#!/bin/bash # $HeadURL$ $LastChangedRevision$ set -e PROGNAME=$(basename $0) MODROOT=${MDI_MODROOT:-$(expr "$(readlink -m $0)" : '\(.*\)/bin/[^/]*$')} [ -d $MODROOT/lib/helpers ] || { echo "$PROGNAME: ERROR: can't find components (do you need to set 'MDI_MODROOT'?)" >&2; exit 1; } # Save these as they'll be needed for the 'script' logging wrapper. PROGNAME_ORIG=$0 ARGS_ORIG=("$@") # Load config and support functions . $MODROOT/include/mdi.sh # Note that pdi does not soure mdi's config file. # Globals MDI_PARAMS_FILE=/var/local/mdi/mdi-params PDI_PARAMS_FILE=/var/local/mdi/pdi-params LOG_DIR=$HOME/.$PROGNAME/logs # lenny's bash doesn't support hashes. #declare -A SETTINGS_WHICH_CALLED_THE_QUESTION_FUNCTION declare -a SETTINGS_WHICH_CALLED_THE_QUESTION_FUNCTION ALL_TASKS=( # Early stuff (order important) sanity_checks promote_questions correct_debinst configure_nics # Configuring NICs alone is not enough to # allow repos to be accessed; resolv.conf # needs to be set up. configure_dns_client configure_repos upgrade_immediately configure_ssh configure_nscd configure_user_root install_packages_urgent fix_miscellaneous_early # Kernel and drivers configure_driver_arch_multiarch configure_driver_boot_grub configure_driver_disk_ssd configure_driver_network_realtek configure_driver_video_nvidia configure_driver_video_radeon configure_driver_audio_pulse # Packages for everybody install_packages_common # Standard client stuff configure_ntp_client configure_syslog_client configure_nis_client configure_mail_client # must be done before any calls to send_email_to_admin() configure_dyndns_client configure_backup_client configure_ganglia_client configure_nagios_client # Server stuff # Login server configurer takes so long that if something goes wrong # it is quite painful, so we split it up, that way there will be less # to redo if it goes wrong. configure_login_server_part1 configure_login_server_part2 configure_login_server_part3 configure_login_server_part4 configure_web_server configure_mail_server # Late stuff (order important) configure_autoupdate remove_packages_unwanted fix_miscellaneous_late execute_reboot ) # Map variable names to code to assign a value REGEXP2EVALUATOR_MAP=( ADMIN_EMAILADDR question '"admin email address" "root" help_nohelpavailable validate_emailaddr rationalise_emailaddr' AMANDACLIENT_SERVER function get_amandaclient_server ARCH function get_arch AUTOUPDATE_FLAG question '"auto-update" "y" help_nohelpavailable validate_logical rationalise_logical' BACKUP_SOFTWARE question '"backup software (rdw, none, amanda)" "rdw" help_nohelpavailable "validate_string \"^(rdw|none|amanda)\$\"" echo' BOOTMEDIA question '"boot media" "net" "echo \"net or cd\"" "validate_string \"^(net|cd)\$\"" echo' DNSCLIENT_FLAG assign "true" DNSCLIENT_SERVERS function get_dnsclient_servers DNSCLIENT_DOMAIN question '"DNS domainname" "" help_nohelpavailable "validate_string \"^[a-z0-9_.\-][a-z0-9_.\-]*\$\"" echo' DYNDNSCLIENT_FLAG question '"is this a dyndns client" "n" help_nohelpavailable validate_logical rationalise_logical' DYNDNSCLIENT_NOIP_LOGIN question '"no-ip login" "" help_nohelpavailable validate_emailaddr echo' DYNDNSCLIENT_NOIP_PASSWORD question '"no-ip password" "" help_nohelpavailable "validate_string \"[^ ].*[^ ]\$\"" echo' DYNDNSCLIENT_SERVICE question '"dyndns service provider" "no-ip" help_nohelpavailable "validate_string \"^(no-ip)\$\"" echo' GANGLIACLIENT_FLAG question '"is this a ganglia client" "y" help_nohelpavailable validate_logical rationalise_logical' GANGLIACLIENT_SERVER function get_gangliaclient_server HVM_FLAG function get_hvm_flag LOGINSERVER_FLAG question '"is this a login server" "n" "echo \"y or n\"" validate_logical rationalise_logical' MAILCLIENT_FLAG question '"is this a mail client" "y" help_nohelpavailable validate_logical rationalise_logical' MAILCLIENT_SERVER function 'get_mailclient_server' NICS question '"NICs" "lo,eth0" help_nohelpavailable validate_nic_list_and_lo rationalise_nic_list' NISCLIENT_DOMAIN question '"NIS domain" "" help_nohelpavailable validate_nisdomain echo' NISCLIENT_FLAG question '"is this a NIS client" "y" help_nohelpavailable validate_logical rationalise_logical' NISCLIENT_MODE question '"specify server or broadcast for it" "broadcast" help_nohelpavailable "validate_string \"^(specify|broadcast)\$\"" echo' NISCLIENT_SERVER function get_nisclient_server NTPCLIENT_SERVERS function get_ntpclient_servers RDWCLIENT_SERVER function get_rdwclient_server RELEASE function get_release REPOCONFIGURATOR_CMD question '"paa configurator script" "cd /usr/share/doc/paa/examples && AUTOPAA_MODE=client ./autopaa" help_nohelpavailable validate_command echo' SYSLOGCLIENT_FLAG question '"should logs be sent to a central syslog server" "y" help_nohelpavailable validate_logical rationalise_logical' SYSLOGCLIENT_SERVER function 'get_syslogclient_server' TIMEZONE question '"timezone" "Europe/Berlin" help_nohelpavailable validate_timezone echo' TRUSTCLIENT_FLAG question '"is this the trusted client" "n" help_nohelpavailable validate_logical rationalise_logical' TRUSTCLIENT_KEY function 'get_trustclient_key' NAGIOSCLIENT_FLAG function 'get_nagiosclient_flag' NAGIOSCLIENT_KEY function 'get_nagiosclient_serverpubkey' UNAME question '"uname" "" help_nohelpavailable "validate_string \"^[a-z0-9_\-][a-z0-9_\-]*\$\"" echo' VM_FLAG function get_vm_flag SERIAL_CONSOLE_FLAG question '"serial console" "n" "echo \"y or n\"" validate_logical rationalise_logical' # Network LOGINSERVER_NM_FLAG function get_loginserver_networkmanager_flag SSD_FLAG function get_ssd_flag REALTEK_FLAG function get_realtek_flag NVIDIA_FLAG function get_nvidia_flag RADEON_FLAG function get_radeon_flag LOGINSERVER_RUNX_FLAG function get_loginserver_runx_flag WEBSERVER_FLAG question '"is this a web server" "n" help_nohelpavailable validate_logical rationalise_logical' MAILSERVER_FLAG question '"is this a mail server" "n" help_nohelpavailable validate_logical rationalise_logical' NIC_CONFIG_METHOD_lo assign "static" NIC_CONFIG_METHOD_vif.* assign "none" NIC_CONFIG_METHOD_.* function get_nic_method NIC_CONFIG_HOSTNAME_lo assign "localhost" NIC_CONFIG_HOSTNAME_.* function get_nic_hostname NIC_CONFIG_IPADDR_lo assign "127.0.0.1" NIC_CONFIG_IPADDR_.* function get_nic_ipaddr NIC_CONFIG_NETMASK_lo assign "255.0.0.0" NIC_CONFIG_NETMASK_.* function get_nic_netmask NIC_CONFIG_GATEWAY_lo assign "none" NIC_CONFIG_GATEWAY_.* function get_nic_gatewayipaddr NIC_CONFIG_BRNICS_lo assign "none" NIC_CONFIG_BRNICS_.* function get_nic_brnics # BTS#611584 WORKAROUND_611584_FLAG function 'get_workaround_611584' WORKAROUND_727628_FLAG function 'get_workaround_727628' ) main() { local TASK # Defaults for options VERBOSELEVEL=3 APPLY_MODE=normal # Process options while [ "X$1" != X ]; do case $1 in -d) VERBOSELEVEL=$2; shift ;; --debug=*) VERBOSELEVEL=${1#*=} ;; -v|--verbose) VERBOSELEVEL=3 ;; -l|--list-tasks) for ((I=0; $I<${#ALL_TASKS[*]}; I++)); do echo ${ALL_TASKS[$I]}; done; return 0 ;; --mode=skip) APPLY_MODE=skip ;; --mode=force) APPLY_MODE=force ;; --mode=normal) APPLY_MODE=normal ;; --) shift; break ;; -*) usage ;; *) break ;; esac shift done # Process arguments if [ "X$1" = X ]; then TASKS=("${ALL_TASKS[@]}") else TASKS=("$@") fi debug 10 "main: TASKS=\"${TASKS[*]}\"" # Sanity checks and derivations # Unset stuff that may be set already but which we don't want to inherit unset HOSTNAME TIMEZONE # Ensure this script is run under 'script' for logging purposes. debug 10 "main: before RUNNING_UNDER_SCRIPT stanza" [ "X$RUNNING_UNDER_SCRIPT" = Xtrue ] || { export RUNNING_UNDER_SCRIPT=true mkdir -p $LOG_DIR exec script -q -c "$PROGNAME_ORIG ${ARGS_ORIG[*]}" $LOG_DIR/$(date +%Y%m%d%H%M%S).