2016-08-12 01:38:13 +02:00
#!/bin/bash
2016-08-13 01:08:44 +02:00
# Créer les conteneurs Yunohost et les configure
2016-08-13 19:31:36 +02:00
# !!! Ce script est conçu pour être exécuté par l'user root.
2016-08-13 01:08:44 +02:00
2016-08-12 01:38:13 +02:00
# Récupère le dossier du script
if [ " ${ 0 : 0 : 1 } " = = "/" ] ; then script_dir = " $( dirname " $0 " ) " ; else script_dir = " $PWD / $( dirname " $0 " | cut -d '.' -f2) " ; fi
2016-08-13 19:31:36 +02:00
LOG = Build_lxc.log
LOG_BUILD_LXC = " $script_dir / $LOG "
PLAGE_IP = 10.1.5
IP_LXC1 = 10.1.5.3
IP_LXC2 = 10.1.5.4
ARG_SSH = -t
2016-08-16 15:36:12 +02:00
DOMAIN = $( cat " $script_dir /domain.ini " )
YUNO_PWD = demo
2016-08-12 17:35:14 +02:00
LXC_NAME1 = yunohost_demo1
LXC_NAME2 = yunohost_demo2
2016-08-13 22:05:38 +02:00
TIME_TO_SWITCH = 30
# En minutes
2016-09-07 23:31:11 +02:00
MAIL_ADDR = demo@yunohost.org
2016-08-12 01:38:13 +02:00
USER_DEMO = demo
PASSWORD_DEMO = demo
2016-08-16 15:36:12 +02:00
# Check root
2016-09-07 23:31:11 +02:00
# CHECK_ROOT=$EUID
# if [ -z "$CHECK_ROOT" ];then CHECK_ROOT=0;fi
# if [ $CHECK_ROOT -eq 0 ]
# then # $EUID est vide sur une exécution avec sudo. Et vaut 0 pour root
# echo "Le script ne doit pas être exécuté avec les droits root"
# exit 1
# fi
2016-08-16 15:36:12 +02:00
2016-08-12 01:38:13 +02:00
echo "> Création d'une machine debian jessie minimaliste" | tee -a " $LOG_BUILD_LXC "
2016-08-12 17:35:14 +02:00
sudo lxc-create -n $LXC_NAME1 -t debian -- -r jessie >> " $LOG_BUILD_LXC " 2>& 1
2016-08-12 01:38:13 +02:00
echo "> Active le bridge réseau" | tee -a " $LOG_BUILD_LXC "
sudo ifup lxc_demo --interfaces= /etc/network/interfaces.d/lxc_demo >> " $LOG_BUILD_LXC " 2>& 1
echo "> Configuration réseau du conteneur" | tee -a " $LOG_BUILD_LXC "
2016-08-12 17:35:14 +02:00
sudo sed -i " s/^lxc.network.type = empty $/lxc.network.type = veth\nlxc.network.flags = up\nlxc.network.link = lxc_demo\nlxc.network.name = eth0\nlxc.network.veth.pair = $LXC_NAME1 \nlxc.network.hwaddr = 00:FF:AA:00:00:03/ " /var/lib/lxc/$LXC_NAME1 /config >> " $LOG_BUILD_LXC " 2>& 1
2016-08-12 01:38:13 +02:00
echo "> Configuration réseau de la machine virtualisée" | tee -a " $LOG_BUILD_LXC "
2016-08-13 19:31:36 +02:00
sudo sed -i " s@iface eth0 inet dhcp@iface eth0 inet static\n\taddress $IP_LXC1 /24\n\tgateway $PLAGE_IP .1@ " /var/lib/lxc/$LXC_NAME1 /rootfs/etc/network/interfaces >> " $LOG_BUILD_LXC " 2>& 1
2016-08-12 01:38:13 +02:00
echo "> Configure le parefeu" | tee -a " $LOG_BUILD_LXC "
sudo iptables -A FORWARD -i lxc_demo -o eth0 -j ACCEPT >> " $LOG_BUILD_LXC " 2>& 1
sudo iptables -A FORWARD -i eth0 -o lxc_demo -j ACCEPT >> " $LOG_BUILD_LXC " 2>& 1
sudo iptables -t nat -A POSTROUTING -s $PLAGE_IP .0/24 -j MASQUERADE >> " $LOG_BUILD_LXC " 2>& 1
echo "> Démarrage de la machine" | tee -a " $LOG_BUILD_LXC "
2016-08-12 17:35:14 +02:00
sudo lxc-start -n $LXC_NAME1 -d >> " $LOG_BUILD_LXC " 2>& 1
2016-08-12 01:38:13 +02:00
sleep 3
sudo lxc-ls -f >> " $LOG_BUILD_LXC " 2>& 1
echo "> Update et install tasksel sudo git" | tee -a " $LOG_BUILD_LXC "
2016-08-12 17:35:14 +02:00
sudo lxc-attach -n $LXC_NAME1 -- apt-get update
sudo lxc-attach -n $LXC_NAME1 -- apt-get install -y tasksel sudo git
2016-08-12 01:38:13 +02:00
echo "> Installation des paquets standard et ssh-server" | tee -a " $LOG_BUILD_LXC "
tasksell_exit = 1
while [ " $tasksell_exit " -ne 0 ]
do
2016-08-12 17:35:14 +02:00
sudo lxc-attach -n $LXC_NAME1 -- tasksel install standard ssh-server
2016-08-12 01:38:13 +02:00
tasksell_exit = $?
