Compare commits
34 Commits
570d533df3
...
develop
| Author | SHA1 | Date | |
|---|---|---|---|
|
9d8e3d0cff | ||
|
|
a69fb755f9 | ||
|
|
73d9e77ee0 | ||
|
|
a9e9902d6e | ||
|
|
373f010215 | ||
|
|
89dd3b084b | ||
|
|
bb9fdcd013 | ||
|
|
2e6d165baf | ||
|
|
17cb8fe954 | ||
|
|
ff4bebdc53 | ||
|
|
d9a7864199 | ||
|
|
03bba2ba7f | ||
|
|
e75b95abac | ||
|
|
73025e14d8 | ||
|
|
0cdc32a743 | ||
|
|
196a4ef2eb | ||
|
|
2220092a87 | ||
|
|
746ae8ebf4 | ||
|
|
944e9f020c | ||
|
|
eb5f7980de | ||
|
|
4111068772 | ||
|
|
b383c1ddd0 | ||
|
|
280928e133 | ||
|
|
5e3d337b2c | ||
|
|
28f807fb44 | ||
|
|
b236fdb65b | ||
|
|
e0e25ef1ac | ||
|
|
206bbbad1c | ||
|
|
0ca9ad28dc | ||
|
|
04699cccce | ||
|
|
3488bb794d | ||
|
|
6e11dc8e8e | ||
|
|
605366d786 | ||
|
|
e76cd7f45e |
2
LICENSE
2
LICENSE
@@ -1,6 +1,6 @@
|
|||||||
MIT License
|
MIT License
|
||||||
|
|
||||||
Copyright (c) 2023-2024 Warén Group
|
Copyright (c) 2023-2025 Warén Group
|
||||||
|
|
||||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||||
of this software and associated documentation files (the "Software"), to deal
|
of this software and associated documentation files (the "Software"), to deal
|
||||||
|
|||||||
14
README.md
14
README.md
@@ -1,12 +1,16 @@
|
|||||||
# Warén Group - Init.sh
|
# Warén Group - Init.sh
|
||||||
|
|
||||||
## Run Command
|
## Linux - Run Command
|
||||||
```
|
```
|
||||||
curl https://waren.io/init.sh -o init.sh
|
bash <(https://waren.io/init.sh)
|
||||||
bash init.sh
|
|
||||||
```
|
```
|
||||||
|
|
||||||
## Build Command
|
## Windows - Run Command
|
||||||
```
|
```
|
||||||
bash build.sh
|
curl.exe https://waren.io/init.ps1 | powershell -
|
||||||
|
```
|
||||||
|
|
||||||
|
## Maintaining Command
|
||||||
|
```
|
||||||
|
./maintainer.sh
|
||||||
```
|
```
|
||||||
|
|||||||
33
init.ps1
Normal file
33
init.ps1
Normal file
@@ -0,0 +1,33 @@
|
|||||||
|
echo ""
|
||||||
|
echo ""
|
||||||
|
echo ""
|
||||||
|
echo "=============================="
|
||||||
|
echo ""
|
||||||
|
echo "Waren Init"
|
||||||
|
echo ""
|
||||||
|
echo "=============================="
|
||||||
|
echo ""
|
||||||
|
echo ""
|
||||||
|
echo "Generating SSH Key"
|
||||||
|
New-Item -ItemType Directory -Path "$Env:USERPROFILE\.ssh\keys" -Force
|
||||||
|
ssh-keygen -f "$Env:USERPROFILE\.ssh\keys\infra" -t ed25519 -C "$Env:USERDOMAIN"
|
||||||
|
echo ""
|
||||||
|
echo ""
|
||||||
|
echo "Copy SSH Key"
|
||||||
|
Get-Content "$Env:USERPROFILE\.ssh\keys\infra.pub"
|
||||||
|
echo ""
|
||||||
|
echo ""
|
||||||
|
echo "Install OpenSSH Server"
|
||||||
|
Add-WindowsCapability -Online -Name OpenSSH.Server
|
||||||
|
echo ""
|
||||||
|
echo ""
|
||||||
|
echo "Enable OpenSSH Server"
|
||||||
|
Set-Service -Name sshd -StartupType 'Automatic'
|
||||||
|
echo ""
|
||||||
|
echo ""
|
||||||
|
echo "Start OpenSSH Server"
|
||||||
|
Start-Service -Name sshd
|
||||||
|
echo ""
|
||||||
|
echo ""
|
||||||
|
echo "Install Debian"
|
||||||
|
wsl --install Debian
|
||||||
149
init.sh
149
init.sh
@@ -1,7 +1,15 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
if [ ! "$BASH_VERSION" ] ; then
|
if [ ! "$BASH_VERSION" ] ; then
|
||||||
bash $0 $1 $2 $3 $4 $5 $6 $7 $8 $9
|
sudo curl https://waren.io/init.sh -o "$PWD/init.sh"
|
||||||
|
sudo bash "$PWD/init.sh" $1 $2 $3 $4 $5 $6 $7 $8 $9
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ $USER != "root" ]]
