diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..f0ff6f7 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +*.swp +*~ +Notes diff --git a/demo_lxc_build.sh b/demo_lxc_build.sh index 0d9767f..5f2e41d 100755 --- a/demo_lxc_build.sh +++ b/demo_lxc_build.sh @@ -1,13 +1,15 @@ #!/bin/bash +# Créer les conteneurs Yunohost et les configure + # Récupère le dossier du script if [ "${0:0:1}" == "/" ]; then script_dir="$(dirname "$0")"; else script_dir="$PWD/$(dirname "$0" | cut -d '.' -f2)"; fi -LOG_BUILD_LXC="$script_dir/Build_lxc.log" +LOG_BUILD_LXC="/var/log/lxc_demo/Build_lxc.log" PLAGE_IP="10.1.5" -IP_LXC=$PLAGE_IP.3 +IP_LXC="10.1.5.3" ARG_SSH="-t" -DOMAIN=demotest1.nohost.me +DOMAIN=demotest1.tld YUNO_PWD=admin LXC_NAME1=yunohost_demo1 LXC_NAME2=yunohost_demo2 @@ -16,37 +18,9 @@ TIME_TO_SWITCH=30 # En minutes USER_DEMO=demo PASSWORD_DEMO=demo - -# Check root -CHECK_ROOT=$EUID -if [ -z "$CHECK_ROOT" ];then CHECK_ROOT=0;fi -if [ $CHECK_ROOT -eq 0 ] -then # $EUID est vide sur une exécution avec sudo. Et vaut 0 pour root - echo "Le script ne doit pas être exécuté avec les droits root" - exit 1 -fi - -echo "> Update et install lxc lxctl" | tee "$LOG_BUILD_LXC" -sudo apt-get update >> "$LOG_BUILD_LXC" 2>&1 -sudo apt-get install -y lxc lxctl >> "$LOG_BUILD_LXC" 2>&1 - echo "> Création d'une machine debian jessie minimaliste" | tee -a "$LOG_BUILD_LXC" sudo lxc-create -n $LXC_NAME1 -t debian -- -r jessie >> "$LOG_BUILD_LXC" 2>&1 -echo "> Autoriser l'ip forwarding, pour router vers la machine virtuelle." | tee -a "$LOG_BUILD_LXC" -echo "net.ipv4.ip_forward=1" | sudo tee /etc/sysctl.d/lxc_pchecker.conf >> "$LOG_BUILD_LXC" 2>&1 -sudo sysctl -p /etc/sysctl.d/lxc_demo.conf >> "$LOG_BUILD_LXC" 2>&1 - -echo "> Ajoute un brige réseau pour la machine virtualisée" | tee -a "$LOG_BUILD_LXC" -echo | sudo tee /etc/network/interfaces.d/lxc_demo <> "$LOG_BUILD_LXC" 2>&1 -auto lxc_demo -iface lxc_demo inet static - address $PLAGE_IP.1/24 - bridge_ports none - bridge_fd 0 - bridge_maxwait 0 -EOF - echo "> Active le bridge réseau" | tee -a "$LOG_BUILD_LXC" sudo ifup lxc_demo --interfaces=/etc/network/interfaces.d/lxc_demo >> "$LOG_BUILD_LXC" 2>&1 @@ -82,27 +56,14 @@ echo "127.0.0.1 $LXC_NAME1" | sudo tee -a /var/lib/lxc/$LXC_NAME1/rootfs/etc/hos echo "> Ajoute l'user ssh_demo (avec un mot de passe à revoir...)" | tee -a "$LOG_BUILD_LXC" sudo lxc-attach -n $LXC_NAME1 -- useradd -m -p ssh_demo ssh_demo >> "$LOG_BUILD_LXC" 2>&1 -echo "> Autorise pchecker à utiliser sudo sans mot de passe" | tee -a "$LOG_BUILD_LXC" -echo "pchecker ALL=(ALL:ALL) NOPASSWD: ALL" | sudo tee -a /var/lib/lxc/$LXC_NAME1/rootfs/etc/sudoers >> "$LOG_BUILD_LXC" 