Partner/bondingadmin-install
12
0
Fork 0
Code Pull Requests Packages Projects Releases Activity
bondingadmin-install/install.sh
James Oakley bb49f9120d
Some checks failed
buildservice Build Debian_9.0/x86_64 result: broken Build Debian_8.0/x86_64 result: broken Build Debian_11/x86_64 result: broken Build Debian_10/x86_64 result: broken
Fix bad config option retrieval when the result has whitespace. Other 
minor fixes
2021-09-23 07:12:35 -03:00

154 lines
5.2 KiB
Bash
Executable File
Raw Permalink Blame History

#!/bin/bash
set -e
SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
has_migration=0
if [[ "$1x" = "--migrationx" ]] ; then
has_migration=1
fi
echo -e "\e[31mW\e[32m\e[33me\e[94ml\e[35mc\e[36mo\e[91mm\e[92me\e[0m"
echo -e "\e[32mTo the automated management server installer\e[0m"
if [[ "$1x" = "--migrationx" ]] ; then
echo -e "\e[91mRunning in migration mode\e[92m\e[0m"
fi
echo -e "\e[91mMake sure you are running this in a tmux session\e[92m\n\n\e[0m"
echo -e "\e[32mChecking for valid locale\e[0m"
if ! grep -q 'LANG=en_US.UTF-8' /etc/default/locale; then
echo 'Setting default locale to en_US.UTF-8...'
sed -i 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen
/usr/sbin/locale-gen
/usr/sbin/update-locale LANG="en_US.UTF-8" LANGUAGE="en_US:en"
echo 'You MUST run locale and ensure your current settings are a UTF-8 locale, and if not, restart your session.'
exit 1
fi
if [ -f $SCRIPT_DIR/migrate ] ; then
# Get values from source server
dns_name=$($SCRIPT_DIR/migrate get hostname)
multapplied_api_token=$($SCRIPT_DIR/migrate get multapplied_api_token)
fi
if [ -z $dns_name ] ; then
echo -ne "\n\n\e[32m DNS name: \e[0m"
read dns_name
fi
if [[ "$has_migration" = 1 ]] ; then
mkdir -p /root/.ssh /etc/firewall.d /etc/bondingadmin
for FILE in /root/.ssh/authorized_keys /etc/firewall.d/known_ips /etc/bondingadmin/settings.py /etc/bondingadmin/bondingadmin.conf; do
scp "root@${dns_name}:${FILE}" "${FILE}"
done
fi
if [[ "$(cat /etc/hostname)" != "$dns_name" ]] ; then
echo "hostname changed from $(cat /etc/hostname) to ${dns_name}"
echo "Please restart the system first before installing"
echo $dns_name > /etc/hostname
exit 1
fi
echo -e "\e[32mSetting up multapplied APT sources\e[0m"
echo "deb http://debian.multapplied.net/debian/ buster main non-free" > /etc/apt/sources.list.d/bondingadmin.list
echo "Adding APT GPG keys"
apt-get install -y gnupg wget
wget -qO - http://debian.multapplied.net/debian/public.gpg.key | apt-key add -
apt-get update
echo -e "\e[32mInstalling bondingadmin package\e[0m"
apt-get install -y ntp bondingadmin
echo -e "\e[32mInstalling supporting packages\e[0m"
apt-get install -y htop vim tcpdump tree
echo -e "\e[32mRestarting firewall \e[0m"
systemctl restart firewall
cat > /etc/bondingadmin/salt-config/states/bonder/resolv.conf <<EOF
nameserver 8.8.8.8
nameserver 8.8.4.4
EOF
cat > /etc/bondingadmin/salt-config/states/node/known_ips <<EOF
iptables -A \$CHAIN -s 74.121.35.0/25 -j ACCEPT # MNI operations
iptables -A \$CHAIN -s 74.121.34.0/26 -j ACCEPT # MNI operations
iptables -A \$CHAIN -s 74.121.32.112/28 -j ACCEPT # MNI operations
iptables -A \$CHAIN -s 159.2.43.20/32 -j ACCEPT # MNI operations
ip6tables -A \$CHAIN -s 2602:ff93:11ff::/48 -j ACCEPT # MNI operations
iptables -A \$CHAIN -p ospf -j ACCEPT
ip6tables -A \$CHAIN -p ospf -j ACCEPT
EOF
test -f /usr/share/bondingadmin/default/firewall/filter-input-99-trusted-networks.nft \
&& cp /usr/share/bondingadmin/default/firewall/filter-input-99-trusted-networks.nft /etc/bondingadmin/salt-config/states/node/filter-input-99-trusted-networks.nft
echo -e "\e[32mSetting up mail server\e[0m"
cat <<EOF | debconf-set-selections
postfix postfix/mailname string $dns_name
postfix postfix/main_mailer_type string 'Internet Site'
EOF
DEBIAN_FRONTEND=noninteractive apt-get install -f -y postfix
if [[ "$has_migration" = 1 ]] ; then
services="bondingadmin bondingadmin-uwsgi homestead aggfail influxdb"
echo -e "\e[32mDisabling $services\e[0m"
systemctl disable --now $services
exit 0
fi
echo -e "\e[32mSetting up certificates\e[0m"
make-bondingadmin-ca
yes y | make-server-cert
make-bondingadmin-openvpn
/usr/share/bondingadmin/initdb.sh
if [ -z $multapplied_api_token ] ; then
token_set="false"
while [ "$token_set" = "false" ] ; do
echo -ne "\e[32mJulius API token: \e[0m\e[0m"
read julius_api_key
ba set multapplied_api_token $julius_api_key
ba testmultappliedtoken
rc=$?
if [ $rc -ne 0 ] ; then
echo -e "\e[31mbad API token; try again\e[0m"
else
token_set="true"
fi
done
else
ba set multapplied_api_token $multapplied_api_token
ba testmultappliedtoken
fi
echo -e "\e[32mSetting up bondingadmin\e[0m"
bondingadmin-setup
echo -e "\e[32mSetting up backups\e[0m"
ba sendmgmtpublickey
backup-bondingadmin
ba remotebackup
ba remotebackupstatus
echo -e "\e[32mSetting up salt minion\e[0m"
/usr/share/bondingadmin/initsaltminion.sh
systemctl enable --now bondingadmin-salt-access
echo -e "\e[32mSetting up OAuth\e[0m"
ba fetch_oauth_client_authentication
echo -e "\e[32mSetting up API user for Julius \e[0m"
ba setup_julius_api_user
echo -e "Don't forget to customize the following files if necessary:"
echo -e " \e[96m/etc/firewall.d/known_ips\e[0m"
echo -e " \e[96m/etc/bondingadmin/salt-config/states/bonder/resolv.conf\e[0m"
echo -e " \e[96m/etc/bondingadmin/salt-config/states/node/known_ips\e[0m"
echo -e " \e[96m/etc/bondingadmin/salt-config/states/node/filter-input-99-trusted-networks.nft\e[0m"
View Git Blame Copy Permalink