X-Git-Url: https://git.cyclocoop.org/?a=blobdiff_plain;f=vm_hosted;h=e70708ad366a5b42fe25bb6c11fd1c3171748316;hb=4ad3d3b9cd8f94b54ffbc9cf6cff1327a2af5012;hp=87182dcbf6323bea1a46c753ff81f4758701dddd;hpb=3dacd01098e5233bbd368e636c8536253945042d;p=lhc%2Fateliers.git diff --git a/vm_hosted b/vm_hosted index 87182dc..e70708a 100755 --- a/vm_hosted +++ b/vm_hosted @@ -1,6 +1,10 @@ #!/bin/sh set -e -f ${DRY_RUN:+-n} -u -tool=${0%/*} +tool=$0 +while test -L "$tool" + do tool=$(readlink "$tool") + done +tool=${tool%/*} . "$tool"/lib/rule.sh . "$tool"/etc/vm.sh @@ -30,6 +34,7 @@ rule_git_configure () { local tool tool=$(cd "$tool"; cd -) sudo ln -fns "$tool"/vm_hosted /usr/local/sbin/ + sudo ln -fns "$tool"/vm_hosted /usr/local/sbin/vm ) } rule_git_reset () { @@ -41,14 +46,7 @@ rule_git_reset () { } rule_apt_get_install () { # SYNTAX: $package - case $(dpkg -s "$1" 2>/dev/null | grep '^Status: ') in - ("Status: install ok installed");; - (*) - test ! -x /usr/bin/etckeeper || - ! sudo etckeeper unclean || - warn "/etc unclean: etckeeper may force you to \`etckeeper commit'; then you can run your $0 command again." - sudo apt-get install "$@";; - esac + sudo apt-get install "$@" } rule__chrooted_configure () { # NOTE: est-ce bien utile à un moment ? @@ -207,13 +205,9 @@ rule_etckeeper_configure () { LOWLEVEL_PACKAGE_MANAGER=dpkg EOF sudo install -m 644 -o root -g root \ - etc/etckeeper/prompt.sh \ - /etc/etckeeper/prompt.sh - sudo install -m 755 -o root -g root \ - etc/etckeeper/update-ignore.d/02custom-ignore \ - /etc/etckeeper/update-ignore.d/02custom-ignore + "$tool"/etc/etckeeper/prompt.sh \ + /etc/etckeeper/prompt.sh rule apt_get_install etckeeper - sudo etckeeper update-ignore -a } rule_filesystem_configure () { sudo install -m 644 -o root -g root /dev/stdin /etc/fstab <<-EOF @@ -401,26 +395,61 @@ rule_login_configure () { session optional pam_umask.so EOF } -rule_procmail_configure () { - rule apt_get_install procmail - sudo install -d -m 770 -o root -g adm \ - /etc/skel/etc/mail \ - /etc/skel/var/cache/mail \ - /etc/skel/var/log/mail \ - /etc/skel/var/mail - sudo install -m 660 -o root -g adm \ - "$tool"/etc/skel/etc/mail/delivery.procmailrc \ - /etc/skel/etc/mail/delivery.procmailrc +rule_mail_configure () { + rule postfix_configure + rule postgrey_configure + rule procmail_configure + rule dovecot_configure } -rule_postgrey_configure () { - rule apt_get_install postgrey - sudo service postgrey restart +rule_network_configure () { + sudo install -m 644 -o root -g root /dev/stdin /etc/hostname <<-EOF + $vm + EOF + grep -q " $vm\$" /etc/hosts || + sudo install -m 644 -o root -g root /dev/stdin /etc/hosts <<-EOF + $(cat /etc/hosts) + 127.0.0.1 $vm_fqdn $vm + EOF + sudo install -m 644 -o root -g root /dev/stdin /etc/network/interfaces <<-EOF + auto lo + iface lo inet loopback + + auto eth0=grenode + iface grenode inet static + address $vm_ipv4 + gateway $vm_ipv4 # NOTE: proxy_arp sur la passerelle permet d'utiliser la même adresse + network $vm_ipv4 + broadcast $vm_ipv4 + netmask 255.255.255.255 + mtu 1300 + # NOTE: il y a besoin de ça en l'état actuel du réseau de Grenode + # car la MTU des tunnels GRE/IPsec entre les routeurs de Grenode l'impose. + # + # root@ateliers:~# ping -M do -c 1 -s \$((1500-20-8-200)) soupirail.grenode.net + # PING soupirail.grenode.net (91.216.110.1) 1272(1300) bytes of data. + # 1280 bytes from soupirail.grenode.net (91.216.110.1): icmp_req=1 ttl=63 time=18.0 ms + # + # --- soupirail.grenode.net ping statistics --- + # 1 packets transmitted, 1 received, 0% packet loss, time 0ms + # rtt min/avg/max/mdev = 18.027/18.027/18.027/0.000 ms + # root@ateliers:~# ping -M do -c 1 -s \$((1500-20-8-200+1)) soupirail.grenode.net + # PING soupirail.grenode.net (91.216.110.1) 1273(1301) bytes of data. + # From