warengroup/init.sh
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Build Code

Browse Source
This commit is contained in:
Christer Warén 2024-05-01 03:22:32 +03:00
parent 9de267de43
commit 85f2dd9acd
3 changed files with 263 additions and 136 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
build.sh Normal file
View File

@ -0,0 +1,25 @@
#!/bin/bash
if [ ! "$BASH_VERSION" ] ; then
bash $0 $1 $2 $3 $4 $5 $6 $7 $8 $9
exit 1
fi
echo ""
echo ""
echo ""
echo "=============================="
echo -n "$wiBold"
echo " Warén Group "
echo " Init.sh "
echo -n "$wiNormal"
echo "=============================="
echo " >> Build << "
echo "------------------------------"
podman run -it --rm -v "$PWD":/usr/src/myapp -w /usr/src/myapp docker.io/library/php:8-cli php generator.php &> /dev/null
chmod +x init.sh &> /dev/null
echo "=============================="
echo " "
echo " "
echo " "
exit 1

28
generator.php Normal file
View File

@ -0,0 +1,28 @@
<?php
$base = file_get_contents(__DIR__."/src/base.sh");
$dirs = [
__DIR__.'/src/functions/*.sh'
];
$codes = [];
foreach($dirs as $dir){
foreach(glob($dir) as $file){
$codes[$file] = file_get_contents($file);
}
}
$code = str_replace("{{ CODES }}", implode("\n", $codes), $base);
try {
$file = __DIR__.'/init.sh';
$file = fopen($file, "w");
fwrite($file, $code);
fclose($file);
} catch (\Error $e) {
}
?>