$$ } debug 10 "main: after RUNNING_UNDER_SCRIPT stanza" # Guts load_settings get_settings save_settings # Execute tasks exec_tasks } usage() { local RC RC=${1:-1} { echo "Usage: $PROGNAME [ ] [ ... ]" echo echo "Options: --mode={force,skip,normal} force doing tasks, skip tasks, do tasks if not done" echo " -l | --list-tasks list tasks" } | if [ $RC = 0 ]; then cat else cat >&2 fi exit $RC } ############################################################################## # # TASKS # ############################################################################## sanity_checks() { debug 10 "sanity_checks: sof" # This is the one and only step whose body is executed during # the information-gathering phase, because it is so critical! [ $TASK_MODE = get_settings ] || return 0 # paa will only have been installed if the dione.no-ip.org repo key # was successfully retrieved, but this seems flaky. Here we check. dpkg -l paa > /dev/null 2>&1 || { error "paa not installed (probably because key installation failed during the execution of the preseed file)"; return 1; } } promote_questions() { debug 10 "promote_questions: sof" # The only point of this function is to force the order # in which certain questions are asked; they'll be asked # anyway as they're needed, but for aesthetic reasons its # quite useful to force the order of some things. get_setting ADMIN_EMAILADDR || return $? get_setting UNAME || return $? get_setting DNSCLIENT_DOMAIN || return $? get_setting LOGINSERVER_FLAG || return $? get_setting DYNDNSCLIENT_FLAG || return $? get_setting BACKUP_SOFTWARE || return $? get_setting SERIAL_CONSOLE_FLAG || return $? [ $TASK_MODE != get_settings ] || return 0 } correct_debinst() { # Get settings we'll need for this task. get_setting UNAME || return $? get_setting TIMEZONE || return $? get_setting VM_FLAG || return $? [ $TASK_MODE != get_settings ] || return 0 # Task applicability : # Peform task info "configuring hostname ..." echo $UNAME > /etc/hostname svcadmin start hostname.sh info "configuring timezone ..." echo "$TIMEZONE" > /etc/timezone cp /usr/share/zoneinfo/$TIMEZONE /etc/localtime if ! $VM_FLAG; then info "removing the 'remainder' LV ..." # Trying to remove it during the execution of the installer, just # makes it hang, so we have to do it here. lvremove --force /dev/vg$UNAME/remainder fi # We still install mdadm but we do not use it. svcadmin stop mdadm svcadmin remove mdadm # Pending paa 1.99.14, paa's cronjob is too noisy when it has nothing to do. Quieten it. echo "15 8 * * * root paa -v mirror ALL-REPOS 2>&1 | egrep -v 'paa: ERROR: nothing mirrored'" > /etc/cron.d/paa } configure_nics() { local VAR NIC NIC_CONFIG_METHOD NIC_CONFIG_IPADDR NIC_CONFIG_BRNICS NIC_CONFIG_NETMASK NIC_CONFIG_GATEWAY METHOD HOSTNAME IPADDR NETMASK GATEWAY BRNICS HOSTENT HAVE_AT_LEAST_ONE_DHCP_NIC # Get settings we'll need for this task. get_setting NICS || return $? get_setting UNAME || return $? get_setting RELEASE || return $? get_setting DNSCLIENT_DOMAIN || return $? get_setting REALTEK_FLAG || return $? for NIC in $NICS; do # Get method debug 100 "configure_nics: calling \"get_setting NIC_CONFIG_METHOD_$(nic2hashindex $NIC)\" ..." get_setting NIC_CONFIG_METHOD_$(nic2hashindex $NIC) || return $? # If and only if it is static get additional params if eval "[ \$NIC_CONFIG_METHOD_$(nic2hashindex $NIC) = static ]"; then get_setting NIC_CONFIG_HOSTNAME_$(nic2hashindex $NIC) || return $? get_setting NIC_CONFIG_IPADDR_$(nic2hashindex $NIC) || return $? get_setting NIC_CONFIG_NETMASK_$(nic2hashindex $NIC) || return $? get_setting NIC_CONFIG_GATEWAY_$(nic2hashindex $NIC) || return $? get_setting NIC_CONFIG_BRNICS_$(nic2hashindex $NIC) || return $? elif eval "[ \$NIC_CONFIG_METHOD_$(nic2hashindex $NIC) = dhcp ]"; then get_setting NIC_CONFIG_BRNICS_$(nic2hashindex $NIC) || return $? fi done [ $TASK_MODE != get_settings ] || return 0 # Rewrite /etc/hosts HAVE_A_NIC_WITH_UNAME_AS_HOSTNAME_FLAG=false for NIC in $NICS; do eval "METHOD=\$NIC_CONFIG_METHOD_$(nic2hashindex $NIC)" eval "HOSTNAME=\$NIC_CONFIG_HOSTNAME_$(nic2hashindex $NIC)" eval "IPADDR=\"\$NIC_CONFIG_IPADDR_$(nic2hashindex $NIC)\"" eval "NETMASK=\"\$NIC_CONFIG_NETMASK_$(nic2hashindex $NIC)\"" eval "GATEWAY=\"\$NIC_CONFIG_GATEWAY_$(nic2hashindex $NIC)\"" eval "BRNICS=\"\$NIC_CONFIG_BRNICS_$(nic2hashindex $NIC)\"" debug 10 "configure_nics: NIC=$NIC, METHOD=$METHOD, HOSTNAME=$HOSTNAME, IPADDR=$IPADDR, NETMASK=$NETMASK, GATEWAY=$GATEWAY, BRNICS=$BRNICS" [ "X$HOSTNAME" != "X$UNAME" ] || HAVE_A_NIC_WITH_UNAME_AS_HOSTNAME_FLAG=true [ $METHOD = static ] || continue [ $HOSTNAME != none ] || continue case $NIC in lo) HOSTENT="$IPADDR $HOSTNAME" ;; *) HOSTENT="$IPADDR $HOSTNAME.$DNSCLIENT_DOMAIN $HOSTNAME" ;; esac echo "$HOSTENT" done > /etc/hosts # If the uname is not yet assigned as a NIC hostname then we need to # assign it to a NIC (e.g. loopback). The reason for this is that # the 'hostname -fqdn' command will not work without it and that command # is used in many maintainer scripts. Note that we do not need to # assign the FQHN to the NIC; it is enough to assign the (unqualified) # uname to it. $HAVE_A_NIC_WITH_UNAME_AS_HOSTNAME_FLAG || echo "127.0.0.1 $UNAME" >> /etc/hosts HAVE_AT_LEAST_ONE_DHCP_NIC=false for NIC in $NICS; do eval "METHOD=\$NIC_CONFIG_METHOD_$(nic2hashindex $NIC)" [ $METHOD != dhcp ] || HAVE_AT_LEAST_ONE_DHCP_NIC=true debug 10 "configure_nics: NIC=$NIC, METHOD=$METHOD, HAVE_AT_LEAST_ONE_DHCP_NIC=$HAVE_AT_LEAST_ONE_DHCP_NIC" done if $HAVE_AT_LEAST_ONE_DHCP_NIC; then info "setting up DHCP parameters (even if not needed) ..." echo "send host-name \"$UNAME\";" >> /etc/dhcp/dhclient.conf fi # Shutdown NICs that are *currently* configured (i.e. do it *before* # rewriting /etc/network/interfaces). svcadmin stop networking # When I rebooted macaroni (probably the first time since its MDI-based # installation then it hanged coming up waiting for lo to come up. My # best guess is that this was because eth0 was mentioned before lo in # /etc/network/intefaces. So we ensure that lo is written first. for NIC in $(sort_nics_so_lo_comes_out_first "$NICS"); do eval "METHOD=\$NIC_CONFIG_METHOD_$(nic2hashindex $NIC)" eval "HOSTNAME=\$NIC_CONFIG_HOSTNAME_$(nic2hashindex $NIC)" eval "IPADDR=\"\$NIC_CONFIG_IPADDR_$(nic2hashindex $NIC)\"" eval "NETMASK=\"\$NIC_CONFIG_NETMASK_$(nic2hashindex $NIC)\"" eval "GATEWAY=\"\$NIC_CONFIG_GATEWAY_$(nic2hashindex $NIC)\"" eval "BRNICS=\"\$NIC_CONFIG_BRNICS_$(nic2hashindex $NIC)\"" debug 10 "configure_nics: NIC=$NIC, METHOD=$METHOD, HOSTNAME=$HOSTNAME, IPADDR=$IPADDR, NETMASK=$NETMASK, GATEWAY=$GATEWAY, BRNICS=$BRNICS" [ $METHOD != none ] || continue if [ $METHOD = dhcp ]; then echo "auto $NIC" echo "iface $NIC inet dhcp" [ "X$BRNICS" = Xnone ] || echo " bridge_ports $BRNICS" ! $REALTEK_FLAG || echo " up ethtool -s eth0 wol g" elif [ $METHOD = static -a $NIC = lo ]; then echo "auto $NIC" echo "iface $NIC inet loopback" elif [ $METHOD = static ]; then echo "auto $NIC" echo "iface $NIC inet static" echo " address $IPADDR" echo " netmask $NETMASK" [ "X$GATEWAY" = Xnone ] || echo " gateway $GATEWAY" [ "X$BRNICS" = Xnone ] || echo " bridge_ports $BRNICS" ! $REALTEK_FLAG || echo " up ethtool -s eth0 wol g" elif [ $METHOD = manual ]; then echo "auto $NIC" echo "iface $NIC inet manual" else error "$METHOD: unhandled NIC configuration method" return 1 fi echo done > /etc/network/interfaces # Disable ipv6 now and on future boots sysctl -q net.ipv6.conf.all.disable_ipv6=1 echo -e "# $PROGNAME wrote this file on $(date)\nnet.ipv6.conf.all.disable_ipv6 = 1" > /etc/sysctl.d/disableipv6 sleep 5 svcadmin start networking # Working out the gateway (next step) can't be done until the network config has had # time to settle. sleep 5 # Check network working GWIP=$(route -n | grep '^0\.0\.0\.0' | awk '{ print $2 }') ping -c 1 -W 1 $GWIP > /dev/null || { error "network access test failed"; return 1; } } configure_repos() { local CMDLINE # Get settings we'll need for this task. get_setting REPOCONFIGURATOR_CMD || return $? get_setting RELEASE || return $? [ $TASK_MODE != get_settings ] || return 0 # Task applicability : # Peform task debug 10 "configure_repos: deconfiguring /etc/apt.sources ..." rm -fr /etc/apt/sources.list /etc/apt/sources.list.d mkdir -p /etc/apt/sources.list.d touch /etc/apt/sources.list # This is unnecessary #pkgadmin update || return $? # Run configurator debug 10 "configure_repos: calling [$REPOCONFIGURATOR_CMD] ..." # Run the configurator command. eval "$REPOCONFIGURATOR_CMD" || { error "configurator command failed"; return 1; } # OwnCloud repo access echo 'deb http://download.opensuse.org/repositories/isv:/ownCloud:/desktop/Debian_7.0/ /' >> /etc/apt/sources.list.d/owncloud-client.list info "doing an update ..." pkgadmin update || return $? # Debian keys debug 10 "configure_repos: installing debian keys ..." pkgadmin --allow-unauthenticated install debian-archive-keyring debian-keyring || return $? pkgadmin verify-installed debian-archive-keyring debian-keyring || return $? # Debian Multimedia keys debug 10 "configure_repos: installing multimedia keys ..." pkgadmin --allow-unauthenticated install deb-multimedia-keyring || return $? pkgadmin verify-installed deb-multimedia-keyring || return $? # Alexis keys debug 10 "configure_repos: installing alexis key ..." pkgadmin --allow-unauthenticated install ahuxley-keyring || return $? pkgadmin verify-installed ahuxley-keyring || return $? # OwnCloud keys debug 10 "configure_repos: installing owncloud key ..." wget -q -O - http://download.opensuse.org/repositories/isv:ownCloud:desktop/Debian_7.0/Release.key | apt-key add - # Help 'pkgadmin install' to be as uninteractive as possible by allowing # it to call debconf-set-selections each time it is called. debug 10 "configure_repos: helping pkadmin() to stay non-interactive ..." pkgadmin install debconf-utils || return $? } upgrade_immediately() { local RC # Get settings we'll need for this task. [ $TASK_MODE != get_settings ] || return 0 # Task applicability : # Peform task pkgadmin update || { RC=$?; error "update failed; continuing to do the actual upgrade makes no sense"; return $RC; } pkgadmin upgrade } configure_ssh() { local # Get settings we'll need for this task. get_setting TRUSTCLIENT_FLAG || return $? get_setting TRUSTCLIENT_KEY || return $? [ $TASK_MODE != get_settings ] || return 0 # Task applicability : # Peform task info "configuring SSH ..." pkgadmin install openssh-server || return $? # Configure global ssh config perl -pi -e 's/^\s*((?:PermitRootLogin|StrictModes|RSAAuthentication|PubkeyAuthentication|IgnoreRhosts|RhostsRSAAuthentication|HostbasedAuthentication|ChallengeResponseAuthentication|PasswordAuthentication|X11Forwarding).*)/#$1/' /etc/ssh/sshd_config { echo "PermitRootLogin yes" echo "StrictModes yes" echo "RSAAuthentication no" echo "PubkeyAuthentication yes" echo "IgnoreRhosts yes" echo "RhostsRSAAuthentication no" echo "HostbasedAuthentication no" echo "ChallengeResponseAuthentication no" echo "PasswordAuthentication no" echo "X11Forwarding yes" } >> /etc/ssh/sshd_config svcadmin restart ssh perl -pi -e 's/^\s*((?:HashKnownHosts).*)/#$1/' /etc/ssh/ssh_config { echo "HashKnownHosts no" } >> /etc/ssh/ssh_config # Initialise root's ssh config rm -f ~/.ssh/authorized_keys rm -f ~/.ssh/id* mkdir -p ~/.ssh if $TRUSTCLIENT_FLAG; then info "allowing access by trust client ..." echo "$TRUSTCLIENT_KEY" >> ~/.ssh/authorized_keys fi # Install miscellaneous ssh-related packages. pkgadmin install clusterssh || return $? } configure_user_root() { local # Get settings we'll need for this task. get_setting UNAME || return $? [ $TASK_MODE != get_settings ] || return 0 # Task applicability : # Peform task info "setting up root's environment ..." { echo "export EDITOR=vi" echo "export PAGER=less" echo "export LESS=-X" echo "export LC_COLLATE=C" echo "[ \"X\$BASH\" = X ] || [ ! -f ~/.bashrc ] || . ~/.bashrc" echo "PATH=\$PATH:\$HOME/bin" echo } > ~/.profile { echo "export LS_OPTIONS=--color=auto" echo "alias ls='ls \$LS_OPTIONS'" echo "export PS1='\h\\\$ '" echo "HISTSIZE=10000" echo "HISTFILESIZE=\$HISTSIZE" echo cat <<-'EOF' alexis() { { [ -w / ] && PS1='\h\$ '; } || PS1='\u@\h\$ ' [ "X$TERM" != "Xrxvt" ] || { TERM=xterm; export TERM; } case $(uname) in Linux) eval $(dircolors) 2>/dev/null ls='/bin/ls --color=auto' psg() { ps fax | grep "$1" | grep -v grep; } ;; SunOS) psg() { ps -ef | grep "$1" | grep -v grep; } ;; esac { unalias rm unalias mv unalias cp } 2>/dev/null unset PROMPT_COMMAND unset LESSOPEN [ $(uname) != Linux ] || { alias ls='ls --color=auto' alias vi=vim } lx() { echo -e -n "\e]0;$1\a"; } [ "X$TERM" != Xxterm ] || lx $LOGNAME@$(uname -n) EDITOR=vi export EDITOR } alexis EOF } > ~/.bashrc { echo ":syntax on" echo ":set paste" echo ":set background=dark" echo } > ~/.vimrc # Fix motd #perl -pi -e 's/(.*motd)/#$1/' /etc/init.d/bootmisc.sh #rm /etc/motd perl -e 'print "-" x 78 . "\n"' > /etc/motd # Suppress motd touch ~/.hushlogin } install_packages_urgent() { local # Get settings we'll need for this task. get_setting RELEASE || return $? get_setting VM_FLAG || return $? ! $VM_FLAG || get_setting HVM_FLAG || return $? [ $TASK_MODE != get_settings ] || return 0 # Task applicability : # Peform task info "installing urgent packages ..." # Useful packages pkgadmin install vim less rsync eject screen ascii subversion bc telnet xterm time perl-doc whois kpartx bzip2 bind9-host bootlogd || return $? # Install gpm but not on PVs { $VM_FLAG && ! $HVM_FLAG; } || pkgadmin install gpm || return $? $VM_FLAG || pkgadmin install memtest86+ || return $? # note we don't run 'm-a prepare' after installing module-assistant because # I don't know how to make it non-interactive #pkgadmin install usbutils pciutils lsscsi module-assistant || return $? pkgadmin install usbutils pciutils lsscsi || return $? # For ADE groff or groff-base must be installed. groff-base is there # by default so stick with that. Since ade is a prerequisite for several # other things which get installed later, but those things don't mention # ade (they just install it automatically as a prerequisite), we might forget # that ADE needs /etc/manpath.config to be modified. Therefore we explicitly # install ADE and do those other things now. pkgadmin install groff-base ade || return $? perl -pi -e "s/^#?(DEFINE\\s+nroff\\s+).*\$/\$1nroff -mandoc -U/" /etc/manpath.config perl -pi -e "s/^#?(DEFINE\\s+troff\\s+).*\$/\$1groff -mandoc -U/" /etc/manpath.config # Later we're going to install the automounter which will not be able to # load the kernel module 'autofs4' because the kernel will have been # removed and replaced with another one (with modules which, until the # system is rebooted, are incompatible with the running kernel). The # fix: load the module now! # (Note that we should really restrict this action to be done only on NIS # clients, but there is a minor cosmetic issue with that: if we call # 'get_setting NISCLIENT_FLAG' above then that will promote the question # 'is this a NIS client?' to be well ahead of the question 'what is the # NIS server?' and I am trying to keep these questions paired up.) modprobe autofs4 # We use the chkconfig+service model in this script. No services can be # started until chkconfig has been installed. pkgadmin install chkconfig || return $? } fix_miscellaneous_early() { local # Get settings we'll need for this task. get_setting VM_FLAG || return $? get_setting RELEASE || return $? get_setting WORKAROUND_611584_FLAG || return $? [ $TASK_MODE != get_settings ] || return 0 # Task applicability : # Peform task info "executing post-install fixes ..." # Correct papersize echo "libpaper1 libpaper/defaultpaper select a4" | debconf-set-selections echo "a4" > /etc/papersize # Create missing directories. mkdir -p /usr/local/share/man/man{1,2,3,4,5,6,7,8} # Add 'noatime,nodiratime' to mount options for root filesystem (in a # reentrant manner). Other filesystems get done manually. perl -pi -e 's@^(\S+\s+/\s+\S+\s+\S+?)(?:,noatime,nodiratime)*(\s+\d\s+\d)@$1,noatime,nodiratime$2@' /etc/fstab # Tidy /etc/fstab perl -0777 -pi -e 's/^#[^\n]*\n//msg' /etc/fstab perl -pi -e "s/^\s*(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s*/sprintf(\"%-32s %-24s %-12s %-20s %-1s %-1s\n\",\$1,\$2,\$3,\$4,\$5,\$6)/e;" /etc/fstab # BTS#611584 is a (disputed) login bug, introduced between lenny- and # squeeze-release time. The bug report contains a nice workaround from # "Tilmann". if $WORKAROUND_611584_FLAG; then # Indentation on here-docs must be with tabs. cat > /etc/security/pam_env-su.conf <<-'EOF' # This file is referenced by "/etc/pam.d/su". # Workaround for Debian Squeeze, Bug#611584: # Replace the copied variables XAUTHORITY and DISPLAY in an su-invoked shell. XAUTHORITY DEFAULT="" DISPLAY DEFAULT="" EOF # Indentation on here-docs must be with tabs. cat >> /etc/pam.d/su <<-'EOF' # Workaround for Debian Squeeze, Bug#611584: # variables XAUTHORITY and DISPLAY are set to an empty string. session required pam_env.so debug readenv=0 conffile=/etc/security/pam_env-su.conf EOF fi # Generate all english locales (MDI-6) { echo "en_AG UTF-8" echo "en_AU ISO-8859-1" echo "en_AU.UTF-8 UTF-8" echo "en_BW ISO-8859-1" echo "en_BW.UTF-8 UTF-8" echo "en_CA ISO-8859-1" echo "en_CA.UTF-8 UTF-8" echo "en_DK ISO-8859-1" echo "en_DK.ISO-8859-15 ISO-8859-15" echo "en_DK.UTF-8 UTF-8" echo "en_GB ISO-8859-1" echo "en_GB.ISO-8859-15 ISO-8859-15" echo "en_GB.UTF-8 UTF-8" echo "en_HK ISO-8859-1" echo "en_HK.UTF-8 UTF-8" echo "en_IE ISO-8859-1" echo "en_IE.UTF-8 UTF-8" echo "en_IE@euro ISO-8859-15" echo "en_IN UTF-8" echo "en_NG UTF-8" echo "en_NZ ISO-8859-1" echo "en_NZ.UTF-8 UTF-8" echo "en_PH ISO-8859-1" echo "en_PH.UTF-8 UTF-8" echo "en_SG ISO-8859-1" echo "en_SG.UTF-8 UTF-8" echo "en_ZA ISO-8859-1" echo "en_ZA.UTF-8 UTF-8" echo "en_ZM UTF-8" echo "en_ZW ISO-8859-1" echo "en_ZW.UTF-8 UTF-8" # MapSource won't run without correcting locales. Without this expect # the error message: # System Locale Error for English (United States)_USA.1252 # Please contact Garmin Support for further assistance. echo "en_US ISO-8859-1" echo "en_US.ISO-8859-15 ISO-8859-15" echo "en_US.UTF-8 UTF-8" } > /etc/locale.gen locale-gen # I saw the installation of iceweasel failing because /etc/resolv.conf # had been blanked. I suspect rdnssd caused it. We shall see. pkgadmin remove rdnssd # There are some post installations steps that need to be done manually. send_email <> /etc/kernel-img.conf # Remove existing symlinks rm -f /initrd.img /vmlinuz # Configure grub2 perl -pi -e 's/^(GRUB_CMDLINE_LINUX_DEFAULT=)/#$1/' /etc/default/grub perl -pi -e 's/^.