summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2015-09-24 13:16:22 -0300
committerSilvio Rhatto <rhatto@riseup.net>2015-09-24 13:16:22 -0300
commitb0a45299b1d025dd0a7d17a877bca00d6b5e4598 (patch)
treec7c2a8344c2771e20fb426cb97c4bf8060b2021e
parentc7a05881240c850c6550e02faf9d8c0f8ff32f40 (diff)
downloadhydra-b0a45299b1d025dd0a7d17a877bca00d6b5e4598.tar.gz
hydra-b0a45299b1d025dd0a7d17a877bca00d6b5e4598.tar.bz2
Provision: sudo support
-rw-r--r--lib/hydra/misc10
-rw-r--r--share/config/provision/nas.conf2
-rw-r--r--share/config/provision/router.conf2
-rwxr-xr-xshare/hydractl/provision161
4 files changed, 96 insertions, 79 deletions
diff --git a/lib/hydra/misc b/lib/hydra/misc
index 4275021..2c44503 100644
--- a/lib/hydra/misc
+++ b/lib/hydra/misc
@@ -6,6 +6,10 @@ function hydra_set_env {
export CONFIG="$HOME/.hydra/config"
export ACTION="$1"
+ if [ "`whoami`" != 'root' ]; then
+ SUDO="sudo"
+ fi
+
if [ ! -z "$HYDRA" ]; then
export HYDRA_FOLDER="`hydra_eval_parameter $HYDRA`"
export PREFERENCES="$HOME/.hydra/$HYDRA"
@@ -108,6 +112,12 @@ function hydra_safe_run {
hydra_exit_on_error $*
}
+# Run a command using sudo and abort on error
+function hydra_sudo_run {
+ $SUDO $*
+ hydra_exit_on_error $*
+}
+
# Determine the next debian release
function hydra_next_debian_release {
local release="$1"
diff --git a/share/config/provision/nas.conf b/share/config/provision/nas.conf
index cab4286..5916383 100644
--- a/share/config/provision/nas.conf
+++ b/share/config/provision/nas.conf
@@ -6,7 +6,7 @@
interactive="n" # Interactive mode?
encrypt="y" # Encrypt volumes?
garbage="y" # Pre-fill volumes with garbage?
-disable_zeroing="y" # Disable zeroing of lvm volumes?
+disable_zeroing="n" # Disable zeroing of lvm volumes?
random_swap="y" # Random swap?
arch="amd64" # System arch
version="wheezy" # Distro version
diff --git a/share/config/provision/router.conf b/share/config/provision/router.conf
index 2eb24dd..f3b763a 100644
--- a/share/config/provision/router.conf
+++ b/share/config/provision/router.conf
@@ -6,7 +6,7 @@
interactive="n" # Interactive mode?
encrypt="n" # Encrypt volumes?
garbage="n" # Pre-fill volumes with garbage?
-disable_zeroing="y" # Disable zeroing of lvm volumes?
+disable_zeroing="n" # Disable zeroing of lvm volumes?
random_swap="n" # Random swap?
arch="amd64" # System arch
version="wheezy" # Distro version
diff --git a/share/hydractl/provision b/share/hydractl/provision
index 268e101..bafc8b6 100755
--- a/share/hydractl/provision
+++ b/share/hydractl/provision
@@ -41,9 +41,9 @@ function hydra_provision_lvcreate {
# See http://forums.funtoo.org/viewtopic.php?id=1206
# https://bbs.archlinux.org/viewtopic.php?id=124615
if [ "$disable_zeroing" == "y" ]; then
- hydra_safe_run lvcreate -Z n $space -n $volume $vg
+ hydra_sudo_run lvcreate -Z n $space -n $volume $vg
else
- hydra_safe_run lvcreate $space -n $volume $vg
+ hydra_sudo_run lvcreate $space -n $volume $vg
fi
fi
}
@@ -51,7 +51,7 @@ function hydra_provision_lvcreate {
# Cryptsetup wrapper.
function hydra_cryptsetup {
if [ ! -z "$1" ] && [ -b "$1" ]; then
- hydra_safe_run cryptsetup --cipher aes-xts-plain64:sha256 --key-size 512 --hash sha512 --iter-time 5000 --use-random luksFormat $1
+ hydra_sudo_run cryptsetup --cipher aes-xts-plain64:sha256 --key-size 512 --hash sha512 --iter-time 5000 --use-random luksFormat $1
fi
}
@@ -66,15 +66,15 @@ function hydra_provision_create_volume {
if [ "$encrypt" == "y" ]; then
echo "Creating encrypted $volume device..."
