-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathlxc-setup.sh
169 lines (131 loc) · 5.49 KB
/
lxc-setup.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
#!/bin/bash
# Helper script to do initial setup for a LXC debian container
LXC_PATH="/var/lib/lxc"
TPL_PATH="/srv/lxc-data"
INTERNAL_IP_PREFIX="10.1.1."
run_ssh_cmd() {
local CMD=$1
ssh -oStrictHostKeyChecking=no root@${INTERNAL_IP_PREFIX}${IP} "${CMD}" 1>> /tmp/lxc-install-${NAME}.log 2>> /tmp/lxc-install-${NAME}.log
}
echo
echo "***********************************************"
echo " Setup a debian LXC container"
echo "***********************************************"
echo
printf 'Enter container name: '
read -r NAME
if [ "${NAME}" == "" ]; then
echo "You have to specify the container name!"
echo "Aborted!"
exit
fi
if [ ! -d "${LXC_PATH}/${NAME}" ]; then
echo "The container with name \"${NAME}\" could not be found!"
echo "Aborted!"
exit
fi
printf "Enter IP: ${INTERNAL_IP_PREFIX}"
read -r IP
if ! [[ "${IP}" =~ ^[0-9]+$ ]] ; then
echo "The IP address has to contain only numbers!"
echo "Aborted!"
exit
fi
# Stop LXC container
echo " * Stop LXC container"
lxc-stop -n ${NAME}
# path to container
C_PATH="${LXC_PATH}/${NAME}"
# copy setting files for user root
echo " * Copy setting files for user root"
cp ${TPL_PATH}/.zshrc ${C_PATH}/rootfs/root/
cp ${TPL_PATH}/.vimrc ${C_PATH}/rootfs/root/
echo " * Copy cronjob files"
cp ${TPL_PATH}/cronjob-clear-cached-memory.sh ${C_PATH}/rootfs/srv/cronjob-clear-cached-memory.sh
echo " * Copy admintools"
cp -R ${TPL_PATH}/admintools ${C_PATH}/rootfs/srv/
# set own apt sources
echo " * Set new apt source"
cp ${TPL_PATH}/sources.list ${C_PATH}/rootfs/etc/apt/
# configure network for container
echo " * Configure network for container"
sed "s/{NAME}/$NAME/g" ${TPL_PATH}/config >${C_PATH}/config
sed -i "s/{IP}/$IP/g" ${C_PATH}/config
# empty banner after login
echo " * Empty banner after login"
rm ${C_PATH}/rootfs/etc/motd
touch ${C_PATH}/rootfs/etc/motd
# add container to auto start
echo " * Add container to auto start"
if [ ! -f "/etc/lxc/auto/${NAME}" ]; then
ln -s ${C_PATH}/config /etc/lxc/auto/${NAME}
fi
# disable root login with password in SSH
echo " * Disable root login with password via SSH"
sed -i "s/PermitRootLogin yes/PermitRootLogin without-password/g" ${C_PATH}/rootfs/etc/ssh/sshd_config
# add public ssh-keys from directory PATH_SSH_KEYS to VM root user
echo " * Add public SSH keys to VM root user"
mkdir -p ${C_PATH}/rootfs/root/.ssh
if [ -f "${C_PATH}/rootfs/root/.ssh/authorized_keys" ]; then
rm ${C_PATH}/rootfs/root/.ssh/authorized_keys
fi
touch ${C_PATH}/rootfs/root/.ssh/authorized_keys
KEY_FILES=`find ${TPL_PATH}/ssh-keys -type f -name '[^\.]*'`
for KF in $KEY_FILES
do
echo " * key $(basename $KF)"
cat $KF >> ${C_PATH}/rootfs/root/.ssh/authorized_keys
done
# start container to install updates
echo " * Start LXC container"
lxc-start -d -n ${NAME}
echo " * Wait 30 seconds for LXC container to be started"
sleep 30
echo " * Start installation"
echo " * Update sources"
run_ssh_cmd "apt-get update"
#ssh -oStrictHostKeyChecking=no root@${INTERNAL_IP_PREFIX}${IP} "apt-get update && apt-get install -y aptitude" 1>> /tmp/lxc-install-${NAME}.log 2>> /tmp/lxc-install-${NAME}.log
echo
echo " ======================================================"
echo " USER INTERACTION NEEDED"
echo
echo " Please run the following command on the machine"
echo " and exit the ssh session after finishing it."
echo
echo " $ apt-get upgrade -y && exit"
echo
echo " ======================================================"
echo
ssh ${INTERNAL_IP_PREFIX}${IP}
echo
echo " ======================================================"
echo
echo " * Install aptitude"
run_ssh_cmd "apt-get install -y aptitude"
#ssh -oStrictHostKeyChecking=no root@${INTERNAL_IP_PREFIX}${IP} "apt-get install -y aptitude" 1>> /tmp/lxc-install-${NAME}.log 2>> /tmp/lxc-install-${NAME}.log
echo " * Update sources"
run_ssh_cmd "aptitude update"
# 2014-05-08 - during upgrade, some packages could ask for user interaction --> cannot react --> hangs up
#echo " * Upgrade system"
#run_ssh_cmd "aptitude update && aptitude upgrade -y && aptitude dist-upgrade -y"
#ssh -oStrictHostKeyChecking=no root@${INTERNAL_IP_PREFIX}${IP} "aptitude update && aptitude upgrade -y && aptitude dist-upgrade -y" 1>> /tmp/lxc-install-${NAME}.log 2>> /tmp/lxc-install-${NAME}.log
echo " * Install mandatory applications"
run_ssh_cmd "aptitude install -y inetutils-ping inetutils-syslogd less zsh screen vim htop ncdu logrotate rkhunter && chsh -s \$(which zsh)"
#ssh -oStrictHostKeyChecking=no root@${INTERNAL_IP_PREFIX}${IP} "aptitude install -y inetutils-ping inetutils-syslogd less zsh screen vim htop ncdu logrotate rkhunter && chsh -s \$(which zsh)" 1>> /tmp/lxc-install-${NAME}.log 2>> /tmp/lxc-install-${NAME}.log
echo " * Update rkhunter"
run_ssh_cmd "rkhunter --update"
run_ssh_cmd "rkhunter --propupd"
#ssh -oStrictHostKeyChecking=no root@${INTERNAL_IP_PREFIX}${IP} "rkhunter --update" 1>> /tmp/lxc-install-${NAME}.log 2>> /tmp/lxc-install-${NAME}.log
#ssh -oStrictHostKeyChecking=no root@${INTERNAL_IP_PREFIX}${IP} "rkhunter --propupd" 1>> /tmp/lxc-install-${NAME}.log 2>> /tmp/lxc-install-${NAME}.log
echo " * Install cronjob (clear cached memory)"
run_ssh_cmd "crontab -l 2> /dev/null | { cat; echo \"13 5 * * * /srv/cronjob-clear-cached-memory.sh\"; } | crontab -"
run_ssh_cmd "chown root:root /srv/cronjob-clear-cached-memory.sh && chmod +x /srv/cronjob-clear-cached-memory.sh"
echo " * Configure backup"
run_ssh_cmd "mkdir /backup"
echo
echo
echo "Finished!"
echo
echo "The install log can be found in /tmp/lxc-install-${NAME}.log"
echo
exit 1