*(GRUB_DISABLE_RECOVERY).*/$1=true/' /etc/default/grub if $SERIAL_CONSOLE_FLAG; then perl -pi -e 's/.*GRUB_TERMINAL.*/GRUB_TERMINAL=console/' /etc/default/grub perl -pi -e "s/^(GRUB_CMDLINE_LINUX)=.*/\$1=\"console=ttyS0,115200\"/" /etc/default/grub fi echo -e '\n# Disable grub background (see BTS#608263)\nGRUB_BACKGROUND=' >> /etc/default/grub # Apply config changes update-grub > /dev/null } install_packages_common() { # Get settings we'll need for this task. get_setting RELEASE || return $? get_setting VM_FLAG || return $? [ $TASK_MODE != get_settings ] || return 0 # Task applicability : # Peform task # Mention explicity or laptops won't get it. pkgadmin install nfs-common || return $? # Useful as appears in many people's dot files. pkgadmin install gnupg-agent || return $? # This is useful also on VMs, so everybody should get it. pkgadmin install lvm2 || return $? # Package crufters pkgadmin install deborphan debfoster || return $? # Schedule debfoster checks echo -e '#!/bin/bash\ndebfoster -s | fgrep -xv "There are no orphaned packages." || true' > /etc/cron.daily/debfoster chmod 755 /etc/cron.daily/debfoster # Install monitoring software pkgadmin install fad tcpdump wireshark ethtool bwm-ng reportbug apt-rdepends strace nmap lsof iotop whois iftop nethogs psmisc mlocate fad parted lshw || return $? # Miscellaneous tools pkgadmin install at || return $? # Communication tools pkgadmin install ckermit wakeonlan faifa || return $? # debian-goodies contains dpigs, which is mentioned in FinalisingDebian wiki page pkgadmin install debian-goodies || return $? # apt-file useful! pkgadmin install apt-file || return $? apt-file update > /dev/null # Get mutt reportbug working (this was a workaround for BTS#287585 # (masqmail) but is sensible in its own right). perl -pi -e 's/^# (mutt)/$1/' /etc/reportbug.conf # sar pkgadmin install sysstat || return $? perl -pi -e 's/^(HISTORY)=.*/$1=10000/' /etc/sysstat/sysstat perl -pi -e 's/^(ENABLED)=.*/$1="true"/' /etc/default/sysstat svcadmin restart sysstat # SMART (physical machines only) if ! $VM_FLAG; then pkgadmin install smartmontools || return $? perl -pi -e 's/.*(start_smartd)=.*/$1=yes/' /etc/default/smartmontools svcadmin start smartmontools # Set up a cronjob to monitor disk temperatures. echo '0 * * * * root echo "$(date +\%Y\%m\%d\%H\%M) $(ls /dev/sd[a-z] | xargs -n 1 /usr/sbin/smartctl -a | grep ^194 | awk "{ print \$10 }" | paste -d" " -s)" >> /var/log/hd-temps.log' > /etc/cron.d/hd-temps fi } configure_driver_disk_ssd() { local DISK DISKS # Get settings we'll need for this task. get_setting SSD_FLAG || return $? [ $TASK_MODE != get_settings ] || return 0 # Task applicability $SSD_FLAG || return 0 # Peform task info "installing SSD software ..." pkgadmin install util-linux || return $? # Ubuntu wiki recommends not to use 'discard' option because it creates an # overhead on every delete. But dynamically working out what devices need # to be trimmed is painful (see https://wiki.debian.org/SSDOptimization) # so instead we use 'discard'. Since we're using LVM this is considerably # simplified. (See also the example lv.conf in at https://wiki.debian.org/SSDOptimization). perl -pi -e 's@(issue_discards).*@$1 = 1@' /etc/lvm/lvm.conf } configure_driver_network_realtek() { # Get settings we'll need for this task. get_setting REALTEK_FLAG || return $? [ $TASK_MODE != get_settings ] || return 0 # Task applicability $REALTEK_FLAG || return 0 # Peform task info "installing Realtek driver ..." pkgadmin install firmware-realtek || return $? } configure_driver_video_nvidia() { # Get settings we'll need for this task. get_setting LOGINSERVER_FLAG || return $? ! $LOGINSERVER_FLAG || get_setting NVIDIA_FLAG || return $? [ $TASK_MODE != get_settings ] || return 0 # Task applicability { $LOGINSERVER_FLAG && $NVIDIA_FLAG; } || return 0 # Peform task info "installing nVidia driver ..." # Taken from http://wiki.debian.org/NvidiaGraphicsDrivers pkgadmin install linux-headers-$(uname -r|sed 's,[^-]*-[^-]*-,,') nvidia-kernel-dkms nvidia-glx || return $? } configure_driver_video_radeon() { # Get settings we'll need for this task. get_setting LOGINSERVER_FLAG || return $? ! $LOGINSERVER_FLAG || get_setting RADEON_FLAG || return $? [ $TASK_MODE != get_settings ] || return 0 # Task applicability { $LOGINSERVER_FLAG && $RADEON_FLAG; } || return 0 # Peform task info "installing Radeon driver ..." # Taken from https://wiki.debian.org/ATIProprietary#AMD_Catalyst_12.6 pkgadmin install linux-headers-$(uname -r|sed 's,[^-]*-[^-]*-,,') fglrx-driver || return $? } configure_driver_audio_pulse() { # Get settings we'll need for this task. get_setting LOGINSERVER_FLAG || return $? [ $TASK_MODE != get_settings ] || return 0 # Task applicability } get_settings_login_server() { get_setting LOGINSERVER_FLAG || return $? ! $LOGINSERVER_FLAG || get_setting VM_FLAG || return $? ! $LOGINSERVER_FLAG || get_setting RELEASE || return $? ! $LOGINSERVER_FLAG || get_setting ARCH || return $? ! $LOGINSERVER_FLAG || get_setting LOGINSERVER_RUNX_FLAG || return $? ! $LOGINSERVER_FLAG || get_setting LOGINSERVER_NM_FLAG || return $? ! $LOGINSERVER_FLAG || get_setting NVIDIA_FLAG || return $? ! $LOGINSERVER_FLAG || get_setting RADEON_FLAG || return $? ! $LOGINSERVER_FLAG || get_setting UNAME || return $? ! $LOGINSERVER_FLAG || get_setting WORKAROUND_727628_FLAG || return $? } configure_login_server_part1() { local VT MEMKB # Get settings we'll need for this task. get_settings_login_server # Task applicability [ $TASK_MODE != get_settings ] || return 0 $LOGINSERVER_FLAG || return 0 # Peform task info "installing applications for login server (part #1) ..." # Check there is enough memory for a login server; 128Mb is not enough. MEMKB=$(sed -n 's/MemTotal: *\([0-9]*\) kB/\1/p' /proc/meminfo) [ $MEMKB -ge 250896 ] || { error "insufficient memory for a login server!"; return 1; } # Determine current VT so we can restore it. pkgadmin install console-tools || return $? # PV VMs don't like fgconsole reporting # fgconsole: VT_GETSTATE: Invalid argument # so don't run it on PV VMs, actually if we're not # running X on a machine (which is a superset of # the set ov PV VMs) then there's no need to run it. ! $LOGINSERVER_RUNX_FLAG || VT=$(fgconsole) # XFCE pkgadmin install xfce4 xfce4-goodies gigolo || return $? if $WORKAROUND_727628_FLAG; then # Updated package is in wheezy-proposed-updates but not in wheezy yet. ( cd /tmp wget -q http://ftp.us.debian.org/debian/pool/main/x/xfce4-weather-plugin/xfce4-weather-plugin_0.7.4-5_amd64.deb dpkg -i xfce4-weather-plugin_0.7.4-5_amd64.deb rm -f xfce4-weather-plugin_0.7.4-5_amd64.deb ) fi # If the user sets their umask in ~/.profile then ensure it gets propogated # into Thunar and other non-shell launched programs. perl -pi -e 's/(# Run xfce4-session if installed)/if [ -r ~\/.profile ]; then\n . ~\/.profile\nfi\n\n\n$1/' /etc/xdg/xfce4/xinitrc # wmctrl allows switching virtual desktop from command line pkgadmin install wmctrl || return $? # xfswitch-plugin depends on gdm3. Whichever of lightdm and gdm3 is installed # first becomes the default display manager (although, for sure, it can easily # be switched). However, if gdm3 is not actually running, then xfswitch doesn't # work anyway. http://thtump.blogspot.de/2012/03/lightdm-switch-user-from-command-line.html # explains that 'dm-tool switch-to-greeter' will start a new session. I might # use glade to write a little program to do the switching. # Display manager pkgadmin install lightdm lightdm-gtk-greeter || return $? perl -pi -e 's/^#?(background)=.*/$1=#000000/' /etc/lightdm/lightdm-gtk-greeter.conf perl -pi -e 's/^#?(theme-name)=.*/$1=Raleigh/' /etc/lightdm/lightdm-gtk-greeter.conf perl -pi -e 's/^#?(font-name)=.