|
||||||
|
then
|
||||||
|
sudo curl https://waren.io/init.sh -o "$PWD/init.sh"
|
||||||
|
sudo bash "$PWD/init.sh" $1 $2 $3 $4 $5 $6 $7 $8 $9
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@@ -65,14 +73,43 @@ wx-header(){
|
|||||||
}
|
}
|
||||||
|
|
||||||
wi-init(){
|
wi-init(){
|
||||||
wi-login $1 $2
|
wi-login $1
|
||||||
wi-header "Init"
|
wi-header "Init"
|
||||||
|
|
||||||
|
if [[ ! -z $2 && ${#2} -gt 5 ]]
|
||||||
|
then
|
||||||
|
HOSTNAME="$2.$DEVICE_DOMAIN"
|
||||||
|
elif [[ $(hostname -d) ]]
|
||||||
|
then
|
||||||
|
HOSTNAME=$(hostname --fqdn)
|
||||||
|
else
|
||||||
|
echo "Status: Hostname Required"
|
||||||
|
wx-stop
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ ! -z $3 ]]
|
||||||
|
then
|
||||||
|
if [[ $3 == "server" || $3 == "workstation" ]]
|
||||||
|
then
|
||||||
|
TYPE="$3"
|
||||||
|
else
|
||||||
|
echo "Status: Type Invalid"
|
||||||
|
wx-stop
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
echo "Status: Type Required"
|
||||||
|
wx-stop
|
||||||
|
fi
|
||||||
|
|
||||||
mkdir -p ~/.ssh/keys &> /dev/null
|
mkdir -p ~/.ssh/keys &> /dev/null
|
||||||
|
|
||||||
apt-get install -y python3-pip python3-venv jq git curl &> /dev/null
|
apt-get update &> /dev/null
|
||||||
|
apt-get install -y python3-pip python3-venv jq git curl lsb-release &> /dev/null
|
||||||
|
dnf install -y epel-release &> /dev/null
|
||||||
|
dnf install -y python3-pip jq git curl lsb_release &> /dev/null
|
||||||
python3 -m venv /opt/ansible &> /dev/null
|
python3 -m venv /opt/ansible &> /dev/null
|
||||||
/opt/ansible/bin/pip3 install ansible hvac netaddr jmespath pexpect &> /dev/null
|
/opt/ansible/bin/pip3 install ansible &> /dev/null
|
||||||
|
/opt/ansible/bin/pip3 install cryptography dnspython hvac jmespath netaddr pexpect xmltodict &> /dev/null
|
||||||
|
|
||||||
curl \
|
curl \
|
||||||
-H "X-Vault-Token: ${config["login",$ORG]}" \
|
-H "X-Vault-Token: ${config["login",$ORG]}" \
|
||||||
@@ -85,46 +122,35 @@ wi-init(){
|
|||||||
|
|
||||||
if [ ! -f ~/.ansible/vars.yml ]
|
if [ ! -f ~/.ansible/vars.yml ]
|
||||||
then
|
then
|
||||||
openssl rand -base64 64 | tr -d '\n' | head -c 64 > ~/.ansible/vault.yml
|
|
||||||
|
|
||||||
ANSIBLE_VAULT_SECRET=$(<~/.ansible/vault.yml)
|
|
||||||
|
|
||||||
echo "---" > ~/.ansible/vars.yml
|
echo "---" > ~/.ansible/vars.yml
|
||||||
echo "hostname: $HOSTNAME" >> ~/.ansible/vars.yml
|
echo "hostname: $HOSTNAME" >> ~/.ansible/vars.yml
|
||||||
echo "folder: /$FOLDER/" >> ~/.ansible/vars.yml
|
echo "info:" >> ~/.ansible/vars.yml
|
||||||
echo "vault:" >> ~/.ansible/vars.yml
|
echo " type: $TYPE" >> ~/.ansible/vars.yml
|
||||||
echo " ansible:" >> ~/.ansible/vars.yml
|
echo "config:" >> ~/.ansible/vars.yml
|
||||||
echo " secret: $ANSIBLE_VAULT_SECRET" >> ~/.ansible/vars.yml
|
echo " identity:" >> ~/.ansible/vars.yml
|
||||||
echo " hashicorp:" >> ~/.ansible/vars.yml
|
echo " vault:" >> ~/.ansible/vars.yml
|
||||||
echo " domain: $VAULT_DOMAIN" >> ~/.ansible/vars.yml
|
echo " domain: $VAULT_DOMAIN" >> ~/.ansible/vars.yml
|
||||||
|
|
||||||
/opt/ansible/bin/ansible-vault encrypt --vault-password-file ~/.ansible/vault.yml ~/.ansible/vars.yml > /dev/null
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
GIT_DOMAIN="git.cwinfo.net"
|
GIT_DOMAIN="git.waren.io"
|
||||||