346
init.sh
View File

@ -1,162 +1,236 @@
#!/bin/bash
if [ ! "$BASH_VERSION" ] ; then
bash $0 $1 $2 $3 $4 $5 $6 $7 $8 $9
exit 1
fi
echo "
==============================
wiRed=$(tput setaf 196)
wiGreen=$(tput setaf 46)
wiYellow=$(tput setaf 226)
wiBlue=$(tput setaf 21)
wiPurple=$(tput setaf 165)
wiTurquoise=$(tput setaf 14)
wiPink=$(tput setaf 198)
wiOrange=$(tput setaf 202)
wiUnderline=$(tput smul)
wiBold=$(tput bold)
wiNormal=$(tput sgr0)
Warén Group
Init Script
wi-init(){
wi-login $1 $2
------------------------------
"
echo " >> Init << "
echo "------------------------------"
stop () {
unset HVT
mkdir -p ~/.ssh &> /dev/null
echo "
==============================
"
apt-get install -y python3-pip python3-venv jq git curl &> /dev/null
python3 -m venv /opt/ansible &> /dev/null
/opt/ansible/bin/pip3 install ansible hvac netaddr jmespath pexpect &> /dev/null
exit 1
curl \
-H "X-Vault-Token: $VAULT_TOKEN" \
-X GET \
https://$VAULT_DOMAIN/v1/init.sh/data/ssh -s | jq -r '.data.data.privkey' > ~/.ssh/init
chmod 700 ~/.ssh/init
mkdir -p ~/.ansible > /dev/null
if [ ! -f ~/.ansible/vars.yml ]
then
openssl rand -base64 64 | tr -d '\n' | head -c 64 > ~/.ansible/vault.yml
ANSIBLE_VAULT_SECRET=$(<~/.ansible/vault.yml)
echo "---" > ~/.ansible/vars.yml
echo "hostname: $HOSTNAME" >> ~/.ansible/vars.yml
echo "folder: /$FOLDER/" >> ~/.ansible/vars.yml
echo "vault:" >> ~/.ansible/vars.yml
echo " ansible:" >> ~/.ansible/vars.yml
echo " secret: $ANSIBLE_VAULT_SECRET" >> ~/.ansible/vars.yml
echo " hashicorp:" >> ~/.ansible/vars.yml
echo " domain: $VAULT_DOMAIN" >> ~/.ansible/vars.yml
/opt/ansible/bin/ansible-vault encrypt --vault-password-file ~/.ansible/vault.yml ~/.ansible/vars.yml > /dev/null
fi
ssh-keyscan -p $GIT_PORT $GIT_DOMAIN &> ~/.ssh/known_hosts
/opt/ansible/bin/ansible-pull -U ssh://git@$GIT_DOMAIN:$GIT_PORT/$GIT_REPOSITORY --vault-password-file ~/.ansible/vault.yml --private-key ~/.ssh/init playbooks/init.yml -t init
unset HVT
}
mkdir -p ~/.ssh &> /dev/null
wi-login(){
echo -n "$wiItalic"
echo " >> Login << "
echo -n "$wiNormal";
echo "------------------------------"
apt-get install -y python3-pip python3-venv jq git curl &> /dev/null
python3 -m venv /opt/ansible &> /dev/null
/opt/ansible/bin/pip3 install ansible hvac netaddr jmespath pexpect &> /dev/null
ORG=$1
ORG=$1
case $ORG in
warengroup)
DOMAIN="waren.io"
FOLDER="warengroup"
;;
cwinfo)
DOMAIN="cwinfo.net"
FOLDER="cwinfo"
;;
cwchristerw)
DOMAIN="christerwaren.fi"
FOLDER="cwchristerw"
;;
*)
echo "Organization is required."
stop
;;
esac
if [[ -z "$HOSTNAME" || ${#HOSTNAME} -lt 5 ]]
then
wi-stop
fi
HOSTNAME=$2
if [[ -z "$HOSTNAME" || ${#HOSTNAME} -lt 5 ]]; then
stop
fi
if [[ $(hostname -d) == "devices.waren.io" ]]
then
ORG=warengroup
elif [[ $(hostname -d) == "devices.cwinfo.net" || $(hostname -d) == "fr1.servers.devices.cwinfo.net" ]]
then
ORG=cwinfo
elif [[ $(hostname -d) == "devices.christerwaren.fi" ]]
then
ORG=cwchristerw
elif [[ -z $ORG ]]
then
echo -n "Status: Organization Required"
if [[ -z $USER || $USER == "root" ]]; then
if [[ -z $SUDO_USER ]]; then
if [[ -z LOGNAME ]]; then
echo -n ""
wi-stop
fi
if [[ $ORG == "warengroup" ]]
then
DOMAIN=waren.io
elif [[ $ORG == "cwinfo" ]]
then
DOMAIN=cwinfo.net
elif [[ $ORG == "cwchristerw" ]]
then
DOMAIN=christerwaren.fi
else
echo -n "Status: Organization Unsupported"
wi-stop
fi
FOLDER=$ORG
DEVICE_DOMAIN="devices.$DOMAIN"
IDM_DOMAIN="idm.cwinfo.net"
VAULT_DOMAIN="vault.cwinfo.net"
GIT_DOMAIN="git.cwinfo.net"
GIT_PORT=2222
GIT_REPOSITORY="warengroup-private/infra-plus"
if [[ $(hostname -d) ]]
then
HOSTNAME=$(hostname --fqdn)
elif [[ -z $(hostname -d) ]] && [[ ! -z $2 ]]
then
HOSTNAME="$2.$DEVICE_DOMAIN"
else
echo -n "Status: Hostname Required"
wi-stop
fi
if [[ -z $USER || $USER == "root" || $USER == "local" ]]
then
if [[ -z $SUDO_USER ]]
then
if [[ -z LOGNAME ]]
then
echo -n "Status: Username Required"
wi-stop
else
USER=$LOGNAME
fi
else
USER=$LOGNAME
USER=$SUDO_USER
fi
fi
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/sys/health)
if [[ $VAULT_STATUS -eq 200 ]]
then
IDM_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$IDM_DOMAIN)
