diff --git a/build.sh b/build.sh new file mode 100644 index 0000000..257329f --- /dev/null +++ b/build.sh @@ -0,0 +1,25 @@ +#!/bin/bash + +if [ ! "$BASH_VERSION" ] ; then + bash $0 $1 $2 $3 $4 $5 $6 $7 $8 $9 + exit 1 +fi + +echo "" +echo "" +echo "" +echo "==============================" +echo -n "$wiBold" +echo " Warén Group " +echo " Init.sh " +echo -n "$wiNormal" +echo "==============================" +echo " >> Build << " +echo "------------------------------" +podman run -it --rm -v "$PWD":/usr/src/myapp -w /usr/src/myapp docker.io/library/php:8-cli php generator.php &> /dev/null +chmod +x init.sh &> /dev/null +echo "==============================" +echo " " +echo " " +echo " " +exit 1 diff --git a/generator.php b/generator.php new file mode 100644 index 0000000..0dd24ed --- /dev/null +++ b/generator.php @@ -0,0 +1,28 @@ + diff --git a/init.sh b/init.sh index 38f6160..1656e93 100755 --- a/init.sh +++ b/init.sh @@ -1,162 +1,236 @@ #!/bin/bash if [ ! "$BASH_VERSION" ] ; then + bash $0 $1 $2 $3 $4 $5 $6 $7 $8 $9 exit 1 fi -echo " -============================== +wiRed=$(tput setaf 196) +wiGreen=$(tput setaf 46) +wiYellow=$(tput setaf 226) +wiBlue=$(tput setaf 21) +wiPurple=$(tput setaf 165) +wiTurquoise=$(tput setaf 14) +wiPink=$(tput setaf 198) +wiOrange=$(tput setaf 202) +wiUnderline=$(tput smul) +wiBold=$(tput bold) +wiNormal=$(tput sgr0) -Warén Group -Init Script +wi-init(){ + wi-login $1 $2 ------------------------------- -" + echo " >> Init << " + echo "------------------------------" -stop () { -unset HVT + mkdir -p ~/.ssh &> /dev/null -echo " -============================== -" + apt-get install -y python3-pip python3-venv jq git curl &> /dev/null + python3 -m venv /opt/ansible &> /dev/null + /opt/ansible/bin/pip3 install ansible hvac netaddr jmespath pexpect &> /dev/null -exit 1 + curl \ + -H "X-Vault-Token: $VAULT_TOKEN" \ + -X GET \ + https://$VAULT_DOMAIN/v1/init.sh/data/ssh -s | jq -r '.data.data.privkey' > ~/.ssh/init + chmod 700 ~/.ssh/init + + mkdir -p ~/.ansible > /dev/null + + if [ ! -f ~/.ansible/vars.yml ] + then + openssl rand -base64 64 | tr -d '\n' | head -c 64 > ~/.ansible/vault.yml + + ANSIBLE_VAULT_SECRET=$(<~/.ansible/vault.yml) + + echo "---" > ~/.ansible/vars.yml + echo "hostname: $HOSTNAME" >> ~/.ansible/vars.yml + echo "folder: /$FOLDER/" >> ~/.ansible/vars.yml + echo "vault:" >> ~/.ansible/vars.yml + echo " ansible:" >> ~/.ansible/vars.yml + echo " secret: $ANSIBLE_VAULT_SECRET" >> ~/.ansible/vars.yml + echo " hashicorp:" >> ~/.ansible/vars.yml + echo " domain: $VAULT_DOMAIN" >> ~/.ansible/vars.yml + + /opt/ansible/bin/ansible-vault encrypt --vault-password-file ~/.ansible/vault.yml ~/.ansible/vars.yml > /dev/null + fi + + ssh-keyscan -p $GIT_PORT $GIT_DOMAIN &> ~/.ssh/known_hosts + + /opt/ansible/bin/ansible-pull -U ssh://git@$GIT_DOMAIN:$GIT_PORT/$GIT_REPOSITORY --vault-password-file ~/.ansible/vault.yml --private-key ~/.ssh/init playbooks/init.yml -t init + + + unset HVT } -mkdir -p ~/.ssh &> /dev/null +wi-login(){ + echo -n "$wiItalic" + echo " >> Login << " + echo -n "$wiNormal"; + echo "------------------------------" -apt-get install -y python3-pip python3-venv jq git curl &> /dev/null -python3 -m venv /opt/ansible &> /dev/null -/opt/ansible/bin/pip3 install ansible hvac netaddr jmespath pexpect &> /dev/null + ORG=$1 -ORG=$1 -case $ORG in - warengroup) - DOMAIN="waren.io" - FOLDER="warengroup" - ;; - cwinfo) - DOMAIN="cwinfo.net" - FOLDER="cwinfo" - ;; - cwchristerw) - DOMAIN="christerwaren.fi" - FOLDER="cwchristerw" - ;; - *) - echo "Organization is required." - stop - ;; -esac + if [[ -z "$HOSTNAME" || ${#HOSTNAME} -lt 5 ]] + then + wi-stop + fi -HOSTNAME=$2 -if [[ -z "$HOSTNAME" || ${#HOSTNAME} -lt 5 ]]; then - stop -fi + if [[ $(hostname -d) == "devices.waren.io" ]] + then + ORG=warengroup + elif [[ $(hostname -d) == "devices.cwinfo.net" || $(hostname -d) == "fr1.servers.devices.cwinfo.net" ]] + then + ORG=cwinfo + elif [[ $(hostname -d) == "devices.christerwaren.fi" ]] + then + ORG=cwchristerw + elif [[ -z $ORG ]] + then + echo -n "Status: Organization Required" -if [[ -z $USER || $USER == "root" ]]; then - if [[ -z $SUDO_USER ]]; then - if [[ -z LOGNAME ]]; then - echo -n "" + wi-stop + fi + + if [[ $ORG == "warengroup" ]] + then + DOMAIN=waren.io + elif [[ $ORG == "cwinfo" ]] + then + DOMAIN=cwinfo.net + elif [[ $ORG == "cwchristerw" ]] + then + DOMAIN=christerwaren.fi + else + echo -n "Status: Organization Unsupported" + + wi-stop + fi + + FOLDER=$ORG + DEVICE_DOMAIN="devices.$DOMAIN" + IDM_DOMAIN="idm.cwinfo.net" + VAULT_DOMAIN="vault.cwinfo.net" + GIT_DOMAIN="git.cwinfo.net" + GIT_PORT=2222 + GIT_REPOSITORY="warengroup-private/infra-plus" + + if [[ $(hostname -d) ]] + then + HOSTNAME=$(hostname --fqdn) + elif [[ -z $(hostname -d) ]] && [[ ! -z $2 ]] + then + HOSTNAME="$2.$DEVICE_DOMAIN" + else + echo -n "Status: Hostname Required" + wi-stop + fi + + if [[ -z $USER || $USER == "root" || $USER == "local" ]] + then + if [[ -z $SUDO_USER ]] + then + if [[ -z LOGNAME ]] + then + echo -n "Status: Username Required" + wi-stop + else + USER=$LOGNAME + fi else - USER=$LOGNAME + USER=$SUDO_USER + fi + fi + + VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/sys/health) + if [[ $VAULT_STATUS -eq 200 ]] + then + IDM_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$IDM_DOMAIN) + if [[ $IDM_STATUS -eq 301 ]] + then + echo $wiBold$ORG$wiNormal + + if [[ -z $USER || $USER == "root" || $USER == "local" ]] + then + echo -n "Username: " + read USERNAME + else + echo "Username: $USER" + USERNAME=$USER + fi + + echo -n "Password: " + read -s PASSWORD + echo "****************" + + if [[ -z $USERNAME || -z $PASSWORD ]] + then + echo -n "Status: Username & Password Required" + wi-stop + else + VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/ldap/login/$USERNAME -X POST -d '{ "password": "'$PASSWORD'" }' -s | jq -r '.auth.client_token') + if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]] + then + echo -n "Status: Login Failed" + wi-stop + fi + + HVT=$VAULT_LOGIN + wi-start + fi + else + echo $wiBold$ORG$wiNormal + + echo -n "Token: " + read -s TOKEN + echo "****************" + + if [[ -z $TOKEN || ${#TOKEN} -lt 95 || ${#TOKEN} -gt 95 ]] + then + echo -n "Status: Vault Token Required" + wi-stop + fi + + VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token') + if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]] + then + echo -n "Status: Login Failed" + wi-stop + fi + + HVT=$VAULT_LOGIN + wi-start fi else - USER=$SUDO_USER + echo $wiBold$ORG$wiNormal + + echo -n "Status: Vault Offline" + wi-stop fi -fi +} -DEVICE_DOMAIN="devices.