2>&1 +echo "> Autorise ssh_demo à utiliser sudo sans mot de passe" | tee -a "$LOG_BUILD_LXC" +echo "ssh_demo ALL=(ALL:ALL) NOPASSWD: ALL" | sudo tee -a /var/lib/lxc/$LXC_NAME1/rootfs/etc/sudoers >> "$LOG_BUILD_LXC" 2>&1 echo "> Mise en place de la connexion ssh vers l'invité." | tee -a "$LOG_BUILD_LXC" -if [ -e $HOME/.ssh/$LXC_NAME1 ]; then - rm -f $HOME/.ssh/$LXC_NAME1 $HOME/.ssh/$LXC_NAME1.pub - ssh-keygen -f $HOME/.ssh/known_hosts -R $IP_LXC -fi -ssh-keygen -t dsa -f $HOME/.ssh/$LXC_NAME1 -P '' >> "$LOG_BUILD_LXC" 2>&1 sudo mkdir /var/lib/lxc/$LXC_NAME1/rootfs/home/ssh_demo/.ssh >> "$LOG_BUILD_LXC" 2>&1 sudo cp $HOME/.ssh/$LXC_NAME1.pub /var/lib/lxc/$LXC_NAME1/rootfs/home/ssh_demo/.ssh/authorized_keys >> "$LOG_BUILD_LXC" 2>&1 sudo lxc-attach -n $LXC_NAME1 -- chown ssh_demo -R /home/ssh_demo/.ssh >> "$LOG_BUILD_LXC" 2>&1 -echo | tee -a $HOME/.ssh/config <> "$LOG_BUILD_LXC" 2>&1 -# ssh $LXC_NAME1 -Host $LXC_NAME1 -Hostname $IP_LXC -User ssh_demo -IdentityFile $HOME/.ssh/$LXC_NAME1 -EOF - ssh $ARG_SSH $LXC_NAME1 "exit 0" # Initie une premier connexion SSH pour valider la clé. if [ "$?" -ne 0 ]; then # Si l'utilisateur tarde trop, la connexion sera refusée... ??? ssh $ARG_SSH $LXC_NAME1 "exit 0" # Initie une premier connexion SSH pour valider la clé. @@ -115,7 +76,7 @@ echo "> Post install Yunohost" | tee -a "$LOG_BUILD_LXC" ssh $ARG_SSH $LXC_NAME1 "sudo yunohost tools postinstall --domain $DOMAIN --password $YUNO_PWD" | tee -a "$LOG_BUILD_LXC" 2>&1 USER_DEMO_CLEAN=${USER_DEMO//"_"/""} -echo "> Ajout de l'utilisateur de test" | tee -a "$LOG_BUILD_LXC" +echo "> Ajout de l'utilisateur de demo" | tee -a "$LOG_BUILD_LXC" ssh $ARG_SSH $LXC_NAME1 "sudo yunohost user create --firstname \"$USER_DEMO_CLEAN\" --mail \"$USER_DEMO_CLEAN@$DOMAIN\" --lastname \"$USER_DEMO_CLEAN\" --password \"$PASSWORD_DEMO\" \"$USER_DEMO\" --admin-password=\"$YUNO_PWD\"" echo -e "\n> Vérification de l'état de Yunohost" | tee -a "$LOG_BUILD_LXC" @@ -138,51 +99,16 @@ sudo lxc-snapshot -n $LXC_NAME1 >> "$LOG_BUILD_LXC" 2>&1 echo "> Clone la machine" | tee -a "$LOG_BUILD_LXC" sudo sudo lxc-clone -o $LXC_NAME1 -n $LXC_NAME2 >> "$LOG_BUILD_LXC" 2>&1 -echo "> Mise en place du reverse proxy" | tee -a "$LOG_BUILD_LXC" -echo | sudo tee /etc/nginx/conf.d/$DOMAIN.conf < /dev/null 2>&1 EOF - -# Mise en place de HAProxy -# [...] +# Et du cron d'upgrade +echo | sudo tee /etc/cron.d/demo_upgrade < /dev/null 2>&1 +EOF # Démarrage de la démo -"./$script_dir/demo_start.sh" +"$script_dir/demo_start.sh" diff --git a/demo_lxc_build_init.sh b/demo_lxc_build_init.sh new file mode 100755 index 0000000..f3f1bec --- /dev/null +++ b/demo_lxc_build_init.sh @@ -0,0 +1,104 @@ +#!