if [[ $IDM_STATUS -eq 301 ]]
then
echo $wiBold$ORG$wiNormal
if [[ -z $USER || $USER == "root" || $USER == "local" ]]
then
echo -n "Username: "
read USERNAME
else
echo "Username: $USER"
USERNAME=$USER
fi
echo -n "Password: "
read -s PASSWORD
echo "****************"
if [[ -z $USERNAME || -z $PASSWORD ]]
then
echo -n "Status: Username & Password Required"
wi-stop
else
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/ldap/login/$USERNAME -X POST -d '{ "password": "'$PASSWORD'" }' -s | jq -r '.auth.client_token')
if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]]
then
echo -n "Status: Login Failed"
wi-stop
fi
HVT=$VAULT_LOGIN
wi-start
fi
else
echo $wiBold$ORG$wiNormal
echo -n "Token: "
read -s TOKEN
echo "****************"
if [[ -z $TOKEN || ${#TOKEN} -lt 95 || ${#TOKEN} -gt 95 ]]
then
echo -n "Status: Vault Token Required"
wi-stop
fi
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token')
if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]]
then
echo -n "Status: Login Failed"
wi-stop
fi
HVT=$VAULT_LOGIN
wi-start
fi
else
USER=$SUDO_USER
echo $wiBold$ORG$wiNormal
echo -n "Status: Vault Offline"
wi-stop
fi
fi
}
DEVICE_DOMAIN="devices.$DOMAIN"
IDM_DOMAIN="idm.$DOMAIN"
VAULT_DOMAIN="vault.cwinfo.net"
GIT_DOMAIN="git.cwinfo.net"
GIT_PORT=2222
GIT_REPOSITORY="warengroup-private/infra-plus"
wi-start(){
echo ""
echo ""
echo ""
echo "=============================="
echo -n "$wiBold"
echo " Warén Group "
echo " Init.sh "
echo -n "$wiNormal"
echo "=============================="
}
HOSTNAME="$HOSTNAME.$DEVICE_DOMAIN"
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/sys/health)
if [[ $VAULT_STATUS -eq 200 ]]; then
IDM_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$IDM_DOMAIN)
if [[ $IDM_STATUS -eq 301 ]]; then
echo "$VAULT_DOMAIN - Login"
echo "Method: LDAP"
if [[ -z $USER || $USER == "root" || $USER == "local" ]]; then
echo -n "Username: "
read USERNAME
else
echo "Username: $USER"
USERNAME=$USER
fi
echo -n "Password: "
read -s PASSWORD
echo "****************"
echo ""
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/ldap/login/$USERNAME -X POST -d '{ "password": "'$PASSWORD'" }' -s | jq -r '.auth.client_token')
if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]]; then
stop
fi
VAULT_TOKEN=$VAULT_LOGIN
export HVT="$VAULT_TOKEN"
echo -e "\n"
else
echo "$VAULT_DOMAIN - Login"
echo -n "Token: "
read -s VAULT_TOKEN
echo "***********************************************************************************************"
echo ""
if [[ -z $VAULT_TOKEN || ${#VAULT_TOKEN} -lt 95 || ${#VAULT_TOKEN} -gt 95 ]]; then
stop
fi
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/lookup-self -X GET -H "X-Vault-Token: $VAULT_TOKEN" -s | jq -r '.data.id')
if [[ -z $VAULT_LOGIN ]]; then
stop
fi
VAULT_TOKEN=$VAULT_LOGIN
export HVT="$VAULT_TOKEN"
echo -e "\n"
fi
fi
curl \
-H "X-Vault-Token: $VAULT_TOKEN" \
-X GET \
https://$VAULT_DOMAIN/v1/init.sh/data/ssh -s | jq -r '.data.data.privkey' > ~/.ssh/init
chmod 700 ~/.ssh/init
mkdir -p ~/.ansible > /dev/null
if [ ! -f ~/.ansible/vars.yml ]; then
openssl rand -base64 64 | tr -d '\n' | head -c 64 > ~/.ansible/vault.yml
ANSIBLE_VAULT_SECRET=$(<~/.ansible/vault.yml)
echo "---" > ~/.ansible/vars.yml
echo "hostname: $HOSTNAME" >> ~/.ansible/vars.yml
echo "folder: /$FOLDER/" >> ~/.ansible/vars.yml
echo "vault:" >> ~/.ansible/vars.yml
echo " ansible:" >> ~/.ansible/vars.yml
echo " secret: $ANSIBLE_VAULT_SECRET" >> ~/.ansible/vars.yml
echo " hashicorp:" >> ~/.ansible/vars.yml
echo " domain: $VAULT_DOMAIN" >> ~/.ansible/vars.yml
/opt/ansible/bin/ansible-vault encrypt --vault-password-file ~/.ansible/vault.yml ~/.ansible/vars.yml > /dev/null
fi
ssh-keyscan -p $GIT_PORT $GIT_DOMAIN &> ~/.ssh/known_hosts
/opt/ansible/bin/ansible-pull -U ssh://git@$GIT_DOMAIN:$GIT_PORT/$GIT_REPOSITORY --vault-password-file ~/.ansible/vault.yml --private-key ~/.ssh/init playbooks/init.yml -t init
wi-stop (){
echo "=============================="
echo " "
echo " "
echo " "
exit 1
}
unset HVT
echo "
==============================
"
wi-start
wi-init $1 $2
wi-stop