hydra_cryptsetup /dev/mapper/$vg-$volume
- hydra_safe_run cryptsetup luksOpen /dev/mapper/$vg-$volume provision-$volume
- hydra_safe_run mkfs.ext4 /dev/mapper/provision-$volume
+ hydra_sudo_run cryptsetup luksOpen /dev/mapper/$vg-$volume provision-$volume
+ hydra_sudo_run mkfs.ext4 /dev/mapper/provision-$volume
if [ "$volume" == "root" ]; then
install_device="/dev/mapper/provision-root"
fi
else
echo "Creating $volume device..."
- mkfs.ext4 /dev/mapper/$vg-$volume
+ hydra_sudo_run mkfs.ext4 /dev/mapper/$vg-$volume
if [ "$volume" == "root" ]; then
install_device="/dev/mapper/$vg-root"
@@ -154,13 +154,13 @@ if [ "$interactive" == "y" ]; then
fi
# Disk partitioning.
-hydra_safe_run parted -s -- $device mklabel gpt
-hydra_safe_run parted -s -- $device unit MB mkpart non-fs 2 3
-hydra_safe_run parted -s -- $device unit MB mkpart ext2 3 200
-hydra_safe_run parted -s -- $device unit MB mkpart ext2 200 -1
-hydra_safe_run parted -s -- $device set 1 bios_grub on
-hydra_safe_run parted -s -- $device set 2 boot on
-hydra_safe_run parted -s -- $device set 3 lvm on
+hydra_sudo_run parted -s -- $device mklabel gpt
+hydra_sudo_run parted -s -- $device unit MB mkpart non-fs 2 3
+hydra_sudo_run parted -s -- $device unit MB mkpart ext2 3 200
+hydra_sudo_run parted -s -- $device unit MB mkpart ext2 200 -1
+hydra_sudo_run parted -s -- $device set 1 bios_grub on
+hydra_sudo_run parted -s -- $device set 2 boot on
+hydra_sudo_run parted -s -- $device set 3 lvm on
# Use absolute paths for devices.
boot_device="$device"2
@@ -172,16 +172,16 @@ echo "Creating the needed disk volumes..."
if ! pvdisplay $syst_device &> /dev/null; then
echo "Creating physical volume..."
- hydra_safe_run pvcreate $syst_device
+ hydra_sudo_run pvcreate $syst_device
fi
if ! vgdisplay $vg &> /dev/null; then
echo "Creating volume group..."
- hydra_safe_run vgcreate $vg $syst_device
+ hydra_sudo_run vgcreate $vg $syst_device
fi
# Create root partition.
-hydra_safe_run vgchange -a y $vg
+hydra_sudo_run vgchange -a y $vg
hydra_provision_lvcreate root $root_size
# Create swap partition
@@ -203,33 +203,40 @@ fi
if [ "$garbage" == "y" ]; then
echo "Filling volumes with garbage..."
