diff --git a/src/base.sh b/src/base.sh new file mode 100644 index 0000000..1ced8cd --- /dev/null +++ b/src/base.sh @@ -0,0 +1,24 @@ +#!/bin/bash + +if [ ! "$BASH_VERSION" ] ; then + bash $0 $1 $2 $3 $4 $5 $6 $7 $8 $9 + exit 1 +fi + +wiRed=$(tput setaf 196) +wiGreen=$(tput setaf 46) +wiYellow=$(tput setaf 226) +wiBlue=$(tput setaf 21) +wiPurple=$(tput setaf 165) +wiTurquoise=$(tput setaf 14) +wiPink=$(tput setaf 198) +wiOrange=$(tput setaf 202) +wiUnderline=$(tput smul) +wiBold=$(tput bold) +wiNormal=$(tput sgr0) + +{{ CODES }} + +wi-start +wi-init $1 $2 +wi-stop diff --git a/src/functions/init.sh b/src/functions/init.sh new file mode 100644 index 0000000..0a22ec7 --- /dev/null +++ b/src/functions/init.sh @@ -0,0 +1,46 @@ +wi-init(){ + wi-login $1 $2 + + echo " >> Init << " + echo "------------------------------" + + mkdir -p ~/.ssh &> /dev/null + + apt-get install -y python3-pip python3-venv jq git curl &> /dev/null + python3 -m venv /opt/ansible &> /dev/null + /opt/ansible/bin/pip3 install ansible hvac netaddr jmespath pexpect &> /dev/null + + curl \ + -H "X-Vault-Token: $VAULT_TOKEN" \ + -X GET \ + https://$VAULT_DOMAIN/v1/init.sh/data/ssh -s | jq -r '.data.data.privkey' > ~/.ssh/init + + chmod 700 ~/.ssh/init + + mkdir -p ~/.ansible > /dev/null + + if [ ! -f ~/.ansible/vars.yml ] + then + openssl rand -base64 64 | tr -d '\n' | head -c 64 > ~/.ansible/vault.yml + + ANSIBLE_VAULT_SECRET=$(<~/.ansible/vault.yml) + + echo "---" > ~/.ansible/vars.yml + echo "hostname: $HOSTNAME" >> ~/.ansible/vars.yml + echo "folder: /$FOLDER/" >> ~/.ansible/vars.yml + echo "vault:" >> ~/.ansible/vars.yml + echo " ansible:" >> ~/.ansible/vars.yml + echo " secret: $ANSIBLE_VAULT_SECRET" >> ~/.ansible/vars.yml + echo " hashicorp:" >> ~/.ansible/vars.yml + echo " domain: $VAULT_DOMAIN" >> ~/.ansible/vars.yml + + /opt/ansible/bin/ansible-vault encrypt --vault-password-file ~/.ansible/vault.yml ~/.ansible/vars.yml > /dev/null + fi + + ssh-keyscan -p $GIT_PORT $GIT_DOMAIN &> ~/.ssh/known_hosts + + /opt/ansible/bin/ansible-pull -U ssh://git@$GIT_DOMAIN:$GIT_PORT/$GIT_REPOSITORY --vault-password-file ~/.ansible/vault.yml --private-key ~/.ssh/init playbooks/init.yml -t init + + + unset HVT +} diff --git a/src/functions/login.sh b/src/functions/login.sh new file mode 100644 index 0000000..6414640 --- /dev/null +++ b/src/functions/login.sh @@ -0,0 +1,145 @@ +wi-login(){ + echo -n "$wiItalic" + echo " >> Login << " + echo -n "$wiNormal"; + echo "------------------------------" + + ORG=$1 + + if [[ -z "$HOSTNAME" || ${#HOSTNAME} -lt 5 ]] + then + wi-stop + fi + + if [[ $(hostname -d) == "devices.waren.io" ]] + then + ORG=warengroup + elif [[ $(hostname -d) == "devices.cwinfo.net" || $(hostname -d) == "fr1.servers.devices.cwinfo.net" ]] + then + ORG=cwinfo + elif [[ $(hostname -d) == "devices.christerwaren.fi" ]] + then + ORG=cwchristerw + elif [[ -z $ORG ]] + then + echo -n "Status: Organization Required" + + wi-stop + fi + + if [[ $ORG == "warengroup" ]] + then + DOMAIN=waren.io + elif [[ $ORG == "cwinfo" ]] + then + DOMAIN=cwinfo.net + elif [[ $ORG == "cwchristerw" ]] + then + DOMAIN=christerwaren.fi + else + echo -n "Status: Organization Unsupported" + + wi-stop + fi + + FOLDER=$ORG + DEVICE_DOMAIN="devices.