GIT_PORT="2222"
|
GIT_PORT="2222"
|
||||||
GIT_REPOSITORY="warengroup-private/infra-plus"
|
GIT_REPOSITORY="warengroup-private/infra-plus"
|
||||||
|
|
||||||
export HVT=${config["login",$ORG]}
|
export HVT=${config["login",$ORG]}
|
||||||
|
|
||||||
/opt/ansible/bin/ansible-galaxy collection install ansible.posix ansible.utils community.crypto community.docker community.general community.hashi_vault community.libvirt community.mysql community.postgresql containers.podman --upgrade &> /dev/null
|
/opt/ansible/bin/ansible-galaxy collection install ansible.posix ansible.utils ansible.windows community.crypto community.dns community.docker community.general community.grafana community.hashi_vault community.libvirt community.mongodb community.mysql community.postgresql community.windows containers.podman --upgrade &> /dev/null
|
||||||
|
|
||||||
/opt/ansible/bin/ansible-pull -U ssh://git@$GIT_DOMAIN:$GIT_PORT/$GIT_REPOSITORY --accept-host-key --vault-password-file ~/.ansible/vault.yml --private-key ~/.ssh/keys/init playbooks/init.yml -t init
|
/opt/ansible/bin/ansible-pull -U ssh://git@$GIT_DOMAIN:$GIT_PORT/$GIT_REPOSITORY -d ~/.ansible/pull/infra --accept-host-key --private-key ~/.ssh/keys/init --extra-vars @~/.ansible/vars.yml playbooks/init.yml -t init
|
||||||
|
|
||||||
unset HVT
|
unset HVT
|
||||||
}
|
}
|
||||||
|
|
||||||
wx-login(){
|
wx-login(){
|
||||||
if [[ -z "$HOSTNAME" || ${#HOSTNAME} -lt 5 ]]
|
|
||||||
then
|
|
||||||
wx-header "Login"
|
|
||||||
echo "Status: Hostname Required"
|
|
||||||
wx-stop
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [[ ! -z $1 ]]
|
if [[ ! -z $1 ]]
|
||||||
then
|
then
|
||||||
ORG=$1
|
ORG=$1
|
||||||
|
jq '.org = "'$ORG'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp
|
||||||
|
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
|
||||||
elif [[ $(hostname -d) = *"devices.waren.io" ]]
|
elif [[ $(hostname -d) = *"devices.waren.io" ]]
|
||||||
then
|
then
|
||||||
ORG=warengroup
|
ORG=warengroup
|
||||||
@@ -134,6 +160,9 @@ wx-login(){
|
|||||||
elif [[ $(hostname -d) = *"devices.christerwaren.fi" ]]
|
elif [[ $(hostname -d) = *"devices.christerwaren.fi" ]]
|
||||||
then
|
then
|
||||||
ORG=cwchristerw
|
ORG=cwchristerw
|
||||||
|
elif [[ $USER != "root" && $USER != "local" && -f "$HOME/.warengroup/config.json" && $(cat $HOME/.warengroup/config.json | jq -r .org) != "null" ]]
|
||||||
|
then
|
||||||
|
ORG=$(cat $HOME/.warengroup/config.json | jq -r .org)
|
||||||
else
|
else
|
||||||
wx-header "Login"
|
wx-header "Login"
|
||||||
echo "Status: Organization Required"
|
echo "Status: Organization Required"
|
||||||
@@ -157,21 +186,9 @@ wx-login(){
|
|||||||
|
|
||||||
FOLDER=$ORG
|
FOLDER=$ORG
|
||||||
DEVICE_DOMAIN="devices.$DOMAIN"
|
DEVICE_DOMAIN="devices.$DOMAIN"
|
||||||
IDM_DOMAIN="idm.cwinfo.net"
|
IDM_DOMAIN="idm.waren.io"
|
||||||
VAULT_DOMAIN="vault.cwinfo.net"
|
VAULT_DOMAIN="vault.cwinfo.net"
|
||||||
|
|
||||||
if [[ ! -z $2 ]]
|
|
||||||
then
|
|
||||||
HOSTNAME="$2.$DEVICE_DOMAIN"
|
|
||||||
elif [[ $(hostname -d) ]]
|
|
||||||
then
|
|
||||||
HOSTNAME=$(hostname --fqdn)
|
|
||||||
else
|
|
||||||
wx-header "Login"
|
|
||||||
echo "Status: Hostname Required"
|
|
||||||
wx-stop
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [[ -z $USER || $USER == "root" || $USER == "local" ]]
|
