dépôts / lhc / ateliers.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Ajout : ateliers_host{,ed} : premier jet du cadre de travail.
[lhc/ateliers.git] / ateliers_hosted
1 #!/bin/sh
2 set -e -f ${DRY_RUN:+-n} -u ${TRACE:+-x}
3 tool=${0%/*}
4 . "$tool"/env.sh
5 . "$tool"/inc.sh
6
7 rule_help () {
8 cat >&2 <<-EOF
9 DESCRIPTION: ce script regroupe des fonctions utilitaires
10 pour gérer la VM des ateliers _depuis_ la VM hébergée ;
11 il sert à la fois d'outil et de documentation.
12 Voir \`$tool/ateliers_host' pour les utilitaires côté machine hôte.
13 SYNTAX: $0 \$RULE \${RULE}_SYNTAX
14 RULES:
15 $(sed -ne 's/^rule_\([^ ]*\) () {\( *#.*\|\)/\t\1\2/p' "$0")
16 ENVIRONMENT:
17 $(sed -ne 's/^readonly \([^ =]*\).*}\( *#.*\|\)$/\t$\1\2/p' "$tool"/env.sh "$0")
18 EOF
19 }
20
21 rule_filesystem_mount () {
22 mountpoint /proc ||
23 mount -t proc proc /proc
24 mountpoint /sys ||
25 mount -t sysfs sys /sys
26 mountpoint /dev
27 }
28 rule_filesystem_unmount () {
29 ! mountpoint /proc ||
30 umount /proc
31 ! mountpoint /sys ||
32 umount /sys
33 }
34 rule_shell_source () {
35 . /etc/profile
36 }
37 rule_network_init () {
38 mk_reg mod= own= /etc/hostname <<-EOF
39 $vm
40 EOF
41 grep -q " $vm\$" /etc/hosts ||
42 mk_reg mod= own= --append /etc/hosts <<-EOF
43 127.0.0.1 $vm.local $vm
44 EOF
45 mk_reg mod= own= /etc/network/interfaces <<-EOF
46 auto lo
47 iface lo inet loopback
48
49 auto eth0=grenode
50 iface grenode inet static
51 address $vm_ipv4
52 gateway $vm_ipv4 # NOTE: proxy_arp sur la passerelle permet d'utiliser la même adresse
53 network $vm_ipv4
54 broadcast $vm_ipv4
55 netmask 255.255.255.255
56 mtu 1300 # TODO: voir si c'est nécessaire à Lyon
57 up ip address add $vm_ipv4/32 dev \$IFACE
58 down ip address delete $vm_ipv4/32 dev \$IFACE
59 EOF
60 }
61 rule_apt_init () {
62 mk_reg mod= own= /etc/apt/sources.list <<-EOF
63 deb http://ftp.fr.debian.org/debian $vm_lsb_name main contrib non-free
64 EOF
65 mk_reg mod= own= /etc/apt/sources.list.d/openerp.list <<-EOF
66 deb http://nightly.openerp.com/trunk/nightly/deb/ ./
67 EOF
68 mk_reg mod= own= /etc/apt/sources.list.d/$vm_lsb_name-backports.list <<-EOF
69 deb http://backports.debian.org/debian-backports $vm_lsb_name-backports main contrib non-free
70 EOF
71 mk_reg mod= own= /etc/apt/preferences <<-EOF
72 Package: *
73 Pin: release a=$vm_lsb_name
74 Pin-Priority: 170
75
76 Package: *
77 Pin: release a=$vm_lsb_name-backports
78 Pin-Priority: 200
79 EOF
80 }
81 rule_boot_init () {
82 mk_reg mod= own= /etc/fstab <<-EOF
83 # <file system> <mount point> <type> <options> <dump> <pass>
84 LABEL=boot /boot ext2 defaults,no-auto 0 0
85 proc /proc proc defaults 0 0
86 sysfs /sys sysfs defaults 0 0
87 tmpfs /tmp tmpfs rw,nosuid,nodev,auto,size=200m,nr_inodes=1000k,mode=1777,noatime,nodiratime 0 0
88 /dev/mapper/${vm}_root_deciphered / ext4 defaults,errors=remount-ro,acl,noatime 0 1
89 /dev/mapper/${vm}_var_deciphered /var ext4 defaults,errors=remount-ro,acl,noatime 0 1
90 /dev/mapper/${vm}_home_deciphered /home ext4 defaults,errors=remount-ro,acl,noatime,usrquota,grpquota 0 0
91 /dev/mapper/${vm}_swap_deciphered swap swap sw 0 0