*/$1=Droid Sans 14/' /etc/lightdm/lightdm-gtk-greeter.conf GREETER_PNG=$MODROOT/lib/target/lightdm/$UNAME.png if [ -f $GREETER_PNG ]; then cp $GREETER_PNG /usr/share/icons/hicolor/64x64/devices/computer.png gtk-update-icon-cache /usr/share/icons/hicolor fi # Allow XDMCP. perl -pi -e 's/^(xserver-allow-tcp)=.*/$1=true/' /etc/lightdm/lightdm.conf perl -pi -e 's/^(\[XDMCPServer\])/$1\nenabled=true/' /etc/lightdm/lightdm.conf # Make headless if desired. if ! $LOGINSERVER_RUNX_FLAG; then perl -pi -e 's/^(\[LightDM\])/$1\nstart-default-seat=false/' /etc/lightdm/lightdm.conf fi # Get X11 to use the X11 nVidia driver. if $NVIDIA_FLAG; then # Taken from http://wiki.debian.org/NvidiaGraphicsDrivers mkdir -p /etc/X11/xorg.conf.d echo -e 'Section "Device"\n\tIdentifier "My GPU"\n\tDriver "nvidia"\nEndSection' > /etc/X11/xorg.conf.d/20-nvidia.conf fi # Get X11 to use the X11 Radeon driver. if $RADEON_FLAG; then # Taken from https://wiki.debian.org/ATIProprietary#AMD_Catalyst_12.6 mkdir -p /etc/X11/xorg.conf.d echo -e 'Section "Device"\n\tIdentifier "My GPU"\n\tDriver "fglrx"\nEndSection' > /etc/X11/xorg.conf.d/20-fglrx.conf fi # Don't start lightdm with nvidia and X because the nouveau driver # has not been blacklisted or unloaded yet and it won't work. if $LOGINSERVER_RUNX_FLAG && $NVIDIA_FLAG; then : # Ditto for Radeon (it will leave text VTs black) elif $LOGINSERVER_RUNX_FLAG && $RADEON_FLAG; then : # Else if we're to run X then start it and switch back VT. elif $LOGINSERVER_RUNX_FLAG; then svcadmin start lightdm sleep 15 chvt $VT # Else if we're to run lightdm but not X then start lightdm. elif $LOGINSERVER_RUNX_FLAG; then svcadmin start lightdm sleep 15 fi } configure_login_server_part2() { local GCC_VERSION # Get settings we'll need for this task. get_settings_login_server # Task applicability [ $TASK_MODE != get_settings ] || return 0 $LOGINSERVER_FLAG || return 0 # Peform task info "installing applications for login server (part #2) ..." # Core network clients - mail clients pkgadmin install mutt libsasl2-modules heirloom-mailx || return $? # Mutt will not encrypt mails without this or modifying ~/.muttrc # rm -f /usr/local/bin/{pgpewrap,pgpring} # ln -s /usr/lib/mutt/{pgpewrap,pgpring} /usr/local/bin/ # Core network clients - web browsers pkgadmin install iceweasel flashplayer-mozilla w3m midori || return $? # Core network clients - news readers pkgadmin install nn || return $? # Core network clients - misc pkgadmin install ncftp wget w3m netcat telnet podget tightvncserver || return $? # Install VPN stuff; only install Network Manager front-ends if requested. # backup resolv.conf because one of vpnc's recommendations will overwrite # it. if $LOGINSERVER_NM_FLAG; then cp /etc/resolv.conf /var/tmp pkgadmin install network-manager-vpnc-gnome || return $? pkgadmin install vpnc || return $? # vpnc recommends resolvconf which screws up /etc/resolv.conf and # breaks the rest of the installation. pkgadmin remove resolvconf cat /var/tmp/resolv.conf > /etc/resolv.conf pkgadmin install openconnect || return $? pkgadmin install network-manager-openconnect || return $? fi # Development - C & C++. Choose gcc version to match that that the release's kernel was compiled with. if [ $RELEASE = wheezy ]; then GCC_VERSION=4.7 else internal "configure_login_server: $RELEASE: unhandled" # Look in /proc/version, which mentions which version of gcc was used. Then probably strip the # third digit away and look up that package. E.g. for wheezy: # # spaetzle# cat /proc/version # Linux version 3.2.0-4-amd64 ... gcc version 4.6.3 (Debian 4.6.3-14) ... # spaetzle# apt-cache show gcc-4.6 | sed -n 's/^Depends:.*(= \([^)]*\).*/\1/p' # 4.6.3-14 # spaetzle# fi pkgadmin install g++-$GCC_VERSION gcc-$GCC_VERSION automake autoconf pkg-config intltool manpages-dev gdb || return $? # Development - Python #pkgadmin install python-matplotlib python-stats || return $? # Development - Perl pkgadmin install libexpect-perl bison flex libclass-dbi-sqlite-perl expect || return $? # Development - Java install_java # Development - Tools pkgadmin install git subversion || return $? # Development - Debian packages # pkgadmin install debhelper alien fakeroot wdiff lintian pinentry-gtk2 devscripts build-essential dh-make bs || return $? pkgadmin install debhelper alien fakeroot lintian build-essential bs devscripts || return $? # gxmessage useful for my scripts (e.g. vnc-wrapper) pkgadmin install gxmessage || return $? # Development - RPM packages pkgadmin install alien createrepo || return $? } configure_login_server_part3() { local CODECS_PACKAGE # Get settings we'll need for this task. get_settings_login_server # Task applicability [ $TASK_MODE != get_settings ] || return 0 $LOGINSERVER_FLAG || return 0 # Peform task info "installing applications for login server (part #3) ..." # Multimedia - audio hardware access # Let audio programs at least run without complaint, even if they produce no audio, on VMs. ! $VM_FLAG || echo snd-dummy >> /etc/modules pkgadmin install pavucontrol alsa-utils || return $? # Multimedia - MIDI pkgadmin install timidity freepats fluidsynth fluid-soundfont-gm playmidi pmidi || return $? # Multimedia - music players pkgadmin install rhythmbox || return $? #gstreamer0.10-fluendo-mp3 gstreamer0.10-plugins-bad python-gst0.10 || return $? # Multimedia - big audio apps pkgadmin install rosegarden lilypond || return $? # Multimedia - misc audio tools pkgadmin install mpg321 id3v2 sox || return $? # Multimedia - audio editor pkgadmin install mhwaveedit || return $? # Multimedia - Video codecs if [ $ARCH = i386 ]; then CODECS_PACKAGE=w32codecs elif [ $ARCH = amd64 ]; then CODECS_PACKAGE=w64codecs else internal "configure_login_server: $ARCH: unhandled" fi pkgadmin install libdvdcss2 || return $? # Multimedia - video players pkgadmin install mplayer || return $? # libglib2.0-bin includes gsettings command needed to adjust totem's cache size. pkgadmin install totem-plugin-arte totem-plugins totem libglib2.0-bin || return $? pkgadmin install wra || return $? # Multimedia - video recorders pkgadmin install gtk-recordmydesktop || return $? # Multimedia - video editors and transcoders pkgadmin install pitivi mencoder ffmpeg || return $? # gstreamer-tools contains gst-launch which I used to process Mistaken # Memoirs of Medievel Manhattan. The others are supporting gstreamer # modules. pkgadmin install gstreamer0.10-plugins-good gstreamer0.10-plugins-bad gstreamer0.10-plugins-ugly gstreamer0.10-fluendo-mp3 gstreamer-tools || return $? # Multimedia - image viewers pkgadmin install geeqie || return $? # Multimedia - image editors pkgadmin install gimp hugin dia sweethome3d || return $? # Removable device support - webcams pkgadmin install luvcview uvccapture || return $? # mjpg-streamer only available for 32-bit # [ $ARCH != i386 ] || pkgadmin install mjpg-streamer || return $? # Removable device support - GPS pkgadmin install gpsbabel blueman || return $? ## gpsbabel gets obstructed by garmin_gps module, so blacklist it. echo "blacklist garmin_gps" >> /etc/modprobe.d/blacklist.conf #if [ $RELEASE = lenny ]; then # echo "SYSFS{idVendor}==\"091e\", SYSFS{idProduct}==\"0003\", MODE=\"666\"" > /etc/udev/rules.d/51-garmin.rules # udevadm control --reload_rules #else # echo "SYSFS{idVendor}==\"091e\", SYSFS{idProduct}==\"0003\", GROUP:=\"plugdev\", MODE:=\"660\"" > /etc/udev/rules.d/51-garmin.rules # udevadm control --reload-rules #fi # Removable device support - scanner #pkgadmin install xsane hplip || return $? # Removable device support - CDs pkgadmin install lame asunder || return $? # Removable device support - USB memory sticks pkgadmin install unetbootin || return $? # Removable device support - DVDs pkgadmin install handbrake-gtk || return $? } configure_login_server_part4() { local # Get settings we'll need for this task. get_settings_login_server # Task applicability [ $TASK_MODE != get_settings ] || return 0 $LOGINSERVER_FLAG || return 0 # Peform task info "installing applications for login server (part #4) ..." # Instant messaging pkgadmin install pidgin || return $? # Video messaging pkgadmin install ekiga || return $? #libpt-1.10.10-plugins-v4l2 || return $? # Skype is multiarch pkgadmin install skype || return $? # Text pkgadmin install texlive texlive-humanities texlive-latex-extra tofrodos || return $? # Acroread is multiarch. pkgadmin install evince-gtk acroread || return $? pkgadmin install libreoffice || return $? # Let's try libreoffice without any spelling stuff. #myspell-en-gb || return $? pkgadmin install a2ps vim vim-gtk meld ascii an emacs || return $? # Omit more spelling stuff for the time being. # pkgadmin install ibritish wbritish pkgadmin install vym || return $? # Connectivity # xdotool is used by smartphones pkgadmin install xvnc4viewer x11vnc xdotool || return $? # Foreign OS support # Wine is multiarch. pkgadmin install wine:i386 unzip ttf-mscorefonts-installer || return $? pkgadmin install smbclient dosfstools || return $? # virt-manager to access remote VM servers over ssh, but no need to install kvm etc. pkgadmin --no-install-recommends install virt-manager || return $? # Games pkgadmin install gnome-games gnome-cards-data gnome-hearts gtans || return $? # Google stuff pkgadmin install google-chrome-stable || return $? # Stop google-chrome doing auto-upgrades { echo "# This comment was written to remove the content of this file but to" echo "# preserve the file so it will not be reinstalled by upgrades." } > /etc/apt/sources.list.d/google-chrome.list { # Single quotes here to make this copy-and-pastable to shell. echo '#!