done
echo "> Renseigne /etc/hosts sur l'invité" | tee -a " $LOG_BUILD_LXC "
2016-08-12 17:35:14 +02:00
echo " 127.0.0.1 $LXC_NAME1 " | sudo tee -a /var/lib/lxc/$LXC_NAME1 /rootfs/etc/hosts >> " $LOG_BUILD_LXC " 2>& 1
2016-08-12 01:38:13 +02:00
echo "> Ajoute l'user ssh_demo (avec un mot de passe à revoir...)" | tee -a " $LOG_BUILD_LXC "
2016-08-12 17:35:14 +02:00
sudo lxc-attach -n $LXC_NAME1 -- useradd -m -p ssh_demo ssh_demo >> " $LOG_BUILD_LXC " 2>& 1
2016-08-12 01:38:13 +02:00
2016-08-13 01:08:44 +02:00
echo "> Autorise ssh_demo à utiliser sudo sans mot de passe" | tee -a " $LOG_BUILD_LXC "
echo "ssh_demo ALL=(ALL:ALL) NOPASSWD: ALL" | sudo tee -a /var/lib/lxc/$LXC_NAME1 /rootfs/etc/sudoers >> " $LOG_BUILD_LXC " 2>& 1
2016-08-12 01:38:13 +02:00
echo "> Mise en place de la connexion ssh vers l'invité." | tee -a " $LOG_BUILD_LXC "
2016-08-12 17:35:14 +02:00
sudo mkdir /var/lib/lxc/$LXC_NAME1 /rootfs/home/ssh_demo/.ssh >> " $LOG_BUILD_LXC " 2>& 1
sudo cp $HOME /.ssh/$LXC_NAME1 .pub /var/lib/lxc/$LXC_NAME1 /rootfs/home/ssh_demo/.ssh/authorized_keys >> " $LOG_BUILD_LXC " 2>& 1
sudo lxc-attach -n $LXC_NAME1 -- chown ssh_demo -R /home/ssh_demo/.ssh >> " $LOG_BUILD_LXC " 2>& 1
2016-08-12 01:38:13 +02:00
2016-08-12 17:35:14 +02:00
ssh $ARG_SSH $LXC_NAME1 "exit 0" # Initie une premier connexion SSH pour valider la clé.
2016-08-12 01:38:13 +02:00
if [ " $? " -ne 0 ] ; then # Si l'utilisateur tarde trop, la connexion sera refusée... ???
2016-08-12 17:35:14 +02:00
ssh $ARG_SSH $LXC_NAME1 "exit 0" # Initie une premier connexion SSH pour valider la clé.
2016-08-12 01:38:13 +02:00
fi
2016-08-12 17:35:14 +02:00
ssh $ARG_SSH $LXC_NAME1 "git clone https://github.com/YunoHost/install_script /tmp/install_script" >> " $LOG_BUILD_LXC " 2>& 1
2016-08-12 01:38:13 +02:00
echo "> Installation de Yunohost..." | tee -a " $LOG_BUILD_LXC "
2016-08-12 17:35:14 +02:00
ssh $ARG_SSH $LXC_NAME1 "cd /tmp/install_script; sudo ./install_yunohost -a" | tee -a " $LOG_BUILD_LXC " 2>& 1
2016-08-12 01:38:13 +02:00
echo "> Post install Yunohost" | tee -a " $LOG_BUILD_LXC "
2016-08-12 17:35:14 +02:00
ssh $ARG_SSH $LXC_NAME1 " sudo yunohost tools postinstall --domain $DOMAIN --password $YUNO_PWD " | tee -a " $LOG_BUILD_LXC " 2>& 1
2016-08-12 01:38:13 +02:00
USER_DEMO_CLEAN = ${ USER_DEMO // "_" / "" }
2016-08-13 01:08:44 +02:00
echo "> Ajout de l'utilisateur de demo" | tee -a " $LOG_BUILD_LXC "
2016-08-12 17:35:14 +02:00
ssh $ARG_SSH $LXC_NAME1 " sudo yunohost user create --firstname \" $USER_DEMO_CLEAN \" --mail \" $USER_DEMO_CLEAN @ $DOMAIN \" --lastname \" $USER_DEMO_CLEAN \" --password \" $PASSWORD_DEMO \" \" $USER_DEMO \" --admin-password=\" $YUNO_PWD \" "
2016-08-12 01:38:13 +02:00
2016-08-16 15:36:12 +02:00
# echo "> Ajout du certificat SSL via Let's encrypt" | tee -a "$LOG_BUILD_LXC"
# ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install https://github.com/YunoHost-Apps/letsencrypt_ynh -a \"domain=$DOMAIN&admin=$USER_DEMO&installForAllDomains=Yes\""
2016-08-12 01:38:13 +02:00
echo -e "\n> Vérification de l'état de Yunohost" | tee -a " $LOG_BUILD_LXC "