if [[ -z $USER || $USER == "root" || $USER == "local" ]]
|
||||||
then
|
then
|
||||||
if [[ -z $SUDO_USER ]]
|
if [[ -z $SUDO_USER ]]
|
||||||
@@ -195,9 +212,13 @@ wx-login(){
|
|||||||
if [[ $VAULT_STATUS -eq 200 ]]
|
if [[ $VAULT_STATUS -eq 200 ]]
|
||||||
then
|
then
|
||||||
|
|
||||||
if [[ $USER != "root" && $USER != "local" && -f "$HOME/.config/warengroup/config.json" ]]
|
if [[ $USER != "root" && $USER != "local" && -f "$HOME/.warengroup/config.json" ]]
|
||||||
then
|
then
|
||||||
TOKEN="$(cat $HOME/.config/warengroup/config.json | jq -r .login.$ORG)"
|
if [[ $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.username) != "null" ]]
|
||||||
|
then
|
||||||
|
USERNAME="$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.username)"
|
||||||
|
fi
|
||||||
|
TOKEN="$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token)"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token')
|
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token')
|
||||||
@@ -206,8 +227,8 @@ wx-login(){
|
|||||||
config["login",${ORG}]=$VAULT_LOGIN
|
config["login",${ORG}]=$VAULT_LOGIN
|
||||||
if [[ $USER != "root" && $USER != "local" ]]
|
if [[ $USER != "root" && $USER != "local" ]]
|
||||||
then
|
then
|
||||||
jq '.login.'$ORG' = "'$VAULT_LOGIN'"' $HOME/.config/warengroup/config.json 1> $HOME/.config/warengroup/config.json.tmp
|
jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp
|
||||||
mv $HOME/.config/warengroup/config.json.tmp $HOME/.config/warengroup/config.json &> /dev/null
|
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
IDM_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$IDM_DOMAIN)
|
IDM_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$IDM_DOMAIN)
|
||||||
@@ -216,7 +237,7 @@ wx-login(){
|
|||||||
wx-header "Login"
|
wx-header "Login"
|
||||||
echo $wxBold$ORG$wxNormal
|
echo $wxBold$ORG$wxNormal
|
||||||
|
|
||||||
if [[ -z $USERNAME || $USERNAME == "root" || $USERNAME == "local" ]]
|
if [[ -z $USERNAME || $USERNAME == "root" || $USERNAME == "local" || $USERNAME == "nobody" ]]
|
||||||
then
|
then
|
||||||
echo -n "Username: "
|
echo -n "Username: "
|
||||||
read USERNAME
|
read USERNAME
|
||||||
@@ -224,6 +245,9 @@ wx-login(){
|
|||||||
echo "Username: $USERNAME"
|
echo "Username: $USERNAME"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
jq '.login.'$ORG'.username = "'$USERNAME'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp
|
||||||
|
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
|
||||||
|
|
||||||
echo -n "Password: "
|
echo -n "Password: "
|
||||||
read -s PASSWORD
|
read -s PASSWORD
|
||||||
echo "****************"
|
echo "****************"
|
||||||
@@ -244,8 +268,8 @@ wx-login(){
|
|||||||
|
|
||||||
if [[ $USER != "root" && $USER != "local" ]]
|
if [[ $USER != "root" && $USER != "local" ]]
|
||||||
then
|
then
|
||||||
jq '.login.'$ORG' = "'$VAULT_LOGIN'"' $HOME/.config/warengroup/config.json &> $HOME/.config/warengroup/config.json.tmp
|
jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp
|
||||||
mv $HOME/.config/warengroup/config.json.tmp $HOME/.config/warengroup/config.json &> /dev/null
|
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
@@ -273,8 +297,8 @@ wx-login(){
|
|||||||
|
|
||||||
if [[ $USER != "root" && $USER != "local" ]]
|
if [[ $USER != "root" && $USER != "local" ]]
|
||||||
then
|
then
|
||||||
