> <options>
95 ${vm}_root_deciphered LABEL=${vm}_root ${vm}_root luks
96 ${vm}_var_deciphered LABEL=${vm}_var ${vm}_root_deciphered luks,keyscript=/lib/cryptsetup/scripts/decrypt_derived
97 ${vm}_swap_deciphered LABEL=${vm}_swap ${vm}_root_deciphered luks,keyscript=/lib/cryptsetup/scripts/decrypt_derived
98 ${vm}_home_deciphered LABEL=${vm}_home ${vm}_root_deciphered luks,keyscript=/lib/cryptsetup/scripts/decrypt_derived
100 mk_reg mod
= own
= /etc
/initramfs-tools
/modules
<<-EOF
108 sed -i /etc
/default
/grub
-e '/^GRUB_CMDLINE_LINUX=/d;r/dev/fd/3' 3<<-EOF
109 GRUB_CMDLINE_LINUX="vt.default_utf8=1 rootfstype=ext4 loglevel=5 console=hvc0 resume=/dev/mapper/${vm}_swap_deciphered"
112 rule_user_admin_add
() { # SYNTAX: <name>
114 ! id
"$admin" || adduser
"$admin"
116 adduser
"$admin" sudo
117 mk_dir mod
=0750 own
="$admin:$admin" "$home"/etc
118 mk_dir mod
=0700 own
="$admin:$admin" "$home"/etc
/ssh
119 mk_reg mod
=0400 own
="$admin:$admin" "$home"/etc
/ssh
/authorized_keys
<"$tool"/key
/"$admin".
ssh.pub
122 mk_reg mod
=0664 own
=root
:root
/etc
/ssh
/sshd_config
<<-EOF
123 ListenAddress $vm_ipv4
128 HostKey /etc/ssh/ssh_host_rsa_key
129 UsePrivilegeSeparation yes
130 KeyRegenerationInterval 3600
137 RSAAuthentication yes
138 PubkeyAuthentication yes
139 AuthorizedKeysFile %h/etc/ssh/authorized_keys
141 RhostsRSAAuthentication no
142 HostbasedAuthentication no
143 IgnoreUserKnownHosts no
144 PermitEmptyPasswords no
145 ChallengeResponseAuthentication no
146 PasswordAuthentication no
147 KerberosAuthentication no
148 GSSAPIAuthentication no
155 ClientAliveInterval 0
157 Subsystem sftp /usr/lib/openssh/sftp-server
160 mk_reg mod
=0440 own
=root
:root
/etc
/sudoers.d
/passwd-init
<<-EOF
161 %sudo ALL=(ALL) NOPASSWD: /bin/sh -e -f -u -c \
162 case \$(/usr/bin/passwd --status "\$SUDO_USER") in \
163 ("\$SUDO_USER L "*) /usr/bin/passwd \$SUDO_USER;; esac
165 mk_reg mod
=0440 own
=root
:root
/etc
/sudoers.d
/etckeeper-unclean
<<-EOF
166 %sudo ALL=(ALL) NOPASSWD: /usr/sbin/etckeeper unclean
168 mk_reg mod
=0555 own
=root
:root
/usr
/local
/sbin
/passwd-init
<<-EOF
170 sudo /bin/sh -e -f -u -c \
171 'case \$(/usr/bin/passwd --status "\$SUDO_USER") in ("\$SUDO_USER L "*) /usr/bin/passwd \$SUDO_USER;; esac'
174 rule_kernel_init
() {
175 sudo apt-get
install --reinstall linux-image-
$vm_arch