2 set -e -f ${DRY_RUN:+-n} -u
9 DESCRIPTION: ce script regroupe des fonctions utilitaires
10 pour gérer la VM des ateliers _depuis_ la VM hébergée ;
11 il sert à la fois d'outil et de documentation.
12 Voir \`$tool/ateliers_host' pour les utilitaires côté machine hôte.
13 SYNTAX: $0 \$RULE \${RULE}_SYNTAX
15 $(sed -ne 's/^rule_\([^_][^ ]*\) () {\( *#.*\|\)/\t\1\2/p' "$0")
17 TRACE # affiche les commandes avant leur exécution
18 $(sed -ne 's/^readonly \([^ ][^ =]*\).*}\( *#.*\|\)$/\t$\1\2/p' "$tool"/env.sh "$0")
22 rule_filesystem_init
() {
23 mk_reg mod
= own
= --append /etc
/sysctl.conf
<<-EOF
24 vm.swappiness = 10 # NOTE: n'utilise le swap qu'en cas d'absolue nécessité
25 vm.vfs_cache_pressure=50
28 rule_filesystem_unmount
() {
30 rule_shell_source
() {
33 rule_network_init
() {
34 mk_reg mod
= own
= /etc
/hostname
<<-EOF
37 grep -q " $vm\$" /etc
/hosts ||
38 mk_reg mod
= own
= --append /etc
/hosts
<<-EOF
39 127.0.0.1 $vm.local $vm
41 mk_reg mod
= own
= /etc
/network
/interfaces
<<-EOF
43 iface lo inet loopback
46 iface grenode inet static
48 gateway $vm_ipv4 # NOTE: proxy_arp sur la passerelle permet d'utiliser la même adresse
51 netmask 255.255.255.255
52 mtu 1300 # TODO: voir si c'est nécessaire à Lyon
53 up ip address add $vm_ipv4/32 dev \$IFACE
54 down ip address delete $vm_ipv4/32 dev \$IFACE
58 mk_reg mod
= own
= /etc
/apt
/sources.list
<<-EOF
59 deb http://ftp.fr.debian.org/debian $vm_lsb_name main contrib non-free
61 mk_reg mod
= own
= /etc
/apt
/sources.list.d
/openerp.list
<<-EOF
62 deb http://nightly.openerp.com/trunk/nightly/deb/ ./
64 mk_reg mod
= own
= /etc
/apt
/sources.list.d
/$vm_lsb_name-backports.list
<<-EOF
65 deb http://backports.debian.org/debian-backports $vm_lsb_name-backports main contrib non-free
67 mk_reg mod
= own
= /etc
/apt
/preferences
<<-EOF
69 Pin: release a=$vm_lsb_name
73 Pin: release a=$vm_lsb_name-backports
78 mk_reg mod
= own
= /etc
/fstab
<<-EOF
79 # <file system> <mount point> <type> <options> <dump> <pass>
80 LABEL=boot /boot ext2 defaults,no-auto 0 0
81 proc /proc proc defaults 0 0
82 sysfs /sys sysfs defaults 0 0
83 tmpfs /tmp tmpfs rw,nosuid,nodev,auto,size=200m,nr_inodes=1000k,mode=1777,noatime,nodiratime 0 0
84 /dev/mapper/${vm}_root_deciphered / ext4 defaults,errors=remount-ro,acl,noatime 0 1
85 /dev/mapper/${vm}_var_deciphered /var ext4 defaults,errors=remount-ro,acl,noatime 0 1
86 /dev/mapper/${vm}_home_deciphered /home ext4 defaults,errors=remount-ro,acl,noatime,usrquota,grpquota 0 0
87 /dev/mapper/${vm}_swap_deciphered swap swap sw 0 0
89 mk_reg mod
= own
= /etc
/crypttab
<<-EOF
90 # <target name> <source device> <key file> <options>
91 ${vm}_root_deciphered LABEL=${vm}_root ${vm}_root luks
92 ${vm}_var_deciphered LABEL=${vm}_var ${vm}_root_deciphered luks,keyscript=/lib/cryptsetup/scripts/decrypt_derived
93 ${vm}_swap_deciphered LABEL=${vm}_swap ${vm}_root_deciphered luks,keyscript=/lib/cryptsetup/scripts/decrypt_derived
94 ${vm}_home_deciphered LABEL=${vm}_home ${vm}_root_deciphered luks,keyscript=/lib/cryptsetup/scripts/decrypt_derived
96 mk_reg mod
= own
= /etc
/initramfs-tools
/modules
<<-EOF
104 mk_reg mod
= own
= --append /etc
/default
/grub
<<-EOF
105 GRUB_CMDLINE_LINUX="vt.default_utf8=1 rootfstype=ext4 loglevel=5 console=hvc0 resume=/dev/mapper/${vm}_swap_deciphered"
108 rule_user_admin_add
() { # SYNTAX: <name>
110 ! id
"$admin" || adduser
"$admin"
112 adduser
"$admin" sudo
113 mk_dir mod
=0750 own
="$admin:$admin" "$home"/etc
114 mk_dir mod
=0700 own
="$admin:$admin" "$home"/etc
/ssh
115 mk_reg mod
=0400 own
="$admin:$admin" "$home"/etc
/ssh
/authorized_keys
<"$tool"/key
/"$admin".
ssh.pub
118 mk_reg mod
=0664 own
=root
:root
/etc
/ssh
/sshd_config
<<-EOF
119 ListenAddress $vm_ipv4
124 HostKey /etc/ssh/ssh_host_rsa_key
125 UsePrivilegeSeparation yes
126 KeyRegenerationInterval 3600
133 RSAAuthentication yes
134 PubkeyAuthentication yes
135 AuthorizedKeysFile %h/etc/ssh/authorized_keys
137 RhostsRSAAuthentication no
138 HostbasedAuthentication no
139 IgnoreUserKnownHosts no
140 PermitEmptyPasswords no
141 ChallengeResponseAuthentication no
142 PasswordAuthentication no
143 KerberosAuthentication no
144 GSSAPIAuthentication no
151 ClientAliveInterval 0
153 Subsystem sftp /usr/lib/openssh/sftp-server
156 mk_reg mod
=0440 own
=root
:root
/etc
/sudoers.d
/passwd-init
<<-EOF
157 %sudo ALL=(ALL) NOPASSWD: /bin/sh -e -f -u -c \
158 case \$(/usr/bin/passwd --status "\$SUDO_USER") in \
159 ("\$SUDO_USER L "*) /usr/bin/passwd \$SUDO_USER;; esac
161 mk_reg mod
=0440 own
=root
:root
/etc
/sudoers.d
/etckeeper-unclean
<<-EOF
162 %sudo ALL=(ALL) NOPASSWD: /usr/sbin/etckeeper unclean
164 mk_reg mod
=0555 own
=root
:root
/usr
/local
/sbin
/passwd-init
<<-EOF
166 sudo /bin/sh -e -f -u -c \
167 'case \$(/usr/bin/passwd --status "\$SUDO_USER") in ("\$SUDO_USER L "*) /usr/bin/passwd \$SUDO_USER;; esac'
170 rule_kernel_init
() {
171 sudo apt-get
install --reinstall linux-image-
$vm_arch