232 lines
5.9 KiB
Bash
232 lines
5.9 KiB
Bash
|
#!/bin/bash
|
|||
|
|
|||
|
# Ce script est une base qu’il faut sûrement améliorer.
|
|||
|
# Il sert à installer un debian d’ordi portable JC pour le cluster SHLAGO
|
|||
|
# Le but est d’installer juste ce qu’il faut pour le le serveur tourne, le reste est laissé à ansible.
|
|||
|
# Il génère une clé SSH qui permettra d’accéder à la machine. C’est peut-être con, il faudrait plutôt le remplir de nos ssh publiques.
|
|||
|
|
|||
|
# https://github.com/adrianamaglio/driglibash
|
|||
|
declare -A usage
|
|||
|
declare -A varia
|
|||
|
driglibash_run_retry=true
|
|||
|
version="alpha nightly 0.0.1 pre-release unstable"
|
|||
|
summary="$0 [options]"
|
|||
|
|
|||
|
usage[m]="Path of the temporar mount point"
|
|||
|
varia[m]=mnt
|
|||
|
mnt="temporary_mount_point"
|
|||
|
|
|||
|
usage[a]="The architecture of installed system as supported by debootstrap"
|
|||
|
varia[a]=arch
|
|||
|
arch="amd64"
|
|||
|
|
|||
|
usage[r]="The release of installed system as supported by debootstrap"
|
|||
|
varia[r]=release
|
|||
|
release="bullseye"
|
|||
|
|
|||
|
usage[s]="Source repository of installed system"
|
|||
|
varia[s]=repo
|
|||
|
#repo=
|
|||
|
repo="http://ftp.fr.debian.org/debian"
|
|||
|
#repo="http://localhost:3142/ftp.fr.debian.org/debian"
|
|||
|
|
|||
|
usage[n]="The hostname"
|
|||
|
varia[n]=hostname
|
|||
|
hostname=""
|
|||
|
|
|||
|
usage[b]="The device where grub will be installed"
|
|||
|
varia[b]=boot_device
|
|||
|
boot_device=
|
|||
|
|
|||
|
usage[R]="The device where the system will be installed"
|
|||
|
varia[R]=boot_device
|
|||
|
boot_device=
|
|||
|
|
|||
|
usage[l]="System locale"
|
|||
|
varia[l]=locale
|
|||
|
locale="en_US.UTF-8 UTF-8\nfr_FR.UTF-8 UTF-8"
|
|||
|
|
|||
|
|
|||
|
. driglibash-args
|
|||
|
|
|||
|
|
|||
|
secret_dir=secrets
|
|||
|
secret_dir="$(realpath -m "$secret_dir/$hostname")"
|
|||
|
install="vim openssh-server git nginx"
|
|||
|
|
|||
|
|
|||
|
|
|||
|
###############################################################################
|
|||
|
# Actual script
|
|||
|
###############################################################################
|
|||
|
|
|||
|
. driglibash-base
|
|||
|
|
|||
|
chroot_run(){
|
|||
|
run echo "$@" | chroot "$mnt"
|
|||
|
if [ "$?" -ne 0 ] ; then
|
|||
|
die "Error, chroot command [$@] exited with code '$?'"
|
|||
|
fi
|
|||
|
}
|
|||
|
|
|||
|
wait_for_user(){
|
|||
|
section "Time for a pause"
|
|||
|
run echo "Press 'Enter' to continue"
|
|||
|
read
|
|||
|
}
|
|||
|
|
|||
|
mount_misc(){
|
|||
|
run mkdir -p "$mnt"/{proc,dev,sys}
|
|||
|
run mount -t proc none "$mnt/proc"
|
|||
|
clean "umount '$mnt/proc'"
|
|||
|
# To access physical devices
|
|||
|
run mount -o bind /dev "$mnt/dev"
|
|||
|
clean "umount '$mnt/dev'"
|
|||
|
run mount -o bind /dev/pts "$mnt/dev/pts"
|
|||
|
clean "umount '$mnt/dev/pts'"
|
|||
|
run mount -o bind /sys "$mnt/sys"
|
|||
|
clean "umount '$mnt/sys'"
|
|||
|
# mount /dev/pts ? apt install complain about its absence
|
|||
|
}
|
|||
|
|
|||
|
if [ -z "$hostname" ] ; then
|
|||
|
die "Hostname arg needed"
|
|||
|
fi
|
|||
|
|
|||
|
root_or_die
|
|||
|
|
|||
|
|
|||
|
section "Testing for existing secrets"
|
|||
|
if ! [ -d "$secret_dir" ] ; then
|
|||
|
run mkdir -p "$secret_dir"
|
|||
|
run chown -R root:root "$secret_dir"
|
|||
|
run chmod 700 "$secret_dir"
|
|||
|
fi
|
|||
|
|
|||
|
|
|||
|
section "debootstraping"
|
|||
|
# Debootstrap may fail when the target is an existing system
|
|||
|
#if [ -n "$(ls -A $mnt)" ]; then
|
|||
|
# die "Root dir '$mnt' is not empty. Won’t debootstrap it."
|
|||
|
#fi
|
|||
|
run debootstrap --verbose --arch "$arch" "$release" "$mnt" "$repo"
|
|||
|
|
|||
|
|
|||
|
section "Mounting additionnal items"
|
|||
|
mount_misc
|
|||
|
|
|||
|
|
|||
|
section "Installing selected software"