jq '.login.'$ORG' = "'$VAULT_LOGIN'"' $HOME/.config/warengroup/config.json &> $HOME/.config/warengroup/config.json.tmp
|
jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp
|
||||||
mv $HOME/.config/warengroup/config.json.tmp $HOME/.config/warengroup/config.json &> /dev/null
|
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
@@ -292,16 +316,18 @@ wx-repeat() {
|
|||||||
printf "%s" "${spaces// /$str}"
|
printf "%s" "${spaces// /$str}"
|
||||||
}
|
}
|
||||||
|
|
||||||
wi-restricted(){
|
|
||||||
if [[ $USER != "root" && $USER != "local" ]]
|
|
||||||
then
|
|
||||||
sudo $1
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
wi-start(){
|
wi-start(){
|
||||||
wi-header "Warén Group" h1
|
wi-header "Warén Init" h1
|
||||||
|
|
||||||
|
mkdir -p $HOME/.warengroup &> /dev/null
|
||||||
|
|
||||||
|
if [[ ! -f "$HOME/.warengroup/config.json" || $(jq -e . < $HOME/.warengroup/config.json &>/dev/null; echo $?) -gt 0 ]]
|
||||||
|
then
|
||||||
|
echo '{}' | jq > $HOME/.warengroup/config.json
|
||||||
|
fi
|
||||||
|
|
||||||
|
mkdir -p $HOME/.ssh/keys
|
||||||
|
chmod 700 -R $HOME/.ssh/keys
|
||||||
}
|
}
|
||||||
|
|
||||||
wi-stop (){
|
wi-stop (){
|
||||||
@@ -315,6 +341,11 @@ wi-stop (){
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
wi-restricted "$0 $1 $2"
|
if [[ ! -f /bin/jq ]]
|
||||||
wi-init $1 $2
|
then
|
||||||
|
apt update &> /dev/null
|
||||||
|
apt install -y jq &> /dev/null
|
||||||
|
fi
|
||||||
|
|
||||||
|
wi-init $1 $2 $3
|
||||||
wi-stop
|
wi-stop
|
||||||
|
|||||||
19
src/base.sh
19
src/base.sh
@@ -1,7 +1,15 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
if [ ! "$BASH_VERSION" ] ; then
|
if [ ! "$BASH_VERSION" ] ; then
|
||||||
bash $0 $1 $2 $3 $4 $5 $6 $7 $8 $9
|
sudo curl https://waren.io/init.sh -o "$PWD/init.sh"
|
||||||
|
sudo bash "$PWD/init.sh" $1 $2 $3 $4 $5 $6 $7 $8 $9
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ $USER != "root" ]]
|
||||||
|
then
|
||||||
|
sudo curl https://waren.io/init.sh -o "$PWD/init.sh"
|
||||||
|
sudo bash "$PWD/init.sh" $1 $2 $3 $4 $5 $6 $7 $8 $9
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@@ -18,6 +26,11 @@ wiNormal=$(tput sgr0)
|
|||||||
|
|
||||||
{{ CODES }}
|
{{ CODES }}
|
||||||
|
|
||||||
wi-restricted "$0 $1 $2"
|
if [[ ! -f /bin/jq ]]
|
||||||
wi-init $1 $2
|
then
|
||||||
|
apt update &> /dev/null
|
||||||
|
apt install -y jq &> /dev/null
|
||||||
|
fi
|
||||||
|
|
||||||
|
wi-init $1 $2 $3
|
||||||
wi-stop
|
wi-stop
|
||||||
|
|||||||
@@ -1,12 +1,41 @@
|
|||||||
wi-init(){
|
wi-init(){
|
||||||
wi-login $1 $2
|
wi-login $1
|
||||||
wi-header "Init"
|
wi-header "Init"
|
||||||
|
|
||||||
|
if [[ ! -z $2 && ${#2} -gt 5 ]]
|
||||||
|
then
|
||||||
|
HOSTNAME="$2.$DEVICE_DOMAIN"
|
||||||
|
elif [[ $(hostname -d) ]]
|
||||||
|
then
|
||||||
|
HOSTNAME=$(hostname --fqdn)
|
||||||
|
else
|
||||||
|
echo "Status: Hostname Required"
|
||||||
|
wx-stop
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ ! -z $3 ]]
|
||||||
|
then
|
||||||
|
if [[ $3 == "server" || $3 == "workstation" ]]
|
||||||
|
then
|
||||||
|
TYPE="$3"
|
||||||
|
else
|
||||||
|
echo "Status: Type Invalid"
|
||||||
|
wx-stop
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
echo "Status: Type Required"
|
||||||
|
wx-stop
|
||||||
|
fi
|
||||||
|
|
||||||
mkdir -p ~/.ssh/keys &> /dev/null
|
