From 8b9dc7bdea054076558082aa03ed0dd09d198215 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christer=20War=C3=A9n?= Date: Wed, 1 May 2024 03:21:23 +0300 Subject: [PATCH] Build Code --- archive/init.sh | 162 ++++++++++++++++++++++++++++++++++++++++++++++++ build.sh | 25 ++++++++ generator.php | 28 +++++++++ 3 files changed, 215 insertions(+) create mode 100755 archive/init.sh create mode 100644 build.sh create mode 100644 generator.php diff --git a/archive/init.sh b/archive/init.sh new file mode 100755 index 0000000..38f6160 --- /dev/null +++ b/archive/init.sh @@ -0,0 +1,162 @@ +#!/bin/bash + +if [ ! "$BASH_VERSION" ] ; then + exit 1 +fi + +echo " +============================== + +Warén Group +Init Script + +------------------------------ +" + +stop () { +unset HVT + +echo " +============================== +" + +exit 1 + +} + +mkdir -p ~/.ssh &> /dev/null + +apt-get install -y python3-pip python3-venv jq git curl &> /dev/null +python3 -m venv /opt/ansible &> /dev/null +/opt/ansible/bin/pip3 install ansible hvac netaddr jmespath pexpect &> /dev/null + +ORG=$1 +case $ORG in + warengroup) + DOMAIN="waren.io" + FOLDER="warengroup" + ;; + cwinfo) + DOMAIN="cwinfo.net" + FOLDER="cwinfo" + ;; + cwchristerw) + DOMAIN="christerwaren.fi" + FOLDER="cwchristerw" + ;; + *) + echo "Organization is required." + stop + ;; +esac + +HOSTNAME=$2 +if [[ -z "$HOSTNAME" || ${#HOSTNAME} -lt 5 ]]; then + stop +fi + +if [[ -z $USER || $USER == "root" ]]; then + if [[ -z $SUDO_USER ]]; then + if [[ -z LOGNAME ]]; then + echo -n "" + else + USER=$LOGNAME + fi + else + USER=$SUDO_USER + fi +fi + +DEVICE_DOMAIN="devices.$DOMAIN" +IDM_DOMAIN="idm.$DOMAIN" +VAULT_DOMAIN="vault.cwinfo.net" +GIT_DOMAIN="git.cwinfo.net" +GIT_PORT=2222 +GIT_REPOSITORY="warengroup-private/infra-plus" + +HOSTNAME="$HOSTNAME.$DEVICE_DOMAIN" + +VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/sys/health) +if [[ $VAULT_STATUS -eq 200 ]]; then + IDM_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$IDM_DOMAIN) + if [[ $IDM_STATUS -eq 301 ]]; then + echo "$VAULT_DOMAIN - Login" + echo "Method: LDAP" + + if [[ -z $USER || $USER == "root" || $USER == "local" ]]; then + echo -n "Username: " + read USERNAME + else + echo "Username: $USER" + USERNAME=$USER + fi + + echo -n "Password: " + read -s PASSWORD + echo "****************" + echo "" + VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/ldap/login/$USERNAME -X POST -d '{ "password": "'$PASSWORD'" }' -s | jq -r '.auth.client_token') + if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]]; then + stop + fi + + VAULT_TOKEN=$VAULT_LOGIN + export HVT="$VAULT_TOKEN" + echo -e "\n" + else + echo "$VAULT_DOMAIN - Login" + echo -n "Token: " + read -s VAULT_TOKEN + echo "***********************************************************************************************" + echo "" + if [[ -z $VAULT_TOKEN || ${#VAULT_TOKEN} -lt 95 || ${#VAULT_TOKEN} -gt 95 ]]; then + stop + fi + + VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/lookup-self -X GET -H "X-Vault-Token: $VAULT_TOKEN" -s | jq -r '.data.id') + if [[ -z $VAULT_LOGIN ]]; then + stop + fi + VAULT_TOKEN=$VAULT_LOGIN + export HVT="$VAULT_TOKEN" + echo -e "\n" + fi +fi + +curl \ + -H "X-Vault-Token: $VAULT_TOKEN" \ + -X GET \ + https://$VAULT_DOMAIN/v1/init.sh/data/ssh -s | jq -r '.data.data.privkey' > ~/.ssh/init + +chmod 700 ~/.ssh/init + +mkdir -p ~/.ansible > /dev/null + +if [ ! -f ~/.ansible/vars.yml ]; then + + openssl rand -base64 64 | tr -d '\n' | head -c 64 > ~/.ansible/vault.yml + + ANSIBLE_VAULT_SECRET=$(<~/.ansible/vault.yml) + + echo "---" > ~/.ansible/vars.yml + echo "hostname: $HOSTNAME" >> ~/.ansible/vars.yml + echo "folder: /$FOLDER/" >> ~/.ansible/vars.yml + echo "vault:" >> ~/.ansible/vars.yml + echo " ansible:" >> ~/.ansible/vars.yml + echo " secret: $ANSIBLE_VAULT_SECRET" >> ~/.ansible/vars.yml + echo " hashicorp:" >> ~/.ansible/vars.yml + echo " domain: $VAULT_DOMAIN" >> ~/.ansible/vars.yml + + /opt/ansible/bin/ansible-vault encrypt --vault-password-file ~/.ansible/vault.yml ~/.ansible/vars.yml > /dev/null +fi + +ssh-keyscan -p $GIT_PORT $GIT_DOMAIN &> ~/.ssh/known_hosts + +/opt/ansible/bin/ansible-pull -U ssh://git@$GIT_DOMAIN:$GIT_PORT/$GIT_REPOSITORY --vault-password-file ~/.ansible/vault.yml --private-key ~/.ssh/init playbooks/init.yml -t init + + +unset HVT + +echo " +============================== +" diff --git a/build.sh b/build.sh new file mode 100644 index 0000000..257329f --- /dev/null +++ b/build.sh @@ -0,0 +1,25 @@ +#!/bin/bash + +if [ ! "$BASH_VERSION" ] ; then + bash $0 $1 $2 $3 $4 $5 $6 $7 $8 $9 + exit 1 +fi + +echo "" +echo "" +echo "" +echo "==============================" +echo -n "$wiBold" +echo " Warén Group " +echo " Init.sh " +echo -n "$wiNormal" +echo "==============================" +echo " >> Build << " +echo "------------------------------" +podman run -it --rm -v "$PWD":/usr/src/myapp -w /usr/src/myapp docker.io/library/php:8-cli php generator.php &> /dev/null +chmod +x init.sh &> /dev/null +echo "==============================" +echo " " +echo " " +echo " " +exit 1 diff --git a/generator.php b/generator.php new file mode 100644 index 0000000..0dd24ed --- /dev/null +++ b/generator.php @@ -0,0 +1,28 @@ +