|
|||
|
#XXX use chroot_run
|
|||
|
chroot "$mnt" <<EOF
|
|||
|
export DEBIAN_FRONTEND=noninteractive
|
|||
|
apt-get update -q -y
|
|||
|
apt-get install -q -y linux-image-amd64 console-data grub2 locales $install
|
|||
|
EOF
|
|||
|
# TODO watershed ?
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
section "Configuring new system"
|
|||
|
uuid=$(blkid | grep "$root_device" | cut -d ' ' -f 2)
|
|||
|
line_in_file "$uuid / ext4 errors=remount-ro 0 1" "$mnt/etc/fstab"
|
|||
|
line_in_file "proc /proc proc defaults" "$mnt/etc/fstab"
|
|||
|
# TODO set noauto to /boot if needed
|
|||
|
|
|||
|
# Set hostname
|
|||
|
run echo "$hostname" > "$mnt/etc/hostname"
|
|||
|
|
|||
|
# Fix path and remove noisy beep
|
|||
|
run cat > "$mnt/root/.bashrc" <<EOF
|
|||
|
PATH=$PATH:/usr/bin:/bin:/sbin:/usr/sbin:/sbin
|
|||
|
/usr/bin/setterm -blength 0
|
|||
|
xset b off
|
|||
|
EOF
|
|||
|
# Be sure this fucking beep is gone
|
|||
|
echo 'set bell-style none' >> "$mnt/etc/inputrc"
|
|||
|
# TODO find a third method to kill this doomed beep
|
|||
|
|
|||
|
|
|||
|
# boot crypted
|
|||
|
#section "Installing cryptsetup in initramfs"
|
|||
|
#run echo 'CRYPTSETUP=y' >> /etc/cryptsetup-initramfs/conf-hook
|
|||
|
#run cp key "$mnt/root/"
|
|||
|
#run echo 'FILES="/root/key"' >> /etc/initramfs-tools/initramfs.conf
|
|||
|
#run update-initramfs -ut
|
|||
|
#echo "$mnt/etc/initramfs-tools/conf.d/cryptsetup" <<EOF
|
|||
|
## This will setup non-us keyboards in early userspace,
|
|||
|
## necessary for punching in passphrases.
|
|||
|
#KEYMAP=y
|
|||
|
#
|
|||
|
## force busybox and cryptsetup on initramfs
|
|||
|
#BUSYBOX=y
|
|||
|
#CRYPTSETUP=y
|
|||
|
#
|
|||
|
## and for systems using plymouth instead, use the new option
|
|||
|
#FRAMEBUFFER=y
|
|||
|
#EOF
|
|||
|
#echo 'export CRYPTSETUP=y' >> "$mnt/etc/environment"
|
|||
|
#echo 'export FILES="./key"' >> "$mnt/etc/initramfs-tools/initramfs.conf"
|
|||
|
#chroot_run 'update-initramfs -ut'
|
|||
|
|
|||
|
|
|||
|
section "Set up networking"
|
|||
|
# Disable the unpredictable naming (since we are not on the future host)
|
|||
|
run ln -s /dev/null "$mnt/etc/udev/rules.d/80-net-setup-link.rules"
|
|||
|
run cat >> "$mnt/etc/network/interfaces" <<EOF
|
|||
|
auto enp1s0
|
|||
|
allow-hotplug enp1s0
|
|||
|
iface enp1s0 inet dhcp
|
|||
|
iface enp1s0 inet6 dhcp
|
|||
|
auto enp2s0
|
|||
|
allow-hotplug enp2s0
|
|||
|
iface enp2s0 inet dhcp
|
|||
|
iface enp2s0 inet6 dhcp
|
|||
|
auto eth0
|
|||
|
allow-hotplug eth0
|
|||
|
iface eth0 inet dhcp
|
|||
|
iface eth0 inet6 dhcp
|
|||
|
auto eth1
|
|||
|
allow-hotplug eth1
|
|||
|
iface eth1 inet dhcp
|
|||
|
iface eth1 inet6 dhcp
|
|||
|
EOF
|
|||
|
# TODO add dyndn service
|
|||
|
|
|||
|
|
|||
|
|
|||
|
section "Creating root SSH key to connect"
|
|||
|
if [ -n "$(ls -A $secret_dir)" ]; then
|
|||
|
#die "Secret dir '$secret_dir' is not empty"
|
|||
|
yell "Secret dir is not empty. Wont save ssh key."
|
|||
|
else
|
|||
|
run export HOSTNAME="$hostname" && ssh-keygen -b 4096 -f "$secret_dir/id_rsa" -P ''
|
|||
|
run mkdir -p "$mnt/root/.ssh/"
|
|||
|
cat "$secret_dir/id_rsa.pub" >> "$mnt/root/.ssh/authorized_keys"
|
|||
|
fi
|
|||
|
|
|||
|
|
|||
|
section "Generating locales"
|
|||
|
chroot_run echo -e "$locale" > "/etc/locale.gen"
|
|||
|
chroot_run locale-gen
|
|||
|
|
|||
|
|
|||
|
section "Installing grub"
|
|||
|
# Disable predictable name (again)
|
|||
|
run sed -i 's/GRUB_CMDLINE_LINUX=""/GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"/g' "$mnt/etc/default/grub"
|
|||
|
chroot_run update-grub
|
|||
|
chroot_run grub-install "$boot_device"
|
|||
|
|
|||
|
|
|||
|
|
|||
|
if [ "$arg_test" != "false" ] ; then
|
|||
|
section "Testing installed system"
|
|||
|
run qemu-system-x86_64 -m 1024M "$boot_device"
|
|||
|
fi
|
|||
|
|
|||
|
echo "To test the system with qemu type:"
|
|||
|
echo "qemu-system-x86_64 -m 1024M '$boot_device'"
|
|||
|
|
|||
|
clean
|