2016-08-12 17:35:14 +02:00
ssh $ARG_SSH $LXC_NAME1 "sudo yunohost -v" | tee -a " $LOG_BUILD_LXC " 2>& 1
2016-08-12 01:38:13 +02:00
echo "> Arrêt de la machine virtualisée" | tee -a " $LOG_BUILD_LXC "
2016-08-12 17:35:14 +02:00
sudo lxc-stop -n $LXC_NAME1 >> " $LOG_BUILD_LXC " 2>& 1
2016-08-12 01:38:13 +02:00
echo "> Suppression des règles de parefeu" | tee -a " $LOG_BUILD_LXC "
sudo iptables -D FORWARD -i lxc_demo -o eth0 -j ACCEPT >> " $LOG_BUILD_LXC " 2>& 1
sudo iptables -D FORWARD -i eth0 -o lxc_demo -j ACCEPT >> " $LOG_BUILD_LXC " 2>& 1
sudo iptables -t nat -D POSTROUTING -s $PLAGE_IP .0/24 -j MASQUERADE >> " $LOG_BUILD_LXC " 2>& 1
sudo ifdown --force lxc_demo >> " $LOG_BUILD_LXC " 2>& 1
echo "> Création d'un snapshot" | tee -a " $LOG_BUILD_LXC "
2016-08-12 17:35:14 +02:00
sudo lxc-snapshot -n $LXC_NAME1 >> " $LOG_BUILD_LXC " 2>& 1
# Il sera nommé snap0 et stocké dans /var/lib/lxcsnaps/$LXC_NAME1/snap0/
echo "> Clone la machine" | tee -a " $LOG_BUILD_LXC "
sudo sudo lxc-clone -o $LXC_NAME1 -n $LXC_NAME2 >> " $LOG_BUILD_LXC " 2>& 1
2016-08-12 01:38:13 +02:00
2016-08-13 19:31:36 +02:00
echo "> Modification de l'ip du clone" | tee -a " $LOG_BUILD_LXC "
sudo sed -i " s@address $IP_LXC1 @address $IP_LXC2 @ " /var/lib/lxc/$LXC_NAME2 /rootfs/etc/network/interfaces >> " $LOG_BUILD_LXC " 2>& 1
echo "> Et le nom du veth" | tee -a " $LOG_BUILD_LXC "
2016-08-13 22:05:38 +02:00
sudo sed -i " s@^lxc.network.veth.pair = $LXC_NAME1 @lxc.network.veth.pair = $LXC_NAME2 @ " /var/lib/lxc/$LXC_NAME2 /config >> " $LOG_BUILD_LXC " 2>& 1
2016-08-16 15:36:12 +02:00
echo "> Et enfin renseigne /etc/hosts sur le clone" | tee -a " $LOG_BUILD_LXC "
sudo sed -i " s@^127.0.0.1 $LXC_NAME1 @127.0.0.1 $LXC_NAME2 @ " /var/lib/lxc/$LXC_NAME2 /rootfs/etc/hosts >> " $LOG_BUILD_LXC " 2>& 1
2016-08-13 19:31:36 +02:00
2016-08-16 15:36:12 +02:00
echo "> Mise en place du cron de switch"
echo | sudo tee /etc/cron.d/demo_switch <<EOF > /dev/null
2016-08-12 18:07:01 +02:00
# Switch des conteneurs toutes les $TIME_TO_SWITCH minutes
2016-08-13 19:31:36 +02:00
*/$TIME_TO_SWITCH * * * * root $script_dir /demo_switch.sh >> " $script_dir /demo_switch.log " 2>& 1
2016-08-12 18:07:01 +02:00
EOF
2016-08-16 15:36:12 +02:00
echo "> Et du cron d'upgrade"
echo | sudo tee /etc/cron.d/demo_upgrade <<EOF > /dev/null
2016-08-13 22:05:38 +02:00
# Vérifie les mises à jour des conteneurs de demo, lorsqu'ils ne sont pas utilisés, à partir de 3h2minutes chaque nuit. Attention à rester sur un multiple du temps de switch.
2 3 * * * root $script_dir /demo_switch.sh >> " $script_dir /demo_upgrade.log " 2>& 1
2016-08-13 01:08:44 +02:00
EOF
2016-08-12 18:07:01 +02:00
2016-08-16 15:36:12 +02:00
echo "> Démarrage de la démo"
2016-08-13 01:08:44 +02:00
" $script_dir /demo_start.sh "
2016-08-13 19:31:36 +02:00
# Après le démarrage du premier conteneur, fait un snapshot du deuxième.
echo "> Création d'un snapshot pour le 2e conteneur" | tee -a " $LOG_BUILD_LXC "
sudo lxc-snapshot -n $LXC_NAME2 >> " $LOG_BUILD_LXC " 2>& 1
# Il sera nommé snap0 et stocké dans /var/lib/lxcsnaps/$LXC_NAME2/snap0/