$DOMAIN" -IDM_DOMAIN="idm.$DOMAIN" -VAULT_DOMAIN="vault.cwinfo.net" -GIT_DOMAIN="git.cwinfo.net" -GIT_PORT=2222 -GIT_REPOSITORY="warengroup-private/infra-plus" +wi-start(){ + echo "" + echo "" + echo "" + echo "==============================" + echo -n "$wiBold" + echo " Warén Group " + echo " Init.sh " + echo -n "$wiNormal" + echo "==============================" +} -HOSTNAME="$HOSTNAME.$DEVICE_DOMAIN" - -VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/sys/health) -if [[ $VAULT_STATUS -eq 200 ]]; then - IDM_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$IDM_DOMAIN) - if [[ $IDM_STATUS -eq 301 ]]; then - echo "$VAULT_DOMAIN - Login" - echo "Method: LDAP" - - if [[ -z $USER || $USER == "root" || $USER == "local" ]]; then - echo -n "Username: " - read USERNAME - else - echo "Username: $USER" - USERNAME=$USER - fi - - echo -n "Password: " - read -s PASSWORD - echo "****************" - echo "" - VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/ldap/login/$USERNAME -X POST -d '{ "password": "'$PASSWORD'" }' -s | jq -r '.auth.client_token') - if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]]; then - stop - fi - - VAULT_TOKEN=$VAULT_LOGIN - export HVT="$VAULT_TOKEN" - echo -e "\n" - else - echo "$VAULT_DOMAIN - Login" - echo -n "Token: " - read -s VAULT_TOKEN - echo "***********************************************************************************************" - echo "" - if [[ -z $VAULT_TOKEN || ${#VAULT_TOKEN} -lt 95 || ${#VAULT_TOKEN} -gt 95 ]]; then - stop - fi - - VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/lookup-self -X GET -H "X-Vault-Token: $VAULT_TOKEN" -s | jq -r '.data.id') - if [[ -z $VAULT_LOGIN ]]; then - stop - fi - VAULT_TOKEN=$VAULT_LOGIN - export HVT="$VAULT_TOKEN" - echo -e "\n" - fi -fi - -curl \ - -H "X-Vault-Token: $VAULT_TOKEN" \ - -X GET \ - https://$VAULT_DOMAIN/v1/init.sh/data/ssh -s | jq -r '.data.data.privkey' > ~/.ssh/init - -chmod 700 ~/.ssh/init - -mkdir -p ~/.ansible > /dev/null - -if [ ! -f ~/.ansible/vars.yml ]; then - - openssl rand -base64 64 | tr -d '\n' | head -c 64 > ~/.ansible/vault.yml - - ANSIBLE_VAULT_SECRET=$(<~/.ansible/vault.yml) - - echo "---" > ~/.ansible/vars.yml - echo "hostname: $HOSTNAME" >> ~/.ansible/vars.yml - echo "folder: /$FOLDER/" >> ~/.ansible/vars.yml - echo "vault:" >> ~/.ansible/vars.yml - echo " ansible:" >> ~/.ansible/vars.yml - echo " secret: $ANSIBLE_VAULT_SECRET" >> ~/.ansible/vars.yml - echo " hashicorp:" >> ~/.ansible/vars.yml - echo " domain: $VAULT_DOMAIN" >> ~/.ansible/vars.yml - - /opt/ansible/bin/ansible-vault encrypt --vault-password-file ~/.ansible/vault.yml ~/.ansible/vars.yml > /dev/null -fi - -ssh-keyscan -p $GIT_PORT $GIT_DOMAIN &> ~/.ssh/known_hosts - -/opt/ansible/bin/ansible-pull -U ssh://git@$GIT_DOMAIN:$GIT_PORT/$GIT_REPOSITORY --vault-password-file ~/.ansible/vault.yml --private-key ~/.ssh/init playbooks/init.yml -t init +wi-stop (){ + echo "==============================" + echo " " + echo " " + echo " " + exit 1 +} -unset HVT - -echo " -============================== -" +wi-start +wi-init $1 $2 +wi-stop