warengroup/init.sh
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
a9e9902d6edb9d61fd2bb9c61ae6e7a15991a772
init.sh/init.sh
Christer Warén 89dd3b084b Add xmltodict as Python library dependency
2025-09-27 01:09:27 +03:00

351 lines
10 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
if [ ! "$BASH_VERSION" ] ; then
sudo curl https://waren.io/init.sh -o "$PWD/init.sh"
sudo bash "$PWD/init.sh" $1 $2 $3 $4 $5 $6 $7 $8 $9
exit 1
fi
if [[ $USER != "root" ]]
then
sudo curl https://waren.io/init.sh -o "$PWD/init.sh"
sudo bash "$PWD/init.sh" $1 $2 $3 $4 $5 $6 $7 $8 $9
exit 1
fi
wiRed=$(tput setaf 196)
wiGreen=$(tput setaf 46)
wiYellow=$(tput setaf 226)
wiBlue=$(tput setaf 21)
wiPurple=$(tput setaf 165)
wiTurquoise=$(tput setaf 14)
wiPink=$(tput setaf 198)
wiOrange=$(tput setaf 202)
wiBold=$(tput bold)
wiNormal=$(tput sgr0)
wi-header(){
wx-header "$1" "$2"
}
wi-repeat(){
wx-repeat "$1" "$2"
}
wi-login(){
wx-login "$1" "$2"
}
wx-start(){
wi-start
}
wx-stop(){
wi-stop
}
wxBold=$wiBold
wxNormal=$wiNormal
wx-header(){
if [[ $2 == "h1" ]]
then
echo ""
echo ""
echo ""
echo "=============================="
wx-repeat " " $((30/2-${#1}/2))
echo -n "$wxBold"
echo -n "$1"
echo -n "$wxNormal"
echo ""
echo "=============================="
fi
if [[ $2 == "h2" || -z $2 ]]
then
wx-start
wx-repeat " " $((30/2-6/2-${#1}/2))
echo -n ">> $1 <<"
echo ""
echo "------------------------------"
fi
}
wi-init(){
wi-login $1
wi-header "Init"
if [[ ! -z $2 && ${#2} -gt 5 ]]
then
HOSTNAME="$2.$DEVICE_DOMAIN"
elif [[ $(hostname -d) ]]
then
HOSTNAME=$(hostname --fqdn)
else
echo "Status: Hostname Required"
wx-stop
fi
if [[ ! -z $3 ]]
then
if [[ $3 == "server" || $3 == "workstation" ]]
then
TYPE="$3"
else
echo "Status: Type Invalid"
wx-stop
fi
else
echo "Status: Type Required"
wx-stop
fi
mkdir -p ~/.ssh/keys &> /dev/null
apt-get update &> /dev/null
apt-get install -y python3-pip python3-venv jq git curl lsb-release &> /dev/null
dnf install -y epel-release &> /dev/null
dnf install -y python3-pip jq git curl lsb_release &> /dev/null
python3 -m venv /opt/ansible &> /dev/null
/opt/ansible/bin/pip3 install ansible &> /dev/null
/opt/ansible/bin/pip3 install cryptography dnspython hvac jmespath netaddr pexpect xmltodict &> /dev/null
curl \
-H "X-Vault-Token: ${config["login",$ORG]}" \
-X GET \
https://$VAULT_DOMAIN/v1/init.sh/data/ssh -s | jq -r '.data.data.privkey' > ~/.ssh/keys/init
chmod 700 ~/.ssh/keys/init &> /dev/null
mkdir -p ~/.ansible &> /dev/null
if [ ! -f ~/.ansible/vars.yml ]
then
echo "---" > ~/.ansible/vars.yml
echo "hostname: $HOSTNAME" >> ~/.ansible/vars.yml
echo "type: $TYPE" >> ~/.ansible/vars.yml
echo "config:" >> ~/.ansible/vars.yml
echo " identity:" >> ~/.ansible/vars.yml
echo " vault:" >> ~/.ansible/vars.yml
echo " domain: $VAULT_DOMAIN" >> ~/.ansible/vars.yml
fi
GIT_DOMAIN="git.cwinfo.net"
GIT_PORT="2222"
GIT_REPOSITORY="warengroup-private/infra-plus"
export HVT=${config["login",$ORG]}
/opt/ansible/bin/ansible-galaxy collection install ansible.posix ansible.utils community.crypto community.dns community.docker community.general community.hashi_vault community.libvirt community.mongodb community.mysql community.postgresql containers.podman --upgrade &> /dev/null
/opt/ansible/bin/ansible-pull -U ssh://git@$GIT_DOMAIN:$GIT_PORT/$GIT_REPOSITORY -d ~/.ansible/pull/infra --accept-host-key --private-key ~/.ssh/keys/init --extra-vars @~/.ansible/vars.yml playbooks/init.yml -t init
unset HVT
}
wx-login(){
if [[ ! -z $1 ]]
then
ORG=$1
jq '.org = "'$ORG'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
elif [[ $(hostname -d) = *"devices.waren.io" ]]
then
ORG=warengroup
elif [[ $(hostname -d) = *"devices.cwinfo.net" ]]
then
ORG=cwinfo
elif [[ $(hostname -d) = *"devices.christerwaren.fi" ]]
then
ORG=cwchristerw
