diff options
author | Silvio Rhatto <rhatto@riseup.net> | 2015-09-24 13:16:22 -0300 |
---|---|---|
committer | Silvio Rhatto <rhatto@riseup.net> | 2015-09-24 13:16:22 -0300 |
commit | b0a45299b1d025dd0a7d17a877bca00d6b5e4598 (patch) | |
tree | c7c2a8344c2771e20fb426cb97c4bf8060b2021e | |
parent | c7a05881240c850c6550e02faf9d8c0f8ff32f40 (diff) | |
download | hydra-b0a45299b1d025dd0a7d17a877bca00d6b5e4598.tar.gz hydra-b0a45299b1d025dd0a7d17a877bca00d6b5e4598.tar.bz2 |
Provision: sudo support
-rw-r--r-- | lib/hydra/misc | 10 | ||||
-rw-r--r-- | share/config/provision/nas.conf | 2 | ||||
-rw-r--r-- | share/config/provision/router.conf | 2 | ||||
-rwxr-xr-x | share/hydractl/provision | 161 |
4 files changed, 96 insertions, 79 deletions
diff --git a/lib/hydra/misc b/lib/hydra/misc index 4275021..2c44503 100644 --- a/lib/hydra/misc +++ b/lib/hydra/misc @@ -6,6 +6,10 @@ function hydra_set_env { export CONFIG="$HOME/.hydra/config" export ACTION="$1" + if [ "`whoami`" != 'root' ]; then + SUDO="sudo" + fi + if [ ! -z "$HYDRA" ]; then export HYDRA_FOLDER="`hydra_eval_parameter $HYDRA`" export PREFERENCES="$HOME/.hydra/$HYDRA" @@ -108,6 +112,12 @@ function hydra_safe_run { hydra_exit_on_error $* } +# Run a command using sudo and abort on error +function hydra_sudo_run { + $SUDO $* + hydra_exit_on_error $* +} + # Determine the next debian release function hydra_next_debian_release { local release="$1" diff --git a/share/config/provision/nas.conf b/share/config/provision/nas.conf index cab4286..5916383 100644 --- a/share/config/provision/nas.conf +++ b/share/config/provision/nas.conf @@ -6,7 +6,7 @@ interactive="n" # Interactive mode? encrypt="y" # Encrypt volumes? garbage="y" # Pre-fill volumes with garbage? -disable_zeroing="y" # Disable zeroing of lvm volumes? +disable_zeroing="n" # Disable zeroing of lvm volumes? random_swap="y" # Random swap? arch="amd64" # System arch version="wheezy" # Distro version diff --git a/share/config/provision/router.conf b/share/config/provision/router.conf index 2eb24dd..f3b763a 100644 --- a/share/config/provision/router.conf +++ b/share/config/provision/router.conf @@ -6,7 +6,7 @@ interactive="n" # Interactive mode? encrypt="n" # Encrypt volumes? garbage="n" # Pre-fill volumes with garbage? -disable_zeroing="y" # Disable zeroing of lvm volumes? +disable_zeroing="n" # Disable zeroing of lvm volumes? random_swap="n" # Random swap? arch="amd64" # System arch version="wheezy" # Distro version diff --git a/share/hydractl/provision b/share/hydractl/provision index 268e101..bafc8b6 100755 --- a/share/hydractl/provision +++ b/share/hydractl/provision @@ -41,9 +41,9 @@ function hydra_provision_lvcreate { # See http://forums.funtoo.org/viewtopic.php?id=1206 # https://bbs.archlinux.org/viewtopic.php?id=124615 if [ "$disable_zeroing" == "y" ]; then - hydra_safe_run lvcreate -Z n $space -n $volume $vg + hydra_sudo_run lvcreate -Z n $space -n $volume $vg else - hydra_safe_run lvcreate $space -n $volume $vg + hydra_sudo_run lvcreate $space -n $volume $vg fi fi } @@ -51,7 +51,7 @@ function hydra_provision_lvcreate { # Cryptsetup wrapper. function hydra_cryptsetup { if [ ! -z "$1" ] && [ -b "$1" ]; then - hydra_safe_run cryptsetup --cipher