/bin/bash + +# Installe LXC et les paramètres réseaux avant de procéder au build. + +# Récupère le dossier du script +if [ "${0:0:1}" == "/" ]; then script_dir="$(dirname "$0")"; else script_dir="$PWD/$(dirname "$0" | cut -d '.' -f2)"; fi + +LOG_BUILD_LXC="$(cat "$script_dir/demo_lxc_build.sh" | grep LOG_BUILD_LXC= | cut -d '=' -f2)" +LXC_NAME1=$(cat "$script_dir/demo_lxc_build.sh" | grep LXC_NAME1= | cut -d '=' -f2) +LXC_NAME2=$(cat "$script_dir/demo_lxc_build.sh" | grep LXC_NAME2= | cut -d '=' -f2) +PLAGE_IP=$(cat "$script_dir/demo_lxc_build.sh" | grep PLAGE_IP= | cut -d '=' -f2) +IP_LXC=$(cat "$script_dir/demo_lxc_build.sh" | grep IP_LXC= | cut -d '=' -f2) +DOMAIN=$(cat "$script_dir/demo_lxc_build.sh" | grep DOMAIN= | cut -d '=' -f2) + +# Créer le dossier de log +sudo mkdir -p $(dirname $LOG_BUILD_LXC) + +echo "> Update et install lxc lxctl" | tee "$LOG_BUILD_LXC" +sudo apt-get update >> "$LOG_BUILD_LXC" 2>&1 +sudo apt-get install -y lxc lxctl >> "$LOG_BUILD_LXC" 2>&1 + +echo "> Autoriser l'ip forwarding, pour router vers la machine virtuelle." | tee -a "$LOG_BUILD_LXC" +echo "net.ipv4.ip_forward=1" | sudo tee /etc/sysctl.d/lxc_demo.conf >> "$LOG_BUILD_LXC" 2>&1 +sudo sysctl -p /etc/sysctl.d/lxc_demo.conf >> "$LOG_BUILD_LXC" 2>&1 + +echo "> Ajoute un brige réseau pour la machine virtualisée" | tee -a "$LOG_BUILD_LXC" +echo | sudo tee /etc/network/interfaces.d/lxc_demo <> "$LOG_BUILD_LXC" 2>&1 +auto lxc_demo +iface lxc_demo inet static + address $PLAGE_IP.1/24 + bridge_ports none + bridge_fd 0 + bridge_maxwait 0 +EOF + +echo "> Active le bridge réseau" | tee -a "$LOG_BUILD_LXC" +sudo ifup lxc_demo --interfaces=/etc/network/interfaces.d/lxc_demo >> "$LOG_BUILD_LXC" 2>&1 + +echo "> Mise en place de la connexion ssh vers l'invité." | tee -a "$LOG_BUILD_LXC" +if [ -e $HOME/.ssh/$LXC_NAME1 ]; then + rm -f $HOME/.ssh/$LXC_NAME1 $HOME/.ssh/$LXC_NAME1.pub + ssh-keygen -f $HOME/.ssh/known_hosts -R $IP_LXC +fi +ssh-keygen -t dsa -f $HOME/.ssh/$LXC_NAME1 -P '' >> "$LOG_BUILD_LXC" 2>&1 + +echo | tee -a $HOME/.ssh/config <> "$LOG_BUILD_LXC" 2>&1 +# ssh $LXC_NAME1 +Host $LXC_NAME1 +Host $LXC_NAME2 +Hostname $IP_LXC +User ssh_demo +IdentityFile $HOME/.ssh/$LXC_NAME1 +EOF + +echo "> Mise en place du reverse proxy" | tee -a "$LOG_BUILD_LXC" +echo | sudo tee /etc/nginx/conf.d/$DOMAIN.conf < Suppression des conteneurs et de leur snapshots" +sudo lxc-snapshot -n $LXC_NAME1 -d snap0 +sudo rm -f /var/lib/lxcsnaps/$LXC_NAME1/snap0.tar.gz +sudo lxc-destroy -n $LXC_NAME1 -f +sudo lxc-snapshot -n $LXC_NAME2 -d snap0 +sudo rm -f /var/lib/lxcsnaps/$LXC_NAME2/snap0.tar.gz +sudo lxc-destroy -n $LXC_NAME2 -f + +# Suppression des crons +sudo rm /etc/cron.d/demo_switch +sudo rm /etc/cron.d/demo_upgrade diff --git a/demo_lxc_remove.sh b/demo_lxc_remove.sh new file mode 100755 index 0000000..e18796c --- /dev/null +++ b/demo_lxc_remove.sh @@ -0,0 +1,29 @@ +#!