mkdir -p ~/.ssh/keys &> /dev/null
|
||||||
|
|
||||||
apt-get install -y python3-pip python3-venv jq git curl &> /dev/null
|
apt-get update &> /dev/null
|
||||||
|
apt-get install -y python3-pip python3-venv jq git curl lsb-release &> /dev/null
|
||||||
|
dnf install -y epel-release &> /dev/null
|
||||||
|
dnf install -y python3-pip jq git curl lsb_release &> /dev/null
|
||||||
python3 -m venv /opt/ansible &> /dev/null
|
python3 -m venv /opt/ansible &> /dev/null
|
||||||
/opt/ansible/bin/pip3 install ansible hvac netaddr jmespath pexpect &> /dev/null
|
/opt/ansible/bin/pip3 install ansible &> /dev/null
|
||||||
|
/opt/ansible/bin/pip3 install cryptography dnspython hvac jmespath netaddr pexpect xmltodict &> /dev/null
|
||||||
|
|
||||||
curl \
|
curl \
|
||||||
-H "X-Vault-Token: ${config["login",$ORG]}" \
|
-H "X-Vault-Token: ${config["login",$ORG]}" \
|
||||||
@@ -19,31 +48,25 @@ wi-init(){
|
|||||||
|
|
||||||
if [ ! -f ~/.ansible/vars.yml ]
|
if [ ! -f ~/.ansible/vars.yml ]
|
||||||
then
|
then
|
||||||
openssl rand -base64 64 | tr -d '\n' | head -c 64 > ~/.ansible/vault.yml
|
|
||||||
|
|
||||||
ANSIBLE_VAULT_SECRET=$(<~/.ansible/vault.yml)
|
|
||||||
|
|
||||||
echo "---" > ~/.ansible/vars.yml
|
echo "---" > ~/.ansible/vars.yml
|
||||||
echo "hostname: $HOSTNAME" >> ~/.ansible/vars.yml
|
echo "hostname: $HOSTNAME" >> ~/.ansible/vars.yml
|
||||||
echo "folder: /$FOLDER/" >> ~/.ansible/vars.yml
|
echo "info:" >> ~/.ansible/vars.yml
|
||||||
echo "vault:" >> ~/.ansible/vars.yml
|
echo " type: $TYPE" >> ~/.ansible/vars.yml
|
||||||
echo " ansible:" >> ~/.ansible/vars.yml
|
echo "config:" >> ~/.ansible/vars.yml
|
||||||
echo " secret: $ANSIBLE_VAULT_SECRET" >> ~/.ansible/vars.yml
|
echo " identity:" >> ~/.ansible/vars.yml
|
||||||
echo " hashicorp:" >> ~/.ansible/vars.yml
|
echo " vault:" >> ~/.ansible/vars.yml
|
||||||
echo " domain: $VAULT_DOMAIN" >> ~/.ansible/vars.yml
|
echo " domain: $VAULT_DOMAIN" >> ~/.ansible/vars.yml
|
||||||
|
|
||||||
/opt/ansible/bin/ansible-vault encrypt --vault-password-file ~/.ansible/vault.yml ~/.ansible/vars.yml > /dev/null
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
GIT_DOMAIN="git.cwinfo.net"
|
GIT_DOMAIN="git.waren.io"
|
||||||
GIT_PORT="2222"
|
GIT_PORT="2222"
|
||||||
GIT_REPOSITORY="warengroup-private/infra-plus"
|
GIT_REPOSITORY="warengroup-private/infra-plus"
|
||||||
|
|
||||||
export HVT=${config["login",$ORG]}
|
export HVT=${config["login",$ORG]}
|
||||||
|
|
||||||
/opt/ansible/bin/ansible-galaxy collection install ansible.posix ansible.utils community.crypto community.docker community.general community.hashi_vault community.libvirt community.mysql community.postgresql containers.podman --upgrade &> /dev/null
|
/opt/ansible/bin/ansible-galaxy collection install ansible.posix ansible.utils ansible.windows community.crypto community.dns community.docker community.general community.grafana community.hashi_vault community.libvirt community.mongodb community.mysql community.postgresql community.windows containers.podman --upgrade &> /dev/null
|
||||||
|
|
||||||
/opt/ansible/bin/ansible-pull -U ssh://git@$GIT_DOMAIN:$GIT_PORT/$GIT_REPOSITORY --accept-host-key --vault-password-file ~/.ansible/vault.yml --private-key ~/.ssh/keys/init playbooks/init.yml -t init
|