92 EOF
93 mk_reg mod= own= /etc/crypttab <<-EOF
94 # <target name> <source device> <key file> <options>
95 ${vm}_root_deciphered LABEL=${vm}_root ${vm}_root luks
96 ${vm}_var_deciphered LABEL=${vm}_var ${vm}_root_deciphered luks,keyscript=/lib/cryptsetup/scripts/decrypt_derived
97 ${vm}_swap_deciphered LABEL=${vm}_swap ${vm}_root_deciphered luks,keyscript=/lib/cryptsetup/scripts/decrypt_derived
98 ${vm}_home_deciphered LABEL=${vm}_home ${vm}_root_deciphered luks,keyscript=/lib/cryptsetup/scripts/decrypt_derived
99 EOF
100 mk_reg mod= own= /etc/initramfs-tools/modules <<-EOF
101 #loop
102 sha1_generic
103 sha256_generic
104 sha512_generic
105 aes-x86_64
106 xts
107 EOF
108 sed -i /etc/default/grub -e '/^GRUB_CMDLINE_LINUX=/d;r/dev/fd/3' 3<<-EOF
109 GRUB_CMDLINE_LINUX="vt.default_utf8=1 rootfstype=ext4 loglevel=5 console=hvc0 resume=/dev/mapper/${vm}_swap_deciphered"
110 EOF
111 }
112 rule_user_admin_add () { # SYNTAX: <name>
113 admin=$1
114 ! id "$admin" || adduser "$admin"
115 eval home="~$admin"
116 adduser "$admin" sudo
117 mk_dir mod=0750 own="$admin:$admin" "$home"/etc
118 mk_dir mod=0700 own="$admin:$admin" "$home"/etc/ssh
119 mk_reg mod=0400 own="$admin:$admin" "$home"/etc/ssh/authorized_keys <"$tool"/key/"$admin".ssh.pub
120 }
121 rule_users_init () {
122 mk_reg mod=0664 own=root:root /etc/ssh/sshd_config <<-EOF
123 ListenAddress $vm_ipv4
124 #ListenAddress ::
125 Port 22
126 Protocol 2
127 Compression yes
128 HostKey /etc/ssh/ssh_host_rsa_key
129 UsePrivilegeSeparation yes
130 KeyRegenerationInterval 3600
131 ServerKeyBits 768
132 SyslogFacility AUTH
133 LogLevel INFO
134 LoginGraceTime 120
135 PermitRootLogin no
136 StrictModes yes
137 RSAAuthentication yes
138 PubkeyAuthentication yes
139 AuthorizedKeysFile %h/etc/ssh/authorized_keys
140 IgnoreRhosts yes
141 RhostsRSAAuthentication no
142 HostbasedAuthentication no
143 IgnoreUserKnownHosts no
144 PermitEmptyPasswords no
145 ChallengeResponseAuthentication no
146 PasswordAuthentication no
147 KerberosAuthentication no
148 GSSAPIAuthentication no
149 X11Forwarding no
150 X11DisplayOffset 10
151 PrintMotd no
152 DebianBanner no
153 PrintLastLog yes
154 TCPKeepAlive yes
155 ClientAliveInterval 0
156 AcceptEnv LANG LC_*
157 Subsystem sftp /usr/lib/openssh/sftp-server
158 UsePAM yes
159 EOF
160 mk_reg mod=0440 own=root:root /etc/sudoers.d/passwd-init <<-EOF
161 %sudo ALL=(ALL) NOPASSWD: /bin/sh -e -f -u -c \
162 case \$(/usr/bin/passwd --status "\$SUDO_USER") in \
163 ("\$SUDO_USER L "*) /usr/bin/passwd \$SUDO_USER;; esac
164 EOF
165 mk_reg mod=0440 own=root:root /etc/sudoers.d/etckeeper-unclean <<-EOF
166 %sudo ALL=(ALL) NOPASSWD: /usr/sbin/etckeeper unclean
167 EOF
168 mk_reg mod=0555 own=root:root /usr/local/sbin/passwd-init <<-EOF
169 #!/bin/sh
170 sudo /bin/sh -e -f -u -c \
171 'case \$(/usr/bin/passwd --status "\$SUDO_USER") in ("\$SUDO_USER L "*) /usr/bin/passwd \$SUDO_USER;; esac'
172 EOF
173 }
174 rule_kernel_init () {
175 sudo apt-get install --reinstall linux-image-$vm_arch
176 }
177
178 rule=${1:-help}
179 ${1+shift}
180 rule_$rule "$@"
outils d'administration d'ateliers.heureux-cyclage.org