X-Git-Url: https://git.cyclocoop.org/?p=lhc%2Fateliers.git;a=blobdiff_plain;f=vm_hosted;h=a92477ccbd04940a818eab76aafe7082cb67eb39;hp=987fa6df52b5cd6f4cb8a5cab4a6abfeb51b843e;hb=a0db32961c20b1a9a404d28a8ba4932808f386af;hpb=59f4204d561b533f725bbc714604c9ca91c037fa diff --git a/vm_hosted b/vm_hosted index 987fa6d..a92477c 100755 --- a/vm_hosted +++ b/vm_hosted @@ -4,36 +4,46 @@ tool=${0%/*} . "$tool"/lib/functions.sh . "$tool"/etc/vm.sh -rule_help () { +rule_help () { # SYNTAX: [--hidden] + local hidden; [ ${1:+set} ] || hidden=set cat >&2 <<-EOF - DESCRIPTION: ce script regroupe des fonctions utilitaires - pour gérer la VM _depuis_ la VM hébergée ; - il sert à la fois d'outil et de documentation. - Voir \`$tool/vm_host' pour les utilitaires côté machine hôte. + DESCRIPTION: + ce script regroupe des règles pour administrer la VM ($vm_fqdn) + _depuis_ la VM hébergée ($vm_fqdn) ; + il sert à la fois d'outil (aisément bidouillable) + et de documentation (préçise). + Voir \`$tool/vm_host' pour les règles côté machine hôte ($vm_host). SYNTAX: $0 \$RULE \${RULE}_SYNTAX RULES: - $(sed -ne 's/^rule_\([^_][^ ]*\) () {\( *#.*\|\)/\t\1\2/p' "$tool"/etc/vm.sh "$0") + $(sed -ne "s/^rule_\(${hidden:+[^_]}[^ ]*\) () {\( *#.*\|\)/ \1\2/p" "$tool"/etc/vm.sh "$0") ENVIRONMENT: TRACE # affiche les commandes avant leur exécution $(sed -ne 's/^readonly \([^ ][^ =]*\).*}\( *#.*\|\)$/\t$\1\2/p' "$tool"/etc/vm.sh "$0") EOF } +rule_git_config () { + ( + cd "$tool" + git config --replace branch.master.remote . + git config --replace branch.master.merge refs/remotes/master + ) + } rule_git_reset () { ( cd "$tool" - git checkout -f -B master origin + git checkout -f -B master remotes/master git clean -f -d -x ) } -rule_chrooted () { +rule__chrooted_configure () { # NOTE: est-ce bien utile à un moment ? export LANG=C export LC_CTYPE=C . /etc/profile } -rule_apt_init () { +rule_apt_configure () { mk_reg mod= own= /etc/apt/sources.list <<-EOF deb http://ftp.fr.debian.org/debian $vm_lsb_name main contrib non-free EOF @@ -53,9 +63,9 @@ rule_apt_init () { deb http://nightly.openerp.com/trunk/nightly/deb/ ./ EOF } -rule_apticron_init () { +rule_apticron_configure () { sudo apt-get install --reinstall apticron - mk_reg mod=644 own=root:root /etc/default/grub <<-EOF + mk_reg mod=644 own=root:root /etc/apticron/apticron.conf <<-EOF EMAIL="admin@heureux-cyclage.org" # DIFF_ONLY="1" # LISTCHANGES_PROFILE="apticron" @@ -72,7 +82,7 @@ rule_apticron_init () { EOF sudo service apticron restart } -rule_boot_init () { +rule_boot_configure () { sudo apt-get install --reinstall grub-pc # XXX: attention à n'installer GRUB sur AUCUN disque proposé ! mk_dir mod=644 own=root:root /boot/grub sudo apt-get install --reinstall linux-image-$vm_arch @@ -90,9 +100,9 @@ rule_boot_init () { (hd0) /dev/mapper/domU-$(printf %s $vm_fqdn-disk | sed -e 's/-/--/g') EOF sudo update-grub2 # NOTE: prend en compte /boot/grub/device.map - rule initramfs_init + rule initramfs_configure } -rule_etckeeper_init () { +rule_etckeeper_configure () { mk_reg mod=644 own=root:root /etc/etckeeper/etckeeper.conf <<-EOF VCS=git GIT_COMMIT_OPTIONS="" @@ -103,7 +113,7 @@ rule_etckeeper_init () { LOWLEVEL_PACKAGE_MANAGER=dpkg EOF } -rule_filesystem_init () { +rule_filesystem_configure () { mk_reg mod=644 own=root:root /etc/fstab <<-EOF # LABEL=${vm_lvm_lv}_boot /boot ext2 defaults 0 0 @@ -127,7 +137,7 @@ rule_filesystem_init () { vm.vfs_cache_pressure=50 EOF } -rule_initramfs_init () { +rule_initramfs_configure () { mk_reg mod=644 own=root:root /etc/initramfs-tools/initramfs.conf <<-EOF MODULES=most BUSYBOX=y @@ -190,13 +200,13 @@ rule_initramfs_init () { # NOTE: clefs générées par Debian sudo update-initramfs -u } -rule_locale_init () { +rule_locale_configure () { mk_reg mod=644 own=root:root /etc/locale.gen <<-EOF fr_FR.UTF-8 UTF-8 EOF sudo update-locale } -rule_login_init () { +rule_login_configure () { grep -q '^hvc0$' /etc/securetty || mk_reg mod= own= --append /etc/securetty <<-EOF hvc0 @@ -290,7 +300,7 @@ rule_login_init () { session optional pam_umask.so EOF } -rule_network_init () { +rule_network_configure () { mk_reg mod= own= /etc/hostname <<-EOF $vm EOF @@ -314,7 +324,7 @@ rule_network_init () { pre-down ip address delete $vm_ipv4/32 dev \$IFACE EOF } -rule_user_init () { +rule_user_configure () { mk_dir mod=750 own="root:adm" /etc/skel/etc mk_dir mod=770 own="root:adm" /etc/skel/etc/apache2 mk_dir mod=770 own="root:adm" /etc/skel/etc/ssh @@ -399,15 +409,15 @@ rule_user_init () { 'case \$(/usr/bin/passwd --status "\$SUDO_USER") in ("\$SUDO_USER L "*) /usr/bin/passwd \$SUDO_USER;; esac' EOF } -rule_user_root_init () { +rule_user_root_configure () { mk_dir mod=750 own=root:root /root/etc mk_dir mod=750 own=root:root /root/etc/ssh mk_dir mod=750 own=root:root /root/etc/gpg mk_lnk etc/gpg /root/.gnupg mk_lnk etc/ssh /root/.ssh getent group sudo | - while test -n "$users" && IFS=: read -r group x x users - do while IFS=, read -r user users <<-EOF + while IFS=: read -r group x x users + do while test -n "$users" && IFS=, read -r user users <<-EOF $users EOF do eval local home\; home="~$user" @@ -420,19 +430,19 @@ rule_user_root_init () { do sudo gpg --import "$key" done } -rule__bin_init () { +rule_bin_configure () { mk_lnk "$tool"/vm_hosted /usr/local/sbin/ } -rule_init () { - rule etckeeper_init - rule locale_init - rule network_init - rule apt_init - rule filesystem_init - rule login_init - rule user_root_init - rule boot_init - rule bin_init +rule_configure () { + rule etckeeper_configure + rule locale_configure + rule network_configure + rule apt_configure + rule filesystem_configure + rule login_configure + rule user_root_configure + rule boot_configure + rule bin_configure } rule_disk_key_change () { @@ -448,8 +458,8 @@ rule_user_admin_add () { # SYNTAX: $user sudo adduser "$user" sudo mk_reg mod=640 own=$user:$user "$home"/etc/ssh/authorized_keys \ <"$tool"/var/pub/ssh/"$user".key - rule initramfs_init - rule user_root_init + rule initramfs_configure + rule user_root_configure local key; local -; set +f for key in "$tool"/var/pub/openpgp/*.key do sudo -u "$user" gpg --import "$key" @@ -816,7 +826,7 @@ rule_user_mail_format () { mk_reg mod=664 own=root:root /etc/postgrey/whitelist_recipients.local <<-EOF EOF } -rule_mail_init () { +rule_mail_configure () { sudo apt-get install postfix postgrey dovecot } @@ -826,7 +836,6 @@ case $rule in (help);; (*) assert 'test "$(hostname --fqdn)" = "$vm_fqdn"' vm_fqdn - ${TRACE:+set -x} ;; esac rule $rule "$@"