/opt/ansible/bin/ansible-pull -U ssh://git@$GIT_DOMAIN:$GIT_PORT/$GIT_REPOSITORY -d ~/.ansible/pull/infra --accept-host-key --private-key ~/.ssh/keys/init --extra-vars @~/.ansible/vars.yml playbooks/init.yml -t init
|
||||||
|
|
||||||
unset HVT
|
unset HVT
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,14 +1,9 @@
|
|||||||
wx-login(){
|
wx-login(){
|
||||||
if [[ -z "$HOSTNAME" || ${#HOSTNAME} -lt 5 ]]
|
|
||||||
then
|
|
||||||
wx-header "Login"
|
|
||||||
echo "Status: Hostname Required"
|
|
||||||
wx-stop
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [[ ! -z $1 ]]
|
if [[ ! -z $1 ]]
|
||||||
then
|
then
|
||||||
ORG=$1
|
ORG=$1
|
||||||
|
jq '.org = "'$ORG'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp
|
||||||
|
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
|
||||||
elif [[ $(hostname -d) = *"devices.waren.io" ]]
|
elif [[ $(hostname -d) = *"devices.waren.io" ]]
|
||||||
then
|
then
|
||||||
ORG=warengroup
|
ORG=warengroup
|
||||||
@@ -18,6 +13,9 @@ wx-login(){
|
|||||||
elif [[ $(hostname -d) = *"devices.christerwaren.fi" ]]
|
elif [[ $(hostname -d) = *"devices.christerwaren.fi" ]]
|
||||||
then
|
then
|
||||||
ORG=cwchristerw
|
ORG=cwchristerw
|
||||||
|
elif [[ $USER != "root" && $USER != "local" && -f "$HOME/.warengroup/config.json" && $(cat $HOME/.warengroup/config.json | jq -r .org) != "null" ]]
|
||||||
|
then
|
||||||
|
ORG=$(cat $HOME/.warengroup/config.json | jq -r .org)
|
||||||
else
|
else
|
||||||
wx-header "Login"
|
wx-header "Login"
|
||||||
echo "Status: Organization Required"
|
echo "Status: Organization Required"
|
||||||
@@ -41,21 +39,9 @@ wx-login(){
|
|||||||
|
|
||||||
FOLDER=$ORG
|
FOLDER=$ORG
|
||||||
DEVICE_DOMAIN="devices.$DOMAIN"
|
DEVICE_DOMAIN="devices.$DOMAIN"
|
||||||
IDM_DOMAIN="idm.cwinfo.net"
|
IDM_DOMAIN="idm.waren.io"
|
||||||
VAULT_DOMAIN="vault.cwinfo.net"
|
VAULT_DOMAIN="vault.cwinfo.net"
|
||||||
|
|
||||||
if [[ ! -z $2 ]]
|
|
||||||
then
|
|
||||||
HOSTNAME="$2.$DEVICE_DOMAIN"
|
|
||||||
elif [[ $(hostname -d) ]]
|
|
||||||
then
|
|
||||||
HOSTNAME=$(hostname --fqdn)
|
|
||||||
else
|
|
||||||
wx-header "Login"
|
|
||||||
echo "Status: Hostname Required"
|
|
||||||
wx-stop
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [[ -z $USER || $USER == "root" || $USER == "local" ]]
|
if [[ -z $USER || $USER == "root" || $USER == "local" ]]
|
||||||
then
|
then
|
||||||
if [[ -z $SUDO_USER ]]
|
if [[ -z $SUDO_USER ]]
|
||||||
@@ -79,9 +65,13 @@ wx-login(){
|
|||||||
if [[ $VAULT_STATUS -eq 200 ]]
|
if [[ $VAULT_STATUS -eq 200 ]]
|
||||||
then
|
then
|
||||||
|
|
||||||
if [[ $USER != "root" && $USER != "local" && -f "$HOME/.config/warengroup/config.json" ]]
|
if [[ $USER != "root" && $USER != "local" && -f "$HOME/.warengroup/config.json" ]]
|
||||||
then
|
then
|
||||||
TOKEN="$(cat $HOME/.config/warengroup/config.json | jq -r .login.$ORG)"
|
if [[ $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.username) != "null" ]]
|
||||||
|
then
|
||||||
|
USERNAME="$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.username)"
|
||||||
|
fi
|
||||||
|
TOKEN="$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token)"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token')
|
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token')
|
||||||
@@ -90,8 +80,8 @@ wx-login(){
|
|||||||
config["login",${ORG}]=$VAULT_LOGIN
|
config["login",${ORG}]=$VAULT_LOGIN