aes-xts-plain64:sha256 --key-size 512 --hash sha512 --iter-time 5000 --use-random luksFormat $1 + hydra_sudo_run cryptsetup --cipher aes-xts-plain64:sha256 --key-size 512 --hash sha512 --iter-time 5000 --use-random luksFormat $1 fi } @@ -66,15 +66,15 @@ function hydra_provision_create_volume { if [ "$encrypt" == "y" ]; then echo "Creating encrypted $volume device..." hydra_cryptsetup /dev/mapper/$vg-$volume - hydra_safe_run cryptsetup luksOpen /dev/mapper/$vg-$volume provision-$volume - hydra_safe_run mkfs.ext4 /dev/mapper/provision-$volume + hydra_sudo_run cryptsetup luksOpen /dev/mapper/$vg-$volume provision-$volume + hydra_sudo_run mkfs.ext4 /dev/mapper/provision-$volume if [ "$volume" == "root" ]; then install_device="/dev/mapper/provision-root" fi else echo "Creating $volume device..." - mkfs.ext4 /dev/mapper/$vg-$volume + hydra_sudo_run mkfs.ext4 /dev/mapper/$vg-$volume if [ "$volume" == "root" ]; then install_device="/dev/mapper/$vg-root" @@ -154,13 +154,13 @@ if [ "$interactive" == "y" ]; then fi # Disk partitioning. -hydra_safe_run parted -s -- $device mklabel gpt -hydra_safe_run parted -s -- $device unit MB mkpart non-fs 2 3 -hydra_safe_run parted -s -- $device unit MB mkpart ext2 3 200 -hydra_safe_run parted -s -- $device unit MB mkpart ext2 200 -1 -hydra_safe_run parted -s -- $device set 1 bios_grub on -hydra_safe_run parted -s -- $device set 2 boot on -hydra_safe_run parted -s -- $device set 3 lvm on +hydra_sudo_run parted -s -- $device mklabel gpt +hydra_sudo_run parted -s -- $device unit MB mkpart non-fs 2 3 +hydra_sudo_run parted -s -- $device unit MB mkpart ext2 3 200 +hydra_sudo_run parted -s -- $device unit MB mkpart ext2 200 -1 +hydra_sudo_run parted -s -- $device set 1 bios_grub on +hydra_sudo_run parted -s -- $device set 2 boot on +hydra_sudo_run parted -s -- $device set 3 lvm on # Use absolute paths for devices. boot_device="$device"2 @@ -172,16 +172,16 @@ echo "Creating the needed disk volumes..." if ! pvdisplay $syst_device &> /dev/null; then echo "Creating physical volume..." - hydra_safe_run pvcreate $syst_device + hydra_sudo_run pvcreate $syst_device fi if ! vgdisplay $vg &> /dev/null; then echo "Creating volume group..." - hydra_safe_run vgcreate $vg $syst_device + hydra_sudo_run vgcreate $vg $syst_device fi # Create root partition. -hydra_safe_run vgchange -a y $vg +hydra_sudo_run vgchange -a y $vg hydra_provision_lvcreate root $root_size # Create swap partition @@ -203,33 +203,40 @@ fi if [ "$garbage" == "y" ]; then echo "Filling volumes with garbage..." - dd if=/dev/urandom of=/dev/mapper/$vg-root + hydra_sudo_run dd if=/dev/urandom of=/dev/mapper/$vg-root if [ -b "/dev/mapper/$vg-home" ]; then - dd if=/dev/urandom of=/dev/mapper/$vg-home + hydra_sudo_run dd if=/dev/urandom of=/dev/mapper/$vg-home fi if [ -b "/dev/mapper/$vg-var" ]; then - dd if=/dev/urandom of=/dev/mapper/$vg-var + hydra_sudo_run dd if=/dev/urandom of=/dev/mapper/$vg-var fi if [ "$swap_size" != "0" ]; then - dd if=/dev/urandom of=/dev/mapper/$vg-swap + hydra_sudo_run dd if=/dev/urandom of=/dev/mapper/$vg-swap fi fi +# Make sure that the mountpoint exists +hydra_sudo_run mkdir -p /tmp/debootstrap + # Setup mountpoint and make sure it's not mounted