/bin/sh' echo "# This comment was written to remove the content of this file but to" echo "# preserve the file so it will not be reinstalled by upgrades. (Note" echo "# cron will complain if it is not a valid executable; hence first line.)" } > /etc/cron.daily/google-chrome # See http://www.google.com/support/forum/p/earth/thread?tid=657d26f8f3978948&hl=en # for why lsb-core is needed. See # http://www.google.de/support/forum/p/earth/thread?tid=4b72ea672d8f2971&hl=en&fid=4b72ea672d8f2971000477a4bff0d843&hltp=2 # for why nvidia-glx-ia32 is needed. #pkgadmin install lsb-core google-earth-stable nvidia-glx-ia32 || return $? # Googleearth is multiarch. pkgadmin install google-earth-stable || return $? # Stop google-earth doing auto-upgrades { echo "# This comment was written to remove the content of this file but to" echo "# preserve the file so it will not be reinstalled by upgrades. (Note" echo "# cron will complain if it is not a valid executable; hence first line.)" } > /etc/apt/sources.list.d/google-earth.list { # Single quotes here to make this copy-and-pastable to shell. echo '#!/bin/sh' echo "# This comment was written to remove the content of this file but to" echo "# preserve the file so it will not be reinstalled by upgrades. (Note" echo "# cron will complain if it is not a valid executable; hence first line.)" } > /etc/cron.daily/google-earth # Install backup tools for users pkgadmin install unison rsync || return $? # Privacy/cryptography tools pkgadmin install apg ccrypt pin || return $? # Other applications pkgadmin install rss2email || return $? pkgadmin install bzip2 zip unzip unrar unace sharutils || return $? pkgadmin install stellarium || return $? pkgadmin install synaptic || return $? pkgadmin install transmission-cli || return $? # Other X stuff (installing this earlier seemed to pull in gdm3). pkgadmin install xnest xserver-xephyr mesa-utils || return $? # OwnCloud pkgadmin install owncloud-client } configure_web_server() { local # Get settings we'll need for this task. get_setting WEBSERVER_FLAG || return $? # Task applicability [ $TASK_MODE != get_settings ] || return 0 $WEBSERVER_FLAG || return 0 # Peform task info "installing applications for web server ..." pkgadmin install apache2-mpm-worker || return $? # Set up public_html debug 10 "configure_web_server: setting up public_html ..." perl -pi -e 's/\.?public_html/.public_html/g' /etc/apache2/mods-available/userdir.conf perl -pi -e 's/(AllowOverride.*)\s+(Options|Indexes)/$1/g' /etc/apache2/mods-available/userdir.conf perl -pi -e 's/(AllowOverride.*)/$1 Options Indexes/' /etc/apache2/mods-available/userdir.conf a2enmod userdir # Set up rewrite engine debug 10 "configure_web_server: setting up rewrite engine ..." perl -pi -e 's/(AllowOverride.*)\s+FileInfo/$1/g' /etc/apache2/mods-available/userdir.conf perl -pi -e 's/(AllowOverride.*)/$1 FileInfo/' /etc/apache2/mods-available/userdir.conf a2enmod rewrite # General debug 10 "configure_web_server: doing general config ..." perl -pi -e 's/^(HostnameLookups)\s+.*/$1 On/' /etc/apache2/apache2.conf # Windows FS compatibility debug 10 "configure_web_server: setting up windows filesystem compatibility ..." perl -0777 -pi -e 's/^AccessFileName.*?^/ms' /etc/apache2/apache2.conf perl -pi -e 's/(DirectoryIndex.*)\s+index\.htm\b/$1/g' /etc/apache2/mods-available/dir.conf perl -pi -e 's/(DirectoryIndex.*)/$1 index.htm/' /etc/apache2/mods-available/dir.conf # Logs debug 10 "configure_web_server: setting up logging ..." perl -pi -e 's/\b(rotate)\s+.*/$1 1000/' /etc/logrotate.d/apache2 perl -pi -e 's/(create)\s+.*/$1 644 www-data www-data/' /etc/logrotate.d/apache2 { echo "CustomLog /var/log/apache2/access.log combined" echo "ServerSignature On" } > /etc/apache2/conf.d/custom-logging # Fix default server debug 10 "configure_web_server: stripping default server ..." perl -0777 -pi -e 's/^(\s*)(Order)\s+.*?\n^(\s*)(<\/Directory>)/$1$2 deny,allow\n$1Deny from all\n$1Allow from 127.0.0.0\/255.0.0.0\n$3$4/msg' /etc/apache2/sites-available/default perl -pi -e 's/(\s*DocumentRoot) .*/$1 \/var\/www\/default\//' /etc/apache2/sites-available/default mkdir -p /var/www/default mv /var/www/index.html /var/www/default/ # Apply changes debug 10 "configure_web_server: restarting apache ..." svcadmin restart apache2 } configure_mail_server() { local # Get settings we'll need for this task. get_setting MAILSERVER_FLAG || return $? # Task applicability [ $TASK_MODE != get_settings ] || return 0 $MAILSERVER_FLAG || return 0 # Peform task info "package installation and configuration for mail servers is now handled completely be a written procedure" } configure_backup_client() { get_setting BACKUP_SOFTWARE || return $? case $BACKUP_SOFTWARE in amanda) configure_amanda_client "$@" ;; rdw) configure_rdw_client "$@" ;; none) : ;; esac # Task applicability [ $TASK_MODE != get_settings ] || return 0 # Perform task (this is the part that is independant of whether we're installing amanda or rdw) # Install fseb to copy extra-fs config *into* fs, so that it can be backed up by conventional means. pkgadmin install fseb || return $? } configure_amanda_client() { get_setting AMANDACLIENT_SERVER || return $? get_setting UNAME || return $? get_setting DNSCLIENT_DOMAIN || return $? get_setting ADMIN_EMAILADDR || return $? [ $TASK_MODE != get_settings ] || return 0 # Task applicability : info "configuring Amanda client ..." > /etc/amandahosts pkgadmin install amanda-client || return $? # In amandahosts we *must* use the canonical name CANONICAL_AMANDACLIENT_SERVER=$(host $AMANDACLIENT_SERVER | sed -n 's/ has address.*//p') # Grant server permission to do backups of us. echo "$CANONICAL_AMANDACLIENT_SERVER backup amdump" >> /etc/amandahosts send_email < echo "$UNAME.$DNSCLIENT_DOMAIN / comp-root-tar-span" >> /etc/amanda/\$BUSETNAME/disklist echo "$UNAME.$DNSCLIENT_DOMAIN root amindexd amidxtaped" >> /etc/amandahosts amcheck \$BUSETNAME" exit exit EOF } configure_rdw_client() { get_setting RDWCLIENT_SERVER || return $? get_setting UNAME || return $? get_setting ADMIN_EMAILADDR || return $? get_setting DNSCLIENT_DOMAIN || return $? [ $TASK_MODE != get_settings ] || return 0 # Task applicability : # Settings we'll need. CANONICAL_RDWCLIENT_SERVER=$(host $RDWCLIENT_SERVER | sed -n 's/ has address.*//p') SET="nightly" debug 10 "configure_rdw_client: RDWCLIENT_SERVER=$RDWCLIENT_SERVER, CANONICAL_RDWCLIENT_SERVER=$CANONICAL_RDWCLIENT_SERVER" info "configuring RDW client ..." # only servers get rdw, clients get rdiff-backup pkgadmin install rdiff-backup || return $? send_email < /etc/cron.daily/autoupgrade chmod 755 /etc/cron.daily/autoupgrade } configure_ntp_client() { local NTPCLIENT_SERVER # Get settings we'll need for this task. get_setting NTPCLIENT_SERVERS || return $? [ $TASK_MODE != get_settings ] || return 0 # Task applicability : # Peform task pkgadmin install ntp ntpdate || return $? for NTPCLIENT_SERVER in $NTPCLIENT_SERVERS; do echo "server $NTPCLIENT_SERVER" done > /etc/ntp.conf svcadmin restart ntp } fix_miscellaneous_late() { # Get settings we'll need for this task. get_setting VM_FLAG || return $? get_setting HVM_FLAG || return $? get_setting BOOTMEDIA || return $? get_setting ADMIN_EMAILADDR || return $? get_setting UNAME || return $? [ $TASK_MODE != get_settings ] || return 0 # Task applicability : # Peform task # Install udi to keep system updated with latest changes. pkgadmin install udi || return $? # Remove console on VMs installed from CD. if $VM && ! $HVM && [ $BOOTMEDIA = cd ]; then send_email < /etc/mailname pkgadmin install postfix || return $? pkgadmin install bsd-mailx mutt || return $? info "configuring mail client services ..." # This is a copy of the procedure documented at # http://dione.no-ip.org/wordpress/computing/installing-ubuntu/ MYHOSTNAME=$UNAME.