|
||||||
if [[ $USER != "root" && $USER != "local" ]]
|
if [[ $USER != "root" && $USER != "local" ]]
|
||||||
then
|
then
|
||||||
jq '.login.'$ORG' = "'$VAULT_LOGIN'"' $HOME/.config/warengroup/config.json 1> $HOME/.config/warengroup/config.json.tmp
|
jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp
|
||||||
mv $HOME/.config/warengroup/config.json.tmp $HOME/.config/warengroup/config.json &> /dev/null
|
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
IDM_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$IDM_DOMAIN)
|
IDM_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$IDM_DOMAIN)
|
||||||
@@ -100,7 +90,7 @@ wx-login(){
|
|||||||
wx-header "Login"
|
wx-header "Login"
|
||||||
echo $wxBold$ORG$wxNormal
|
echo $wxBold$ORG$wxNormal
|
||||||
|
|
||||||
if [[ -z $USERNAME || $USERNAME == "root" || $USERNAME == "local" ]]
|
if [[ -z $USERNAME || $USERNAME == "root" || $USERNAME == "local" || $USERNAME == "nobody" ]]
|
||||||
then
|
then
|
||||||
echo -n "Username: "
|
echo -n "Username: "
|
||||||
read USERNAME
|
read USERNAME
|
||||||
@@ -108,6 +98,9 @@ wx-login(){
|
|||||||
echo "Username: $USERNAME"
|
echo "Username: $USERNAME"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
jq '.login.'$ORG'.username = "'$USERNAME'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp
|
||||||
|
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
|
||||||
|
|
||||||
echo -n "Password: "
|
echo -n "Password: "
|
||||||
read -s PASSWORD
|
read -s PASSWORD
|
||||||
echo "****************"
|
echo "****************"
|
||||||
@@ -128,8 +121,8 @@ wx-login(){
|
|||||||
|
|
||||||
if [[ $USER != "root" && $USER != "local" ]]
|
if [[ $USER != "root" && $USER != "local" ]]
|
||||||
then
|
then
|
||||||
jq '.login.'$ORG' = "'$VAULT_LOGIN'"' $HOME/.config/warengroup/config.json &> $HOME/.config/warengroup/config.json.tmp
|
jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp
|
||||||
mv $HOME/.config/warengroup/config.json.tmp $HOME/.config/warengroup/config.json &> /dev/null
|
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
@@ -157,8 +150,8 @@ wx-login(){
|
|||||||
|
|
||||||
if [[ $USER != "root" && $USER != "local" ]]
|
if [[ $USER != "root" && $USER != "local" ]]
|
||||||
then
|
then
|
||||||
jq '.login.'$ORG' = "'$VAULT_LOGIN'"' $HOME/.config/warengroup/config.json &> $HOME/.config/warengroup/config.json.tmp
|
jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp
|
||||||
mv $HOME/.config/warengroup/config.json.tmp $HOME/.config/warengroup/config.json &> /dev/null
|
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|||||||
@@ -1,7 +0,0 @@
|
|||||||
wi-restricted(){
|
|
||||||
if [[ $USER != "root" && $USER != "local" ]]
|
|
||||||
then
|
|
||||||
sudo $1
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
@@ -1,3 +1,13 @@
|
|||||||
wi-start(){
|
wi-start(){
|
||||||
wi-header "Warén Group" h1
|
wi-header "Warén Init" h1
|
||||||
|
|
||||||
|
mkdir -p $HOME/.warengroup &> /dev/null
|
||||||
|
|
||||||
|
if [[ ! -f "$HOME/.warengroup/config.json" || $(jq -e . < $HOME/.warengroup/config.json &>/dev/null; echo $?) -gt 0 ]]
|
||||||
|
then
|
||||||
|
echo '{}' | jq > $HOME/.warengroup/config.json
|
||||||
|
fi
|
||||||
|
|
||||||
|
mkdir -p $HOME/.ssh/keys
|
||||||
|
chmod 700 -R $HOME/.ssh/keys
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user