due to a failed install. -mkdir -p /tmp/debootstrap -umount /tmp/debootstrap &> /dev/null -for folder in proc dev home var boot sys; do - umount /tmp/debootstrap/$folder &> /dev/null -done +if cat /proc/mounts | cut -d ' ' -f 2 | grep -q "^/tmp/debootstrap$"; then + hydra_sudo_run umount /tmp/debootstrap + + for folder in proc dev home var boot sys; do + if cat /proc/mounts | cut -d ' ' -f 2 | grep -q "^/tmp/debootstrap/$folder$"; then + hydra_sudo_run umount /tmp/debootstrap/$folder + fi + done +fi # Create swap fs. if [ "$swap_size" != "0" ] && [ "$random_swap" != "y" ]; then hydra_cryptsetup /dev/mapper/$vg-swap - hydra_safe_run cryptsetup luksOpen /dev/mapper/$vg-swap provision-swap - hydra_safe_run mkswap /dev/mapper/provision-swap + hydra_sudo_run cryptsetup luksOpen /dev/mapper/$vg-swap provision-swap + hydra_sudo_run mkswap /dev/mapper/provision-swap fi # Create root fs @@ -246,120 +253,120 @@ if [ "$var_size" != "0" ]; then fi # Mount root volume. -hydra_safe_run mount $install_device /tmp/debootstrap/ +hydra_sudo_run mount $install_device /tmp/debootstrap/ # Mount additional volumes. if [ "$home_size" != "0" ]; then mkdir /tmp/debootstrap/home if [ "$encrypt" == "y" ]; then - hydra_safe_run mount /dev/mapper/provision-home /tmp/debootstrap/home + hydra_sudo_run mount /dev/mapper/provision-home /tmp/debootstrap/home else - hydra_safe_run mount /dev/mapper/$vg-home /tmp/debootstrap/home + hydra_sudo_run mount /dev/mapper/$vg-home /tmp/debootstrap/home fi fi if [ "$var_size" != "0" ]; then - mkdir /tmp/debootstrap/var + hydra_sudo_run mkdir /tmp/debootstrap/var if [ "$encrypt" == "y" ]; then - hydra_safe_run mount /dev/mapper/provision-var /tmp/debootstrap/var + hydra_sudo_run mount /dev/mapper/provision-var /tmp/debootstrap/var else - hydra_safe_run mount /dev/mapper/$vg-var /tmp/debootstrap/var + hydra_sudo_run mount /dev/mapper/$vg-var /tmp/debootstrap/var fi fi # Initial system install. echo "Installing base system..." -hydra_safe_run debootstrap --arch=$arch $version /tmp/debootstrap/ $mirror +hydra_sudo_run debootstrap --arch=$arch $version /tmp/debootstrap/ $mirror # Initial configuration. echo "Applying initial configuration..." -mount none -t proc /tmp/debootstrap/proc -mount none -t sysfs /tmp/debootstrap/sys -mount -o bind /dev/ /tmp/debootstrap/dev -echo LANG=C > /tmp/debootstrap/etc/default/locale +hydra_sudo_run mount none -t proc /tmp/debootstrap/proc +hydra_sudo_run mount none -t sysfs /tmp/debootstrap/sys +hydra_sudo_run mount -o bind /dev/ /tmp/debootstrap/dev +echo LANG=C | $SUDO tee /tmp/debootstrap/etc/default/locale # Resolver configuration. -echo "domain $domain" > /tmp/debootstrap/etc/resolv.conf -echo "search $hostname.$domain" >> /tmp/debootstrap/etc/resolv.conf -grep nameserver /etc/resolv.conf >> /tmp/debootstrap/etc/resolv.conf +echo "domain $domain" | $SUDO tee /tmp/debootstrap/etc/resolv.conf +echo "search $hostname.$domain" | $SUDO tee -a /tmp/debootstrap/etc/resolv.conf +grep nameserver /etc/resolv.conf | $SUDO tee -a /tmp/debootstrap/etc/resolv.conf # Hostname configuration. -echo $hostname.$domain > /tmp/debootstrap/etc/hostname -echo "127.0.0.1 localhost" >> /tmp/debootstrap/etc/hosts -echo "127.0.0.1 $hostname $hostname.