$DNSCLIENT_DOMAIN MAILRELAY_HOSTNAME=$MAILCLIENT_SERVER MAILRELAY_AUTHENTICATE=no MAILRELAY_PASSWD=irrelevant-as-not-used # ROOTRCPT unset to force root mail to be forwarded to smarthost. ROOTRCPT= cat > /etc/postfix/main.cf <<'EOF' # myhostname is mainly used to derive other stuff myhostname = MYHOSTNAME # myhostname must be set and cannot be derived from $myorigin. On the other hand, # myorigin defaults to $myhostname. Therefore set myhostname explicitly and leave # myorigin unset. mydomain defaults to the last parts of $myhostname. #myorigin = ... #mydomain = ... # Who do we accept mails from and on what interfaces? mynetworks_style = host # mynetworks defaults to being derived from mynetwork_style #mynetworks = 127.0.0.0/8 inet_interfaces = loopback-only # Settings related to accepting mail # Encryption (using TLS) smtpd_use_tls = yes # Offer but do not require (requiring contravenes RFC2487) smtpd_tls_security_level = may smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache # Poodle protection smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3 smtpd_tls_protocols = !SSLv2 !SSLv3 # Authentication (using SASL) # Address rewriting virtual_alias_maps = hash:/etc/postfix/virtual # Who do we accept mails for? Everything else is relayed. mydestination = # Settings related to relaying mail relayhost = MAILRELAY_HOSTNAME # Encryption (using TLS) # Gmail requires next two lines; others probably don't care smtp_use_tls = yes smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # Poodle protection smtp_tls_mandatory_protocols = !SSLv2 !SSLv3 smtp_tls_protocols = !SSLv2 !SSLv3 # Authentication (using SASL) smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = # Settings related to LDA # Note aliases are consulted by LDA (so never consulted if everything relayed) alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases mailbox_size_limit = 0 # Misc recipient_delimiter = + inet_protocols = ipv4 append_dot_mydomain = no EOF rm -f /etc/mailname # aliases are used by LDA (but all mail forwarded, so not consulted, so left empty) > /etc/aliases # virtual is consulted at injection-time (whether we want root's mail simply forward to hub # or sent to a specific address is determined by whether ROOTRCPT is set above or not). if [ "X$ROOTRCPT" = X ]; then > /etc/postfix/virtual else echo "root ROOTRCPT" > /etc/postfix/virtual fi > /etc/postfix/sasl_passwd [ $MAILRELAY_AUTHENTICATE = yes ] && echo "MAILRELAY_HOSTNAME MYSHORTHOSTNAME:MAILRELAY_PASSWD" >> /etc/postfix/sasl_passwd perl -pi -e "s/MYHOSTNAME/$MYHOSTNAME/g; \ s/MAILRELAY_HOSTNAME/$MAILRELAY_HOSTNAME/g; \ s/MAILRELAY_AUTHENTICATE/$MAILRELAY_AUTHENTICATE/g; \ s/MAILRELAY_PASSWD/$MAILRELAY_PASSWD/g; \ s/MYSHORTHOSTNAME/${MYHOSTNAME%%.*}/g; \ s/ROOTRCPT/${ROOTRCPT/@/\\@}/g" \ /etc/postfix/main.cf /etc/aliases /etc/postfix/virtual /etc/postfix/sasl_passwd newaliases postmap hash:/etc/postfix/virtual postmap hash:/etc/postfix/sasl_passwd service postfix stop sleep 1 service postfix start } configure_dyndns_client() { local # Get settings we'll need to determine who to delegate to. get_setting DYNDNSCLIENT_FLAG || return $? ! $DYNDNSCLIENT_FLAG || get_setting DYNDNSCLIENT_SERVICE || return $? if ! $DYNDNSCLIENT_FLAG; then : elif [ $DYNDNSCLIENT_SERVICE = "no-ip" ]; then configure_dyndns_client_noip else internal "$DYNDNSCLIENT_SERVICE: unhandled" fi } configure_dyndns_client_noip() { # Get settings we'll need for this task. get_setting DYNDNSCLIENT_NOIP_LOGIN || return $? get_setting DYNDNSCLIENT_NOIP_PASSWORD || return $? [ $TASK_MODE != get_settings ] || return 0 tar xzfC $MODROOT/lib/target/noip-duc-linux.tar.gz /var/tmp # We want to pass all parameters except the username and password # to 'noip -C'. This necessitates calling noip2 with the '-u' and # '-p' options to avoid it going into some funny mode to read those # things from the user. That in turn means not making use of the # Makefile's 'install' target, which otherwise handles pretty much # everything. make -s -C /var/tmp/noip-2.1.9-1 clean noip2 killall noip2 2>/dev/null || true cp /var/tmp/noip-2.1.9-1/noip2 /usr/local/bin echo -ne 'y\n30\nn\n' | /usr/local/bin/noip2 -C -u "$DYNDNSCLIENT_NOIP_LOGIN" -p "$DYNDNSCLIENT_NOIP_PASSWORD" # Start it automatically, as per Ubuntu. perl -pi -e 's/(exit 0)/#$1/' /etc/rc.local perl -pi -e 's@(/usr/local/bin/noip2)@#$1@' /etc/rc.local echo /usr/local/bin/noip2 >> /etc/rc.local # Start it now /usr/local/bin/noip2 # It doesn't refresh periodically, so we need to kill and rerun. echo "17 10 * * * root sh -c 'killall noip2; sleep 5; /usr/local/bin/noip2'" > /etc/cron.d/noip2 } configure_syslog_client() { # Get settings we'll need for this task. get_setting SYSLOGCLIENT_FLAG || return $? get_setting RELEASE || return $? ! $SYSLOGCLIENT_FLAG || get_setting SYSLOGCLIENT_SERVER || return $? [ $TASK_MODE != get_settings ] || return 0 # Task applicability (even standalone machines need to do some of this) $SYSLOGCLIENT_FLAG || return 0 # Peform task # One '@' means UDP, two means TCP. (Remove either but # add UDP only). perl -pi -e 's/^(\*\.\* \@{1,2}.*)/#$1/' /etc/rsyslog.conf { echo "*.* @$SYSLOGCLIENT_SERVER:514" } >> /etc/rsyslog.conf svcadmin restart rsyslog } configure_dns_client() { local NWADDR DHCPDCONF_FILE # Get settings we'll need for this task. get_setting RELEASE || return $? get_setting DNSCLIENT_DOMAIN || return $? get_setting DNSCLIENT_SERVERS || return $? [ $TASK_MODE != get_settings ] || return 0 # Task applicability (even standalone machines need DNS) : # Peform task { for DNSCLIENT_SERVER in $DNSCLIENT_SERVERS; do echo "nameserver $DNSCLIENT_SERVER" done echo "domain $DNSCLIENT_DOMAIN" echo "search $DNSCLIENT_DOMAIN" } > /etc/resolv.conf perl -pi -e 's/^(hosts: *).*/$1files dns/' /etc/nsswitch.conf # It is essential that packages can be installed now. We test this now. ping -c 1 -W 1 www.google.com > /dev/null || { error "internet access test failed"; return 1; } } configure_nscd() { local # Get settings we'll need for this task. [ $TASK_MODE != get_settings ] || return 0 # Task applicability (even standalone machines need DNS) : # Peform task # nscd is no longer broken! pkgadmin install nscd || return $? # bsdgames contains /usr/games/primes, which is useful for working out # cache sizes, which must be prime numbers. See nscd.conf(5) for details. pkgadmin install bsdgames || return $? # Increase all cache longetivities, increase host cache size, make nothing # persistent across restarts. perl -pi -e 's/^(\s*....tive-time-to-live\s+(?:passwd|group|hosts)\s+).*?$/${1}3600/' /etc/nscd.conf perl -pi -e 's/^(\s*suggested-size\s+hosts\s+).*?$/${1}9973/' /etc/nscd.conf perl -pi -e 's/^(\s*persistent\s+\S+\s+).*?$/${1}no/' /etc/nscd.conf # 'nscd -g' (which reports stats) won't work if 'clients' are allowed # to go directly to nscd's cache, rather than asking the nscd server. perl -pi -e 's/^(\s*shared\s+hosts\s+)yes/$1no/' /etc/nscd.conf } configure_nis_client() { local LINK # Get settings we'll need for this task. get_setting NISCLIENT_FLAG || return $? ! $NISCLIENT_FLAG || get_setting NISCLIENT_DOMAIN || return $? ! $NISCLIENT_FLAG || get_setting NISCLIENT_MODE || return $? ! $NISCLIENT_FLAG || [ $NISCLIENT_MODE = broadcast ] || get_setting NISCLIENT_SERVER || return $? [ $TASK_MODE != get_settings ] || return 0 # Task applicability $NISCLIENT_FLAG || return 0 # Peform task info "configuring NIS ..." pkgadmin install nis || return $? echo $NISCLIENT_DOMAIN > /etc/defaultdomain pkgadmin install autofs || return $? perl -pi -e 's/^(NISSERVER)=.*/$1=false/' /etc/default/nis perl -pi -e 's/^(NISCLIENT)=.*/$1=true/' /etc/default/nis if [ $NISCLIENT_MODE = broadcast ]; then echo "domain $NISCLIENT_DOMAIN broadcast" > /etc/yp.conf else echo "domain $NISCLIENT_DOMAIN server $NISCLIENT_SERVER" > /etc/yp.conf fi perl -pi -e 's/^((?:passwd|group): *).