- dd if=/dev/urandom of=/dev/mapper/$vg-root
+ hydra_sudo_run dd if=/dev/urandom of=/dev/mapper/$vg-root
if [ -b "/dev/mapper/$vg-home" ]; then
- dd if=/dev/urandom of=/dev/mapper/$vg-home
+ hydra_sudo_run dd if=/dev/urandom of=/dev/mapper/$vg-home
fi
if [ -b "/dev/mapper/$vg-var" ]; then
- dd if=/dev/urandom of=/dev/mapper/$vg-var
+ hydra_sudo_run dd if=/dev/urandom of=/dev/mapper/$vg-var
fi
if [ "$swap_size" != "0" ]; then
- dd if=/dev/urandom of=/dev/mapper/$vg-swap
+ hydra_sudo_run dd if=/dev/urandom of=/dev/mapper/$vg-swap
fi
fi
+# Make sure that the mountpoint exists
+hydra_sudo_run mkdir -p /tmp/debootstrap
+
# Setup mountpoint and make sure it's not mounted due to a failed install.
-mkdir -p /tmp/debootstrap
-umount /tmp/debootstrap &> /dev/null
-for folder in proc dev home var boot sys; do
- umount /tmp/debootstrap/$folder &> /dev/null
-done
+if cat /proc/mounts | cut -d ' ' -f 2 | grep -q "^/tmp/debootstrap$"; then
+ hydra_sudo_run umount /tmp/debootstrap
+
+ for folder in proc dev home var boot sys; do
+ if cat /proc/mounts | cut -d ' ' -f 2 | grep -q "^/tmp/debootstrap/$folder$"; then
+ hydra_sudo_run umount /tmp/debootstrap/$folder
+ fi
+ done
+fi
# Create swap fs.
if [ "$swap_size" != "0" ] && [ "$random_swap" != "y" ]; then
hydra_cryptsetup /dev/mapper/$vg-swap
- hydra_safe_run cryptsetup luksOpen /dev/mapper/$vg-swap provision-swap
- hydra_safe_run mkswap /dev/mapper/provision-swap
+ hydra_sudo_run cryptsetup luksOpen /dev/mapper/$vg-swap provision-swap
+ hydra_sudo_run mkswap /dev/mapper/provision-swap
fi
# Create root fs
@@ -246,120 +253,120 @@ if [ "$var_size" != "0" ]; then
fi
# Mount root volume.
-hydra_safe_run mount $install_device /tmp/debootstrap/
+hydra_sudo_run mount $install_device /tmp/debootstrap/
# Mount additional volumes.
if [ "$home_size" != "0" ]; then
mkdir /tmp/debootstrap/home
if [ "$encrypt" == "y" ]; then
- hydra_safe_run mount /dev/mapper/provision-home /tmp/debootstrap/home
+ hydra_sudo_run mount /dev/mapper/provision-home /tmp/debootstrap/home
else
- hydra_safe_run mount /dev/mapper/$vg-home /tmp/debootstrap/home
+ hydra_sudo_run mount /dev/mapper/$vg-home /tmp/debootstrap/home
fi
fi
if [ "$var_size" != "0" ]; then
- mkdir /tmp/debootstrap/var
+ hydra_sudo_run mkdir /tmp/debootstrap/var
if [ "$encrypt" == "y" ]; then
- hydra_safe_run mount /dev/mapper/provision-var /tmp/debootstrap/var
+ hydra_sudo_run mount /dev/mapper/provision-var /tmp/debootstrap/var
else
- hydra_safe_run mount /dev/mapper/$vg-var /tmp/debootstrap/var
+ hydra_sudo_run mount /dev/mapper/$vg-var /tmp/debootstrap/var
fi
fi
# Initial system install.
echo "Installing base system..."
-hydra_safe_run debootstrap --arch=$arch $version /tmp/debootstrap/ $mirror
+hydra_sudo_run debootstrap --arch=$arch $version /tmp/debootstrap/ $mirror
# Initial configuration.
echo "Applying initial configuration..."
-mount none -t proc /tmp/debootstrap/proc
-mount none -t sysfs /tmp/debootstrap/sys
-mount -o bind /dev/ /tmp/debootstrap/dev
-echo LANG=C > /tmp/debootstrap/etc/default/locale
+hydra_sudo_run mount none -t proc /tmp/debootstrap/proc
+hydra_sudo_run mount none -t sysfs /tmp/debootstrap/sys
+hydra_sudo_run mount -o bind /dev/ /tmp/debootstrap/dev
+echo LANG=C | $SUDO tee /tmp/debootstrap/etc/default/locale
# Resolver configuration.
-echo "domain $domain" > /tmp/debootstrap/etc/resolv.conf
-echo "search $hostname.$domain" >> /tmp/debootstrap/etc/resolv.conf
-grep nameserver /etc/resolv.conf >> /tmp/debootstrap/etc/resolv.conf
+echo "domain $domain" | $SUDO tee /tmp/debootstrap/etc/resolv.conf
+echo "search $hostname.$domain" | $SUDO tee -a /tmp/debootstrap/etc/resolv.conf
+grep nameserver /etc/resolv.conf | $SUDO tee -a /tmp/debootstrap/etc/resolv.conf
# Hostname configuration.
-echo $hostname.$domain > /tmp/debootstrap/etc/hostname
-echo "127.0.0.1 localhost" >> /tmp/debootstrap/etc/hosts
-echo "127.0.0.1 $hostname $hostname.$domain" >> /tmp/debootstrap/etc/hosts
+echo $hostname.$domain | $SUDO tee /tmp/debootstrap/etc/hostname
+echo "127.0.0.1 localhost" | $SUDO tee -a /tmp/debootstrap/etc/hosts
+echo "127.0.0.1 $hostname $hostname.$domain" | $SUDO tee -a /tmp/debootstrap/etc/hosts
# Invert hostname contents to avoid http://projects.puppetlabs.com/issues/2533
-tac /tmp/debootstrap/etc/hosts > /tmp/debootstrap/etc/hosts.new
-mv /tmp/debootstrap/etc/hosts.new /tmp/debootstrap/etc/hosts
+tac /tmp/debootstrap/etc/hosts | $SUDO tee /tmp/debootstrap/etc/hosts.new
+hydra_sudo_run mv /tmp/debootstrap/etc/hosts.new /tmp/debootstrap/etc/hosts
# Initial upgrade.
echo "Applying initial upgrades..."