estran.grenode.net (91.216.110.6) icmp_seq=1 Frag needed and DF set (mtu = 1300) + # + # --- soupirail.grenode.net ping statistics --- + # 0 packets transmitted, 0 received, +1 errors + post-up ip address add $vm_ipv4/32 dev \$IFACE + pre-down ip address delete $vm_ipv4/32 dev \$IFACE + EOF } rule_postfix_configure () { local hint="run vm_remote postfix_key_send before" assert "test -f /etc/postfix/$vm_domainname/smtpd/x509/key.pem" hint warn "lors de l'installation Debian, ne sélectionner aucune configuration pour postfix" rule apt_get_install postfix + sudo install -m 640 -o root -g root /dev/stdin /etc/postfix/.gitignore <<-EOF + *.db + EOF sudo install -d -m 770 -o root -g root \ /etc/postfix/$vm_domainname/ \ /etc/postfix/$vm_domainname/smtp \ @@ -441,25 +470,25 @@ rule_postfix_configure () { ../crt+crl.self-signed.pem \ /etc/postfix/$vm_domainname/smtpd/x509/ca/crt.pem sudo install -m 400 -o root -g root \ - var/pub/x509/service/smtpd/crt+crl.self-signed.pem \ + "$tool"/var/pub/x509/service/smtpd/crt+crl.self-signed.pem \ /etc/postfix/$vm_domainname/smtpd/x509/crt+crl.self-signed.pem sudo install -m 400 -o root -g root \ - var/pub/x509/service/smtpd/crt.pem \ + "$tool"/var/pub/x509/service/smtpd/crt.pem \ /etc/postfix/$vm_domainname/smtpd/x509/crt.pem sudo install -m 400 -o root -g root \ - var/pub/x509/service/smtpd/crt+root.pem \ + "$tool"/var/pub/x509/service/smtpd/crt+root.pem \ /etc/postfix/$vm_domainname/smtpd/x509/crt+root.pem sudo install -m 400 -o root -g root \ - var/pub/x509/service/smtpd/crt+crl.self-signed.pem \ + "$tool"/var/pub/x509/service/smtpd/crt+crl.self-signed.pem \ /etc/postfix/$vm_domainname/smtpd/x509/crt+crl.self-signed.pem sudo install -m 660 -o root -g root \ - etc/postfix/$vm_domainname/header_checks \ - /etc/postfix/$vm_domainname/header_checks + "$tool"/etc/postfix/$vm_domainname/header_checks \ + /etc/postfix/$vm_domainname/header_checks sudo install -m 664 -o root -g root \ - etc/aliases \ - /etc/aliases - sudo newaliases - cat /dev/stdin etc/postfix/main.cf <<-EOF | + "$tool"/etc/postfix/aliases \ + /etc/postfix/aliases + sudo newaliases -oA/etc/postfix/aliases + cat /dev/stdin "$tool"/etc/postfix/main.cf <<-EOF | mydomain = $vm_domainname myorigin = \$mydomain myhostname = $vm_hostname.\$mydomain @@ -469,83 +498,51 @@ rule_postfix_configure () { sudo install -m 664 -o root -g root /dev/stdin \ /etc/postfix/main.cf sudo install -m 664 -o root -g root \ - etc/postfix/master.cf \ - /etc/postfix/master.cf + "$tool"/etc/postfix/master.cf \ + /etc/postfix/master.cf sudo install -m 660 -o root -g root \ - etc/postfix/$vm_domainname/smtp/x509/policy \ - /etc/postfix/$vm_domainname/smtp/x509/policy + "$tool"/etc/postfix/$vm_domainname/smtp/x509/policy \ + /etc/postfix/$vm_domainname/smtp/x509/policy sudo postmap hash:/etc/postfix/$vm_domainname/smtp/x509/policy sudo install -m 660 -o root -g root \ - etc/postfix/$vm_domainname/smtp/header_checks \ - /etc/postfix/$vm_domainname/smtp/header_checks + "$tool"/etc/postfix/$vm_domainname/smtp/header_checks \ + /etc/postfix/$vm_domainname/smtp/header_checks sudo install -m 660 -o root -g root \ - etc/postfix/$vm_domainname/smtpd/sender_access \ - /etc/postfix/$vm_domainname/smtpd/sender_access + "$tool"/etc/postfix/$vm_domainname/smtpd/sender_access \ + /etc/postfix/$vm_domainname/smtpd/sender_access sudo postmap hash:/etc/postfix/$vm_domainname/smtpd/sender_access sudo install -m 660 -o root -g root \ - etc/postfix/$vm_domainname/smtpd/client_blacklist \ - /etc/postfix/$vm_domainname/smtpd/client_blacklist + "$tool"/etc/postfix/$vm_domainname/smtpd/client_blacklist \ + /etc/postfix/$vm_domainname/smtpd/client_blacklist sudo postmap hash:/etc/postfix/$vm_domainname/smtpd/client_blacklist sudo install -m 660 -o root -g root \ - etc/postfix/$vm_domainname/smtpd/relay_clientcerts \ - /etc/postfix/$vm_domainname/smtpd/relay_clientcerts + "$tool"/etc/postfix/$vm_domainname/smtpd/relay_clientcerts \ + /etc/postfix/$vm_domainname/smtpd/relay_clientcerts sudo postmap hash:/etc/postfix/$vm_domainname/smtpd/relay_clientcerts sudo install -m 660 -o root -g root \ - etc/postfix/$vm_domainname/transport \ - /etc/postfix/$vm_domainname/transport + "$tool"/etc/postfix/$vm_domainname/transport \ + /etc/postfix/$vm_domainname/transport sudo postmap hash:/etc/postfix/$vm_domainname/transport sudo install -m 660 -o root -g root \ - etc/postfix/$vm_domainname/virtual_alias \ - /etc/postfix/$vm_domainname/virtual_alias + "$tool"/etc/postfix/$vm_domainname/virtual_alias \ + /etc/postfix/$vm_domainname/virtual_alias sudo postmap hash:/etc/postfix/$vm_domainname/virtual_alias sudo service postfix restart } -rule_mail_configure () { - rule postfix_configure - rule postgrey_configure - rule procmail_configure - rule dovecot_configure +rule_postgrey_configure () { + rule apt_get_install postgrey + sudo service postgrey restart } -rule_network_configure () { - sudo install -m 644 -o root -g root /dev/stdin /etc/hostname <<-EOF - $vm - EOF - grep -q " $vm\$" /etc/hosts || - sudo install -m 644 -o root -g root /dev/stdin /etc/hosts <<-EOF - $(cat /etc/hosts) - 127.0.0.1 $vm_fqdn $vm - EOF - sudo install -m 644 -o root -g root /dev/stdin /etc/network/interfaces <<-EOF - auto lo - iface lo inet loopback - - auto eth0=grenode - iface grenode inet static - address $vm_ipv4 - gateway $vm_ipv4 # NOTE: proxy_arp sur la passerelle permet d'utiliser la même adresse - network $vm_ipv4 - broadcast $vm_ipv4 - netmask 255.255.255.255 - mtu 1300 - # NOTE: il y a besoin de ça en l'état actuel du réseau de Grenode - # car la MTU des tunnels GRE/IPsec entre les routeurs de Grenode l'impose. - # - # root@ateliers:~# ping -M do -c 1 -s \$((1500-20-8-200)) soupirail.grenode.net - # PING soupirail.grenode.net (91.216.110.1) 1272(1300) bytes of data. - # 1280 bytes from soupirail.grenode.net (91.216.110.1): icmp_req=1 ttl=63 time=18.0 ms - # - # --- soupirail.grenode.net ping statistics --- - # 1 packets transmitted, 1 received, 0% packet loss, time 0ms - # rtt min/avg/max/mdev = 18.027/18.027/18.027/0.000 ms - # root@ateliers:~# ping -M do -c 1 -s \$((1500-20-8-200+1)) soupirail.grenode.net - # PING soupirail.grenode.net (91.216.110.1) 1273(1301) bytes of data. - # From estran.grenode.net (91.216.110.6) icmp_seq=1 Frag needed and DF set (mtu = 1300) - # - # --- soupirail.grenode.net ping statistics --- - # 0 packets transmitted, 0 received, +1 errors - post-up ip address add $vm_ipv4/32 dev \$IFACE - pre-down ip address delete $vm_ipv4/32 dev \$IFACE - EOF +rule_procmail_configure () { + rule apt_get_install procmail + sudo install -d -m 770 -o root -g adm \ + /etc/skel/etc/mail \ + /etc/skel/var/cache/mail \ + /etc/skel/var/log/mail \ + /etc/skel/var/mail + sudo install -m 660 -o root -g adm \ + "$tool"/etc/skel/etc/mail/delivery.procmailrc \ + /etc/skel/etc/mail/delivery.procmailrc } rule_ssh_configure () { ssh-keygen -F "$vm_fqdn" -f "$tool"/etc/openssh/known_hosts | @@ -655,11 +652,11 @@ rule_user_configure () { 'case \$(/usr/bin/passwd --status "\$SUDO_USER") in ("\$SUDO_USER L "*) /usr/bin/passwd \$SUDO_USER;; esac' EOF sudo install -m 644 -o root -g root \ - etc/bash.bashrc \ - /etc/bash.bashrc + "$tool"/etc/bash.bashrc \ + /etc/bash.bashrc sudo install -m 644 -o root -g root \ - etc/screenrc \ - /etc/screenrc + "$tool"/etc/screenrc \ + /etc/screenrc } rule_user_root_configure () { sudo install -d -m 750 -o root -g adm \ @@ -692,6 +689,7 @@ rule_configure () { rule filesystem_configure rule login_configure rule ssh_configure + rule mail_configure rule user_root_configure rule boot_configure rule user_configure