$domain" >> /tmp/debootstrap/etc/hosts +echo $hostname.$domain | $SUDO tee /tmp/debootstrap/etc/hostname +echo "127.0.0.1 localhost" | $SUDO tee -a /tmp/debootstrap/etc/hosts +echo "127.0.0.1 $hostname $hostname.$domain" | $SUDO tee -a /tmp/debootstrap/etc/hosts # Invert hostname contents to avoid http://projects.puppetlabs.com/issues/2533 -tac /tmp/debootstrap/etc/hosts > /tmp/debootstrap/etc/hosts.new -mv /tmp/debootstrap/etc/hosts.new /tmp/debootstrap/etc/hosts +tac /tmp/debootstrap/etc/hosts | $SUDO tee /tmp/debootstrap/etc/hosts.new +hydra_sudo_run mv /tmp/debootstrap/etc/hosts.new /tmp/debootstrap/etc/hosts # Initial upgrade. echo "Applying initial upgrades..." -chroot /tmp/debootstrap/ apt-get update -chroot /tmp/debootstrap/ apt-get upgrade -y -chroot /tmp/debootstrap/ apt-get install locales cryptsetup lvm2 initramfs-tools -y +hydra_sudo_run chroot /tmp/debootstrap/ apt-get update +hydra_sudo_run chroot /tmp/debootstrap/ apt-get upgrade -y +hydra_sudo_run chroot /tmp/debootstrap/ apt-get install locales cryptsetup lvm2 initramfs-tools -y # Crypttab. echo "Configuring crypttab..." echo "# <target name> <source device> <key file> <options>" > /tmp/debootstrap/etc/crypttab if [ "$encrypt" == "y" ]; then - cat > /tmp/debootstrap/etc/crypttab <<-EOF + cat <<-EOF | $SUDO tee /tmp/debootstrap/etc/crypttab root /dev/mapper/$vg-root none luks EOF fi if [ "$home_size" != "0" ] && [ "$encrypt" == "y" ]; then - cat >> /tmp/debootstrap/etc/crypttab <<-EOF + cat <<-EOF | $SUDO tee -a /tmp/debootstrap/etc/crypttab home /dev/mapper/$vg-home none luks EOF fi if [ "$var_size" != "0" ] && [ "$encrypt" == "y" ]; then - cat >> /tmp/debootstrap/etc/crypttab <<-EOF + cat <<-EOF | $SUDO tee -a /tmp/debootstrap/etc/crypttab var /dev/mapper/$vg-var none luks EOF fi if [ "$swap_size" != "0" ] && [ "$random_swap" == "y" ]; then - cat >> /tmp/debootstrap/etc/crypttab <<-EOF + cat <<-EOF | $SUDO tee -a /tmp/debootstrap/etc/crypttab swap /dev/mapper/$vg-swap /dev/random swap,cipher=aes-xts-plain64:sha256 EOF fi if [ "$swap_size" != "0" ] && [ "$random_swap" != "y" ]; then - cat >> /tmp/debootstrap/etc/crypttab <<-EOF + cat <<-EOF | $SUDO tee -a /tmp/debootstrap/etc/crypttab swap /dev/mapper/$vg-swap none luks,swap EOF fi # Fstab. echo "Configuring fstab..." -echo "" > /tmp/debootstrap/etc/fstab +echo "" | hydra_safe_run tee /tmp/debootstrap/etc/fstab if [ "$swap_size" != "0" ]; then - cat >> /tmp/debootstrap/etc/fstab <<-EOF + cat <<-EOF | $SUDO tee -a /tmp/debootstrap/etc/fstab /dev/mapper/swap none swap sw 0 0 EOF fi if [ "$encrypt" == "y" ]; then - cat >> /tmp/debootstrap/etc/fstab <<-EOF + cat <<-EOF | $SUDO tee -a /tmp/debootstrap/etc/fstab /dev/mapper/root / ext4 defaults,errors=remount-ro 0 1 EOF else - cat >> /tmp/debootstrap/etc/fstab <<-EOF + cat <<-EOF | $SUDO tee -a /tmp/debootstrap/etc/fstab /dev/mapper/$vg-root / ext4 defaults,errors=remount-ro 0 1 EOF fi if [ "$home_size" != "0" ]; then if [ "$encrypt" == "y" ]; then - cat >> /tmp/debootstrap/etc/fstab <<-EOF + cat <<-EOF | $SUDO tee -a /tmp/debootstrap/etc/fstab /dev/mapper/home /home ext4 defaults,errors=remount-ro 0 2 EOF else - cat >> /tmp/debootstrap/etc/fstab <<-EOF + cat <<-EOF | $SUDO tee -a /tmp/debootstrap/etc/fstab /dev/mapper/$vg-home /home ext4 defaults,errors=remount-ro 0 2 EOF fi @@ -367,11 +374,11 @@ fi if [ "$var_size" != "0" ]; then if [ "$encrypt" == "y" ]; then - cat >> /tmp/debootstrap/etc/fstab <<-EOF + cat <<-EOF | $SUDO tee -a /tmp/debootstrap/etc/fstab /dev/mapper/var /var ext4 defaults,errors=remount-ro 0 2 EOF else - cat >> /tmp/debootstrap/etc/fstab <<-EOF + cat <<-EOF | $SUDO tee -a /tmp/debootstrap/etc/fstab /dev/mapper/$vg-var /var ext4 defaults,errors=remount-ro 0 2 EOF fi @@ -380,17 +387,17 @@ fi # Grub. if [ "$grub" == "y" ]; then echo "Boot device setup..." - hydra_safe_run mkfs.ext4 $boot_device - hydra_safe_run mount $boot_device /tmp/debootstrap/boot - echo "$reboot_device /boot ext4 defaults,errors=remount-ro 0 2" >> /tmp/debootstrap/etc/fstab + hydra_sudo_run mkfs.ext4 $boot_device + hydra_sudo_run mount $boot_device /tmp/debootstrap/boot + echo "$reboot_device /boot ext4 defaults,errors=remount-ro 0 2" | hydra_safe_run tee -a /tmp/debootstrap/etc/fstab echo "Setting up GRUB..." - hydra_safe_run chroot /tmp/debootstrap/ apt-get install grub-pc -y + hydra_sudo_run chroot /tmp/debootstrap/ apt-get install grub-pc -y fi # Kernel. echo "Installing kernel..." -cat > /tmp/debootstrap/etc/initramfs-tools/modules <<-EOF +cat <<-EOF | $SUDO tee /tmp/debootstrap/etc/initramfs-tools/modules dm-mod dm-crypt dm-raid @@ -399,7 +406,7 @@ twofish sha256 EOF -cat > /tmp/debootstrap/etc/kernel-img.conf <<-EOF +cat <<-EOF | $SUDO tee /tmp/debootstrap/etc/kernel-img.conf do_initrd = Yes EOF @@ -410,33 +417,33 @@ else fi if [ "$version" == "squeeze" ]; then - hydra_safe_run chroot /tmp/debootstrap apt-get install linux-image-2.6-vserver-$kernel_arch -y + hydra_sudo_run chroot /tmp/debootstrap apt-get install linux-image-2.6-vserver-$kernel_arch -y else - hydra_safe_run chroot /tmp/debootstrap apt-get install linux-image-$kernel_arch -y + hydra_sudo_run chroot /tmp/debootstrap apt-get install linux-image-$kernel_arch -y fi # Initramfs. echo "Creating initramfs..." -hydra_safe_run chroot /tmp/debootstrap update-initramfs -v -u +hydra_sudo_run chroot /tmp/debootstrap update-initramfs -v -u # Utils. echo "Installing basic utilities..." -chroot /tmp/debootstrap apt-get install screen cron lsb-release openssl -y +hydra_sudo_run chroot /tmp/debootstrap apt-get install screen cron lsb-release openssl -y # Ssh. echo "Installing OpenSSH daemon..." -chroot /tmp/debootstrap apt-get install openssh-server -y +hydra_sudo_run chroot /tmp/debootstrap apt-get install openssh-server -y echo "OpenSSH fingerprints:" -chroot /tmp/debootstrap ssh-keygen -l -f /etc/ssh/ssh_host_dsa_key.pub -chroot /tmp/debootstrap ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub +hydra_sudo_run chroot /tmp/debootstrap ssh-keygen -l -f /etc/ssh/ssh_host_dsa_key.pub +hydra_sudo_run chroot /tmp/debootstrap ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub # Accounts. echo "Installing sudo..." -chroot /tmp/debootstrap apt-get install sudo -y +hydra_sudo_run chroot /tmp/debootstrap apt-get install sudo -y echo "Choose a root password." -chroot /tmp/debootstrap passwd root +hydra_sudo_run chroot /tmp/debootstrap passwd root cat <<-EOF |