-chroot /tmp/debootstrap/ apt-get update
-chroot /tmp/debootstrap/ apt-get upgrade -y
-chroot /tmp/debootstrap/ apt-get install locales cryptsetup lvm2 initramfs-tools -y
+hydra_sudo_run chroot /tmp/debootstrap/ apt-get update
+hydra_sudo_run chroot /tmp/debootstrap/ apt-get upgrade -y
+hydra_sudo_run chroot /tmp/debootstrap/ apt-get install locales cryptsetup lvm2 initramfs-tools -y
# Crypttab.
echo "Configuring crypttab..."
echo "# <target name> <source device> <key file> <options>" > /tmp/debootstrap/etc/crypttab
if [ "$encrypt" == "y" ]; then
- cat > /tmp/debootstrap/etc/crypttab <<-EOF
+ cat <<-EOF | $SUDO tee /tmp/debootstrap/etc/crypttab
root /dev/mapper/$vg-root none luks
EOF
fi
if [ "$home_size" != "0" ] && [ "$encrypt" == "y" ]; then
- cat >> /tmp/debootstrap/etc/crypttab <<-EOF
+ cat <<-EOF | $SUDO tee -a /tmp/debootstrap/etc/crypttab
home /dev/mapper/$vg-home none luks
EOF
fi
if [ "$var_size" != "0" ] && [ "$encrypt" == "y" ]; then
- cat >> /tmp/debootstrap/etc/crypttab <<-EOF
+ cat <<-EOF | $SUDO tee -a /tmp/debootstrap/etc/crypttab
var /dev/mapper/$vg-var none luks
EOF
fi
if [ "$swap_size" != "0" ] && [ "$random_swap" == "y" ]; then
- cat >> /tmp/debootstrap/etc/crypttab <<-EOF
+ cat <<-EOF | $SUDO tee -a /tmp/debootstrap/etc/crypttab
swap /dev/mapper/$vg-swap /dev/random swap,cipher=aes-xts-plain64:sha256
EOF
fi
if [ "$swap_size" != "0" ] && [ "$random_swap" != "y" ]; then
- cat >> /tmp/debootstrap/etc/crypttab <<-EOF
+ cat <<-EOF | $SUDO tee -a /tmp/debootstrap/etc/crypttab
swap /dev/mapper/$vg-swap none luks,swap
EOF
fi
# Fstab.
echo "Configuring fstab..."