$DOMAIN" + IDM_DOMAIN="idm.cwinfo.net" + VAULT_DOMAIN="vault.cwinfo.net" + GIT_DOMAIN="git.cwinfo.net" + GIT_PORT=2222 + GIT_REPOSITORY="warengroup-private/infra-plus" + + if [[ $(hostname -d) ]] + then + HOSTNAME=$(hostname --fqdn) + elif [[ -z $(hostname -d) ]] && [[ ! -z $2 ]] + then + HOSTNAME="$2.$DEVICE_DOMAIN" + else + echo -n "Status: Hostname Required" + wi-stop + fi + + if [[ -z $USER || $USER == "root" || $USER == "local" ]] + then + if [[ -z $SUDO_USER ]] + then + if [[ -z LOGNAME ]] + then + echo -n "Status: Username Required" + wi-stop + else + USER=$LOGNAME + fi + else + USER=$SUDO_USER + fi + fi + + VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/sys/health) + if [[ $VAULT_STATUS -eq 200 ]] + then + IDM_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$IDM_DOMAIN) + if [[ $IDM_STATUS -eq 301 ]] + then + echo $wiBold$ORG$wiNormal + + if [[ -z $USER || $USER == "root" || $USER == "local" ]] + then + echo -n "Username: " + read USERNAME + else + echo "Username: $USER" + USERNAME=$USER + fi + + echo -n "Password: " + read -s PASSWORD + echo "****************" + + if [[ -z $USERNAME || -z $PASSWORD ]] + then + echo -n "Status: Username & Password Required" + wi-stop + else + VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/ldap/login/$USERNAME -X POST -d '{ "password": "'$PASSWORD'" }' -s | jq -r '.auth.client_token') + if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]] + then + echo -n "Status: Login Failed" + wi-stop + fi + + HVT=$VAULT_LOGIN + wi-start + fi + else + echo $wiBold$ORG$wiNormal + + echo -n "Token: " + read -s TOKEN + echo "****************" + + if [[ -z $TOKEN || ${#TOKEN} -lt 95 || ${#TOKEN} -gt 95 ]] + then + echo -n "Status: Vault Token Required" + wi-stop + fi + + VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token') + if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]] + then + echo -n "Status: Login Failed" + wi-stop + fi + + HVT=$VAULT_LOGIN + wi-start + fi + else + echo $wiBold$ORG$wiNormal + + echo -n "Status: Vault Offline" + wi-stop + fi +} diff --git a/src/functions/start.sh b/src/functions/start.sh new file mode 100644 index 0000000..fbef645 --- /dev/null +++ b/src/functions/start.sh @@ -0,0 +1,11 @@ +wi-start(){ + echo "" + echo "" + echo "" + echo "==============================" + echo -n "$wiBold" + echo " Warén Group " + echo " Init.sh " + echo -n "$wiNormal" + echo "==============================" +} diff --git a/src/functions/stop.sh b/src/functions/stop.sh new file mode 100644 index 0000000..9ead241 --- /dev/null +++ b/src/functions/stop.sh @@ -0,0 +1,7 @@ +wi-stop (){ + echo "==============================" + echo " " + echo " " + echo " " + exit 1 +}