From: Julien Moutinho Date: Thu, 21 Feb 2013 09:50:44 +0000 (+0100) Subject: Polissage. X-Git-Url: http://git.cyclocoop.org/?p=lhc%2Fateliers.git;a=commitdiff_plain;h=7313fbbd10b0321c3e460639137f0e0e9ed9dcad Polissage. --- diff --git a/lib/functions.sh b/lib/functions.sh index 16c62b5..1a24852 100644 --- a/lib/functions.sh +++ b/lib/functions.sh @@ -1,5 +1 @@ #!/bin/sh - -. "$tool"/lib/mk.sh -. "$tool"/lib/log.sh -. "$tool"/lib/rule.sh diff --git a/lib/rule.sh b/lib/rule.sh index b30218d..9990962 100644 --- a/lib/rule.sh +++ b/lib/rule.sh @@ -1,5 +1,7 @@ #!/bin/sh +. "$tool"/lib/log.sh + rule () { local - local rule="$1"; shift diff --git a/lib/ssh b/lib/ssh new file mode 100755 index 0000000..e39d9b1 --- /dev/null +++ b/lib/ssh @@ -0,0 +1,8 @@ +#!/bin/sh +set -e -f ${DRY_RUN:+-n} -u +tool=${0%/*} +ssh \ + -o StrictHostKeyChecking=yes \ + -o UserKnownHostsFile=etc/openssh/known_hosts \ + -o HashKnownHosts=no \ + "$@" diff --git a/vm_host b/vm_host index ba6461d..de458ef 100755 --- a/vm_host +++ b/vm_host @@ -1,8 +1,9 @@ #!/bin/sh set -e -f ${DRY_RUN:+-n} -u tool=${0%/*} -. "$tool"/lib/functions.sh +. "$tool"/lib/rule.sh . "$tool"/etc/vm.sh +. "$tool"/lib/mk.sh rule_help () { # SYNTAX: [--hidden] local hidden; [ ${1:+set} ] || hidden=set @@ -281,9 +282,6 @@ rule_part_root_umount () { ! test -e /dev/mapper/${vm_lvm_lv}_root_deciphered || sudo cryptsetup luksClose ${vm_lvm_lv}_root_deciphered } -rule_part_root_backup_luks () { - sudo cryptsetup luksHeaderBackup $vm_dev_disk_root --header-backup-file ./root.luks - } rule_part_swap_format () { rule _part_encrypted_format swap rule _part_encrypted_mount swap diff --git a/vm_hosted b/vm_hosted index 9121320..847b818 100755 --- a/vm_hosted +++ b/vm_hosted @@ -1,8 +1,9 @@ #!/bin/sh set -e -f ${DRY_RUN:+-n} -u tool=${0%/*} -. "$tool"/lib/functions.sh +. "$tool"/lib/rule.sh . "$tool"/etc/vm.sh +. "$tool"/lib/mk.sh rule_help () { # SYNTAX: [--hidden] local hidden; [ ${1:+set} ] || hidden=set @@ -90,7 +91,6 @@ rule_apticron_configure () { # CUSTOM_NO_UPDATES_SUBJECT="" # CUSTOM_FROM="root@ateliers.heureux-cyclage.org" EOF - sudo service apticron restart } rule_boot_configure () { warn "attention à n'installer GRUB sur AUCUN disque proposé !" @@ -449,10 +449,11 @@ rule_configure () { rule login_configure rule user_root_configure rule boot_configure + rule apticron_configure rule bin_configure } -rule_disk_key_change () { +rule_luks_key_change () { sudo cryptsetup luksChangeKey /dev/$vm_lvm_vg/${vm_lvm_lv}_root } diff --git a/vm_remote b/vm_remote index 7601a01..5877802 100755 --- a/vm_remote +++ b/vm_remote @@ -1,7 +1,7 @@ #!/bin/sh set -e -f ${DRY_RUN:+-n} -u tool=${0%/*} -. "$tool"/lib/functions.sh +. "$tool"/lib/rule.sh . "$tool"/etc/vm.sh rule_help () { # SYNTAX: [--hidden] @@ -23,7 +23,7 @@ rule_help () { # SYNTAX: [--hidden] EOF } -rule_git_config () { # DESCRIPTION: configure le .git local pour bien pousser +rule_git_configure () { # DESCRIPTION: configure ./.git correctement ( cd "$tool" git remote rm host || true @@ -35,16 +35,19 @@ rule_git_config () { # DESCRIPTION: configure le .git local pour bien pousser ) } rule_git_push () { # SYNTAX: {host|hosted} $git_push_options + ( + cd "$tool" local remote=${1#remote=}; shift - GIT_SSH=./vm_ssh git push -v "$remote" "$@" + GIT_SSH=./lib/ssh git push -v "$remote" "$@" info "penser à faire : vm_hosted git_reset" + ) } rule_ssh () { - "$tool"/vm_ssh $vm_fqdn "$@" + "$tool"/lib/ssh $vm_fqdn "$@" } rule_mosh () { - mosh --ssh="$tool/vm_ssh $*" $vm_fqdn + mosh --ssh="$tool/lib/ssh $*" $vm_fqdn } rule__ssh_known_hosts_update () { rule ssh \ @@ -53,14 +56,14 @@ rule__ssh_known_hosts_update () { -o HashKnownHosts=no \ whoami } -rule_key_disk_send () { +rule_luks_key_send () { # NOTE: envoie la clef de déchiffrement des partitions au démarrage de la VM. gpg --decrypt var/sec/luks/$vm_fqdn.key.gpg | - "$tool"/vm_ssh root@$vm_fqdn "$@" \ + "$tool"/lib/ssh root@$vm_fqdn "$@" \ -o CheckHostIP=no \ -o HostKeyAlias=init.$vm_fqdn \ tee /lib/cryptsetup/passfifo \>/dev/null } -rule_key_disk_backup () { +rule_luks_key_backup () { # NOTE: sauvegarde localement les entêtes des partitions chiffrées. ENVIRONMENT: $gpg_recipient for part in root var home do mkdir -p var/sec/luks @@ -74,7 +77,7 @@ rule_key_disk_backup () { cat "$tmp"; shred >/dev/null --remove "$tmp"; \ ' | - gpg --encrypt --recipient $USER@ \ + gpg --encrypt --recipient "${gpg_recipient:-$USER@}" \ -o var/sec/luks/${vm_lvm_lv}_${part}.luks.gpg done } diff --git a/vm_ssh b/vm_ssh deleted file mode 100755 index e39d9b1..0000000 --- a/vm_ssh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e -f ${DRY_RUN:+-n} -u -tool=${0%/*} -ssh \ - -o StrictHostKeyChecking=yes \ - -o UserKnownHostsFile=etc/openssh/known_hosts \ - -o HashKnownHosts=no \ - "$@"