-echo "" > /tmp/debootstrap/etc/fstab
+echo "" | hydra_safe_run tee /tmp/debootstrap/etc/fstab
if [ "$swap_size" != "0" ]; then
- cat >> /tmp/debootstrap/etc/fstab <<-EOF
+ cat <<-EOF | $SUDO tee -a /tmp/debootstrap/etc/fstab
/dev/mapper/swap none swap sw 0 0
EOF
fi
if [ "$encrypt" == "y" ]; then
- cat >> /tmp/debootstrap/etc/fstab <<-EOF
+ cat <<-EOF | $SUDO tee -a /tmp/debootstrap/etc/fstab
/dev/mapper/root / ext4 defaults,errors=remount-ro 0 1
EOF
else
- cat >> /tmp/debootstrap/etc/fstab <<-EOF
+ cat <<-EOF | $SUDO tee -a /tmp/debootstrap/etc/fstab
/dev/mapper/$vg-root / ext4 defaults,errors=remount-ro 0 1
EOF
fi
if [ "$home_size" != "0" ]; then
if [ "$encrypt" == "y" ]; then
- cat >> /tmp/debootstrap/etc/fstab <<-EOF
+ cat <<-EOF | $SUDO tee -a /tmp/debootstrap/etc/fstab
/dev/mapper/home /home ext4 defaults,errors=remount-ro 0 2
EOF
else
- cat >> /tmp/debootstrap/etc/fstab <<-EOF
+ cat <<-EOF | $SUDO tee -a /tmp/debootstrap/etc/fstab
/dev/mapper/$vg-home /home ext4 defaults,errors=remount-ro 0 2
EOF
fi
@@ -367,11 +374,11 @@ fi
if [ "$var_size" != "0" ]; then
if [ "$encrypt" == "y" ]; then
- cat >> /tmp/debootstrap/etc/fstab <<-EOF
+ cat <<-EOF | $SUDO tee -a /tmp/debootstrap/etc/fstab
/dev/mapper/var /var ext4 defaults,errors=remount-ro 0 2
EOF
else
- cat >> /tmp/debootstrap/etc/fstab <<-EOF
+ cat <<-EOF | $SUDO tee -a /tmp/debootstrap/etc/fstab
/dev/mapper/$vg-var /var ext4 defaults,errors=remount-ro 0 2
EOF
fi
@@ -380,17 +387,17 @@ fi
# Grub.
if [ "$grub" == "y" ]; then
echo "Boot device setup..."
- hydra_safe_run mkfs.ext4 $boot_device
- hydra_safe_run mount $boot_device /tmp/debootstrap/boot
- echo "$reboot_device /boot ext4 defaults,errors=remount-ro 0 2" >> /tmp/debootstrap/etc/fstab
+ hydra_sudo_run mkfs.ext4 $boot_device
+ hydra_sudo_run mount $boot_device /tmp/debootstrap/boot
+ echo "$reboot_device /boot ext4 defaults,errors=remount-ro 0 2" | hydra_safe_run tee -a /tmp/debootstrap/etc/fstab
echo "Setting up GRUB..."
- hydra_safe_run chroot /tmp/debootstrap/ apt-get install grub-pc -y
+ hydra_sudo_run chroot /tmp/debootstrap/ apt-get install grub-pc -y
fi
# Kernel.
echo "Installing kernel..."
-cat > /tmp/debootstrap/etc/initramfs-tools/modules <<-EOF
+cat <<-EOF | $SUDO tee /tmp/debootstrap/etc/initramfs-tools/modules
dm-mod
dm-crypt
dm-raid
@@ -399,7 +406,7 @@ twofish
sha256
EOF
-cat > /tmp/debootstrap/etc/kernel-img.conf <<-EOF
+cat <<-EOF | $SUDO tee /tmp/debootstrap/etc/kernel-img.conf
do_initrd = Yes
EOF
@@ -410,33 +417,33 @@ else
fi
if [ "$version" == "squeeze" ]; then
- hydra_safe_run chroot /tmp/debootstrap apt-get install linux-image-2.6-vserver-$kernel_arch -y
+ hydra_sudo_run chroot /tmp/debootstrap apt-get install linux-image-2.6-vserver-$kernel_arch -y
else
- hydra_safe_run chroot /tmp/debootstrap apt-get install linux-image-$kernel_arch -y
+ hydra_sudo_run chroot /tmp/debootstrap apt-get install linux-image-$kernel_arch -y
fi
# Initramfs.
echo "Creating initramfs..."
-hydra_safe_run chroot /tmp/debootstrap update-initramfs -v -u
+hydra_sudo_run chroot /tmp/debootstrap update-initramfs -v -u
# Utils.
echo "Installing basic utilities..."
-chroot /tmp/debootstrap apt-get install screen cron lsb-release openssl -y
+hydra_sudo_run chroot /tmp/debootstrap apt-get install screen cron lsb-release openssl -y
# Ssh.
echo "Installing OpenSSH daemon..."
-chroot /tmp/debootstrap apt-get install openssh-server -y
+hydra_sudo_run chroot /tmp/debootstrap apt-get install openssh-server -y
echo "OpenSSH fingerprints:"
-chroot /tmp/debootstrap ssh-keygen -l -f /etc/ssh/ssh_host_dsa_key.pub
-chroot /tmp/debootstrap ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub
+hydra_sudo_run chroot /tmp/debootstrap ssh-keygen -l -f /etc/ssh/ssh_host_dsa_key.pub
+hydra_sudo_run chroot /tmp/debootstrap ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub
# Accounts.
echo "Installing sudo..."
-chroot /tmp/debootstrap apt-get install sudo -y
+hydra_sudo_run chroot /tmp/debootstrap apt-get install sudo -y
echo "Choose a root password."
-chroot /tmp/debootstrap passwd root
+hydra_sudo_run chroot /tmp/debootstrap passwd root
cat <<-EOF