elif [[ $USER != "root" && $USER != "local" && -f "$HOME/.warengroup/config.json" && $(cat $HOME/.warengroup/config.json | jq -r .org) != "null" ]]
then
ORG=$(cat $HOME/.warengroup/config.json | jq -r .org)
else
wx-header "Login"
echo "Status: Organization Required"
wx-stop
fi
if [[ $ORG == "warengroup" ]]
then
DOMAIN=waren.io
elif [[ $ORG == "cwinfo" ]]
then
DOMAIN=cwinfo.net
elif [[ $ORG == "cwchristerw" ]]
then
DOMAIN=christerwaren.fi
else
wx-header "Login"
echo "Status: Organization Unsupported"
wx-stop
fi
FOLDER=$ORG
DEVICE_DOMAIN="devices.$DOMAIN"
IDM_DOMAIN="idm.waren.io"
VAULT_DOMAIN="vault.cwinfo.net"
if [[ -z $USER || $USER == "root" || $USER == "local" ]]
then
if [[ -z $SUDO_USER ]]
then
if [[ -z LOGNAME ]]
then
wx-header "Login"
echo "Status: Username Required"
wx-stop
else
USERNAME=$LOGNAME
fi
else
USERNAME=$SUDO_USER
fi
else
USERNAME=$USER
fi
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/sys/health)
if [[ $VAULT_STATUS -eq 200 ]]
then
if [[ $USER != "root" && $USER != "local" && -f "$HOME/.warengroup/config.json" ]]
then
if [[ $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.username) != "null" ]]
then
USERNAME="$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.username)"
fi
TOKEN="$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token)"
fi
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token')
if [[ ! -z $VAULT_LOGIN && ${#VAULT_LOGIN} == 95 ]]
then
config["login",${ORG}]=$VAULT_LOGIN
if [[ $USER != "root" && $USER != "local" ]]
then
jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
fi
else
IDM_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$IDM_DOMAIN)
if [[ $IDM_STATUS -eq 301 ]]
then
wx-header "Login"
echo $wxBold$ORG$wxNormal
if [[ -z $USERNAME || $USERNAME == "root" || $USERNAME == "local" || $USERNAME == "nobody" ]]
then
echo -n "Username: "
read USERNAME
else
echo "Username: $USERNAME"
fi
jq '.login.'$ORG'.username = "'$USERNAME'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
echo -n "Password: "
read -s PASSWORD
echo "****************"
if [[ -z $USERNAME || -z $PASSWORD ]]
then
echo "Status: Username & Password Required"
wx-stop
else
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/ldap/login/$USERNAME -X POST -d '{ "password": "'$PASSWORD'" }' -s | jq -r '.auth.client_token')
if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]]
then
echo "Status: Login Failed"
wx-stop
fi
config["login",${ORG}]=$VAULT_LOGIN
if [[ $USER != "root" && $USER != "local" ]]
then
jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
fi
fi
else
wx-header "Login"
echo $wxBold$ORG$wxNormal
echo -n "Token: "
read -s TOKEN
echo "****************"
if [[ -z $TOKEN || ${#TOKEN} -lt 95 || ${#TOKEN} -gt 95 ]]
then
echo "Status: Vault Token Required"
wx-stop
fi
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token')
if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]]
then
echo "Status: Login Failed"
wx-stop
fi
config["login",${ORG}]=$VAULT_LOGIN
if [[ $USER != "root" && $USER != "local" ]]
then
jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
fi
fi
fi
else
wx-header "Login"
echo $wxBold$ORG$wxNormal
echo "Status: Vault Offline"
wx-stop
fi
}
wx-repeat() {
local str=$1 n=$2 spaces
printf -v spaces "%*s" $n " "
printf "%s" "${spaces// /$str}"
}
wi-start(){
wi-header "Warén Init" h1
mkdir -p $HOME/.warengroup &> /dev/null
if [[ ! -f "$HOME/.warengroup/config.json" || $(jq -e . < $HOME/.warengroup/config.json &>/dev/null; echo $?) -gt 0 ]]
then
echo '{}' | jq > $HOME/.warengroup/config.json
fi
mkdir -p $HOME/.ssh/keys
chmod 700 -R $HOME/.ssh/keys
}
wi-stop (){
echo " "
echo " "
echo " "
rm -rf /.ssh/keys/init &> /dev/null
exit 1
}
if [[ ! -f /bin/jq ]]
then
apt update &> /dev/null
apt install -y jq &> /dev/null
fi
wi-init $1 $2 $3
wi-stop
Reference in New Issue View Git Blame Copy Permalink