/bin/bash + +# Purge l'ensemble de la config lxc pour les conteneurs de demo. +# Il sera nécessaire de lancer le script demo_lxc_build_init.sh pour réinstaller l'ensemble le cas échéant. + +# Récupère le dossier du script +if [ "${0:0:1}" == "/" ]; then script_dir="$(dirname "$0")"; else script_dir="$PWD/$(dirname "$0" | cut -d '.' -f2)"; fi + +LXC_NAME1=$(cat "$script_dir/lxc_build.sh" | grep LXC_NAME1= | cut -d '=' -f2) + +"$script_dir/demo_lxc_destroy.sh" + +echo "> Retire l'ip forwarding." +sudo rm /etc/sysctl.d/lxc_demo.conf +sudo sysctl -p + +echo "> Supprime le brige réseau" +sudo rm /etc/network/interfaces.d/lxc_demo + +echo "> Remove lxc lxctl" +sudo apt-get remove lxc lxctl + +echo "> Suppression des lignes de pchecker_lxc dans .ssh/config" +BEGIN_LINE=$(cat $HOME/.ssh/config | grep -n "^# ssh $LXC_NAME1$" | cut -d':' -f 1) +sed -i "$BEGIN_LINE,/^IdentityFile/d" $HOME/.ssh/config + +# Suppression de la clé SSH... +# Suppression du reverse proxy ? +# Suppression de la config haproxy diff --git a/demo_start.sh b/demo_start.sh index 5163a4a..469860c 100755 --- a/demo_start.sh +++ b/demo_start.sh @@ -1,12 +1,14 @@ #!/bin/bash +# Démarre le premier conteneur de demo et active la config réseau dédiée. + # Récupère le dossier du script if [ "${0:0:1}" == "/" ]; then script_dir="$(dirname "$0")"; else script_dir="$PWD/$(dirname "$0" | cut -d '.' -f2)"; fi -PLAGE_IP=$(cat "$script_dir/demo_lxc_build.sh" | grep PLAGE_IP= | cut -d '"' -f2) -LXC_NAME=$(cat "$script_dir/demo_lxc_build.sh" | grep LXC_NAME1= | cut -d '"' -f2) +PLAGE_IP=$(cat "$script_dir/demo_lxc_build.sh" | grep PLAGE_IP= | cut -d '=' -f2) +LXC_NAME=$(cat "$script_dir/demo_lxc_build.sh" | grep LXC_NAME1= | cut -d '=' -f2) -"./$script_dir/demo_stop.sh" +"$script_dir/demo_stop.sh" echo "Initialisation du réseau pour le conteneur." if ! sudo ifquery lxc_demo --state > /dev/null; then diff --git a/demo_stop.sh b/demo_stop.sh index e5f2411..4d5adcf 100755 --- a/demo_stop.sh +++ b/demo_stop.sh @@ -1,11 +1,13 @@ #!/bin/bash +# Stoppe les conteneurs de demo et arrête la config réseau dédiée. + # Récupère le dossier du script if [ "${0:0:1}" == "/" ]; then script_dir="$(dirname "$0")"; else script_dir="$PWD/$(dirname "$0" | cut -d '.' -f2)"; fi -PLAGE_IP=$(cat "$script_dir/demo_lxc_build.sh" | grep PLAGE_IP= | cut -d '"' -f2) -LXC_NAME1=$(cat "$script_dir/demo_lxc_build.sh" | grep LXC_NAME1= | cut -d '"' -f2) -LXC_NAME2=$(cat "$script_dir/demo_lxc_build.sh" | grep LXC_NAME2= | cut -d '"' -f2) +PLAGE_IP=$(cat "$script_dir/demo_lxc_build.sh" | grep PLAGE_IP= | cut -d '=' -f2) +LXC_NAME1=$(cat "$script_dir/demo_lxc_build.sh" | grep LXC_NAME1= | cut -d '=' -f2) +LXC_NAME2=$(cat "$script_dir/demo_lxc_build.sh" | grep LXC_NAME2= | cut -d '=' -f2) echo "> Arrêt de la machine virtualisée" if [ $(sudo lxc-info --name $LXC_NAME1 | grep -c "STOPPED") -eq 0 ]; then diff --git a/demo_switch.sh b/demo_switch.sh index 2eed2d2..09bed6d 100755 --- a/demo_switch.sh +++ b/demo_switch.sh @@ -1,11 +1,14 @@ #!/bin/bash +# Script de switch entre les 2 conteneurs de demo. +# Ce script n'a vocation qu'a être dans un cron + # Récupère le dossier du script if [ "${0:0:1}" == "/" ]; then script_dir="$(dirname "$0")"; else script_dir="$PWD/$(dirname "$0" | cut -d '.' -f2)"; fi -PLAGE_IP=$(cat "$script_dir/demo_lxc_build.sh" | grep PLAGE_IP= | cut -d '"' -f2) -LXC_NAME1=$(cat "$script_dir/demo_lxc_build.sh" | grep LXC_NAME1= | cut -d '"' -f2) -LXC_NAME2=$(cat "$script_dir/demo_lxc_build.sh" | grep LXC_NAME2= | cut -d '"' -f2) +PLAGE_IP=$(cat "$script_dir/demo_lxc_build.sh" | grep PLAGE_IP= | cut -d '=' -f2) +LXC_NAME1=$(cat "$script_dir/demo_lxc_build.sh" | grep LXC_NAME1= | cut -d '=' -f2) +LXC_NAME2=$(cat "$script_dir/demo_lxc_build.sh" | grep LXC_NAME2= | cut -d '=' -f2) # Vérifie l'état des machines. if [ $(sudo lxc-info --name $LXC_NAME1 | grep -c "STOPPED") -eq 0 ]; then # Si la machine 1 est démarrée. diff --git a/demo_upgrade.sh b/demo_upgrade.sh index 6d5b3dc..21bccdc 100755 --- a/demo_upgrade.sh +++ b/demo_upgrade.sh @@ -1,12 +1,15 @@ #!/bin/bash +# Script d'upgrade des 2 conteneurs de demo. +# Ce script n'a vocation qu'a être dans un cron + # Récupère le dossier du script if [ "${0:0:1}" == "/" ]; then script_dir="$(dirname "$0")"; else script_dir="$PWD/$(dirname "$0" | cut -d '.' -f2)"; fi -PLAGE_IP=$(cat "$script_dir/demo_lxc_build.sh" | grep PLAGE_IP= | cut -d '"' -f2) -LXC_NAME1=$(cat "$script_dir/demo_lxc_build.sh" | grep LXC_NAME1= | cut -d '"' -f2) -LXC_NAME2=$(cat "$script_dir/demo_lxc_build.sh" | grep LXC_NAME2= | cut -d '"' -f2) -TIME_TO_SWITCH=$(cat "$script_dir/demo_lxc_build.sh" | grep TIME_TO_SWITCH= | cut -d '"' -f2) +PLAGE_IP=$(cat "$script_dir/demo_lxc_build.sh" | grep PLAGE_IP= | cut -d '=' -f2) +LXC_NAME1=$(cat "$script_dir/demo_lxc_build.sh" | grep LXC_NAME1= | cut -d '=' -f2) +LXC_NAME2=$(cat "$script_dir/demo_lxc_build.sh" | grep LXC_NAME2= | cut -d '=' -f2) +TIME_TO_SWITCH=$(cat "$script_dir/demo_lxc_build.sh" | grep TIME_TO_SWITCH= | cut -d '=' -f2) UPGRADE_DEMO_CONTAINER () { # Démarrage, upgrade et snapshot MACHINE=$1