*/$1files nis/' /etc/nsswitch.conf info "configuring automounter ..." perl -pi -e 's/^(TIMEOUT|LOGGING)=/#$1/' /etc/default/autofs echo "TIMEOUT=1200" >> /etc/default/autofs echo "LOGGING=\"verbose\"" >> /etc/default/autofs { echo "/home yp:auto.home" echo "/staging yp:auto.staging" } > /etc/auto.master mkdir -p /staging # This is a bit site specific rm -f /pub ln -s staging/pub /pub # Activate above changes svcadmin restart nis svcadmin restart autofs # nscd won't pick up the change unless it is restarted svcadmin restart nscd } execute_reboot() { # Get settings we'll need for this task. [ $TASK_MODE != get_settings ] || return 0 # Task applicability : # Peform task info "rebooting ..." # Ordinarily we leave it to the task manager to mark the task done, but it # won't have a chance to do that 'cos we're going to reboot here. So here # we note it done actually before we do it. That way we ensure we don't # run this task again. set_task_done $FUNCNAME sync reboot # Since the reboot command returns immediately, only scheduling an # immediate reboot, then if we were to do nothing here then this # function will return and the task master will call the next task # function and that's likely to not complete properly. Although the # task functions are written to be reentrant, nonetheless, we ensure # the script exits by exiting ourselves here. exit 0 } remove_packages_unwanted() { local # Get settings we'll need for this task. get_setting RELEASE || return $? [ $TASK_MODE != get_settings ] || return 0 # Task applicability : # Peform task info "performing stuff that must be done very late ..." # Task applicability : # Remove some definitely unwanted packages. pkgadmin remove dnsmasq dnsmasq-base libnss-mdns avahi-daemon # Remove big stuff pkgadmin remove lilypond-doc texlive-latex-extra-doc # Dictionaries pkgadmin remove iamerican wamerican hunspell-en-us # VLC pkgadmin remove vlc vlc-data vlc-nox libvlccore5 libvlc5 vlc-nox vlc-plugin-notify vlc-plugin-pulse # Gnome pkgadmin remove nautilus brasero # Misc (garnered from debfoster output) pkgadmin remove okular module-assistant tk8.4 # Remove prerequisites that were installed only for stuff since removed apt-get -y --purge autoremove # Clean cached packages apt-get clean } ############################################################################## # # COMMON SUB-TASKS # ############################################################################## install_java() { ## Java will want the license accepted #{ # echo "sun-java6-bin shared/accepted-sun-dlj-v1-1 boolean true" # echo "sun-java6-jre shared/accepted-sun-dlj-v1-1 boolean true" #} | debconf-set-selections #pkgadmin install sun-java6-jre sun-java6-plugin || return $? pkgadmin install icedtea-7-plugin || return $? } install_apache() { debug 10 "install_apache2: installing apache2-mpm-worker ..." pkgadmin install apache2-mpm-worker || return $? # Tell apache2 to start after autofs (the default is the other way round) perl -pi -e 's/^(# Required-(?:Stop|Start):.*)/$1 autofs/' /etc/init.d/apache2 svcadmin defaults apache2 } ############################################################################## # # SETTING GETTERS # ############################################################################## get_workaround_727628() { local SETTING_REF SETTING_REF=$1 # Get settings needed for this function. get_setting RELEASE || return $? # Guts if [ $RELEASE = wheezy ]; then eval "$SETTING_REF=true" else question --force-ask=false --prompted-vars-list=SETTINGS_WHICH_CALLED_THE_QUESTION_FUNCTION $SETTING_REF "work around BTS#727628 (xfce4-weather-plugin \"No data\")" "$DFLT_DNSCLIENT_FLAG" "" validate_true echo fi } get_workaround_611584() { local SETTING_REF SETTING_REF=$1 # Get settings needed for this function. # Guts eval "$SETTING_REF=true" } get_dnsclient_flag() { local SETTING_REF SETTING_LOCAL DFLT_DNSCLIENT_SERVER SETTING_REF=$1 get_setting DNSSERVER_FLAG || return $? DFLT_DNSCLIENT_FLAG=true # Note the 'validate_true' because we currently don't allow that it is not a DNS # client (a *truly* standalone machine). question --force-ask=false --prompted-vars-list=SETTINGS_WHICH_CALLED_THE_QUESTION_FUNCTION $SETTING_REF "is this a DNS client" "$DFLT_DNSCLIENT_FLAG" "" validate_true echo } get_ntpclient_servers() { local SETTING_REF DFLT_NTPCLIENT_SERVERS SETTING_REF=$1 get_setting DNSCLIENT_DOMAIN || return $? DFLT_NTPCLIENT_SERVERS=time.$DNSCLIENT_DOMAIN question --force-ask=false --prompted-vars-list=SETTINGS_WHICH_CALLED_THE_QUESTION_FUNCTION $SETTING_REF "space-separated hostname(s) of NTP server(s)" "$DFLT_NTPCLIENT_SERVERS" "" true echo } get_dnsclient_servers() { local SETTING_REF SETTING_LOCAL DFLT_DNSCLIENT_SERVERS SETTING_REF=$1 DFLT_DNSCLIENT_SERVERS= question --force-ask=false --prompted-vars-list=SETTINGS_WHICH_CALLED_THE_QUESTION_FUNCTION $SETTING_REF "space-separated IP address(es) of DNS server(s)" "$DFLT_DNSCLIENT_SERVERS" "" "validate_list validate_ipaddr" echo } get_mailclient_server() { local SETTING_REF DFLT_MAILCLIENT_SERVER SETTING_REF=$1 get_setting DNSCLIENT_DOMAIN || return $? DFLT_MAILCLIENT_SERVER=smtp.$DNSCLIENT_DOMAIN question --force-ask=false --prompted-vars-list=SETTINGS_WHICH_CALLED_THE_QUESTION_FUNCTION $SETTING_REF "hostname of mail server" "$DFLT_MAILCLIENT_SERVER" "" validate_fullyqualified_hostname rationalise_fullyqualified_hostname } get_trustclient_key() { local SETTING_REF DFLT_TRUSTCLIENT_KEY SETTING_REF=$1 # No default, because mdi would like to propogate it; if we define it here # then it becomes defined twice. DFLT_TRUSTCLIENT_KEY= question --force-ask=false --prompted-vars-list=SETTINGS_WHICH_CALLED_THE_QUESTION_FUNCTION $SETTING_REF "SSH public key of trust server" "$DFLT_TRUSTCLIENT_KEY" "" validate_pubkey echo } get_nagiosclient_flag() { local SETTING_REF SETTING_LOCAL DFLT_NAGIOSCLIENT_SERVER SETTING_REF=$1 DFLT_NAGIOSCLIENT_FLAG=true question --force-ask=false --prompted-vars-list=SETTINGS_WHICH_CALLED_THE_QUESTION_FUNCTION $SETTING_REF "is this a Nagios client" "$DFLT_NAGIOSCLIENT_FLAG" "" validate_logical rationalise_logical } get_nagiosclient_serverpubkey() { local SETTING_REF DFLT_NAGIOSCLIENT_KEY SETTING_REF=$1 DFLT_NAGIOSCLIENT_KEY="ssh-dss AAAAB3NzaC1kc3MAAACBALewGvXQqPICGF6XxFL+1ha0x3KEOJ2Mm1Bkn7S6kHv0Bzic1vJLDQ8GkMwgxzlR7hR9n4EjK3Pw/W6VcJ5OItaqJw7HbJnowgp2T4/p625YzNNgsdb3HQtPO15H9kbrbxGL2tUuzGmOMJ2O69xVOw4vz12D6fVcbxkaBWAnfL2nAAAAFQDa9QqaXK7j3BA28zcQ72TMyN2UDwAAAIBO4zJjkmBzy9971ELRwx+wy9WaOjjeKHS2YFHl7ChYlAW5Jj+Ps8CITk3CdUsN0cIFQQIA2PgyA+ToTmPAm7PcJ58oN4zeHBsriMWoKR6izbkDMpNIiTTInfKqQpE75LENPmOrV0rILWgmFVIE5lesW21fd/ywveEBjpvLwT451wAAAIBlc/JT3xqabmboP6WoYYNgecJMZSMmnne3GrG4cNsnh4LNcAFzbApbH2k7KEKhKEGN3PLnbdW7kTR6srFp2FMXf4qdn54oXuOjWKnFeT/yNl7fmSQU8qWH8mebo5gbsCD1AZhXCZK1qCW5TL6Q3myBtcs1Nc0vdomFm+SbNilqvQ== nagios@spirali" question --force-ask=false --prompted-vars-list=SETTINGS_WHICH_CALLED_THE_QUESTION_FUNCTION $SETTING_REF "SSH public key of Nagios server" "$DFLT_NAGIOSCLIENT_KEY" "" validate_pubkey echo } get_syslogclient_server() { local SETTING_REF DFLT_SYSLOGCLIENT_SERVER SETTING_REF=$1 get_setting DNSCLIENT_DOMAIN || return $? DFLT_SYSLOGCLIENT_SERVER=syslog.$DNSCLIENT_DOMAIN question --force-ask=false --prompted-vars-list=SETTINGS_WHICH_CALLED_THE_QUESTION_FUNCTION $SETTING_REF "hostname of syslog server" "$DFLT_SYSLOGCLIENT_SERVER" "" validate_fullyqualified_hostname rationalise_fullyqualified_hostname } get_nisclient_server() { local SETTING_REF SETTING_LOCAL DFLT_NISCLIENT_SERVER SETTING_REF=$1 get_setting DNSCLIENT_DOMAIN || return $? DFLT_NISCLIENT_SERVER=yp.$DNSCLIENT_DOMAIN question --force-ask=false --prompted-vars-list=SETTINGS_WHICH_CALLED_THE_QUESTION_FUNCTION $SETTING_REF "name of NIS server" "$DFLT_NISCLIENT_SERVER" "" validate_fullyqualified_hostname rationalise_fullyqualified_hostname } get_amandaclient_server() { local SETTING_REF SETTING_LOCAL DFLT_AMANDACLIENT_SERVER SETTING_REF=$1 get_setting DNSCLIENT_DOMAIN || return $? DFLT_AMANDACLIENT_SERVER=backup.$DNSCLIENT_DOMAIN question --force-ask=false --prompted-vars-list=SETTINGS_WHICH_CALLED_THE_QUESTION_FUNCTION $SETTING_REF "name of Amanda backup server" "$DFLT_AMANDACLIENT_SERVER" "" validate_fullyqualified_hostname rationalise_fullyqualified_hostname } get_rdwclient_server() { local SETTING_REF SETTING_LOCAL DFLT_RDWCLIENT_SERVER SETTING_REF=$1 get_setting DNSCLIENT_DOMAIN || return $? DFLT_RDWCLIENT_SERVER=backup.$DNSCLIENT_DOMAIN question --force-ask=false --prompted-vars-list=SETTINGS_WHICH_CALLED_THE_QUESTION_FUNCTION $SETTING_REF "name of RDW backup server" "$DFLT_RDWCLIENT_SERVER" "" validate_fullyqualified_hostname rationalise_fullyqualified_hostname } get_gangliaclient_server() { local SETTING_REF SETTING_LOCAL DFLT_GANGLIACLIENT_SERVER SETTING_REF=$1 get_setting DNSCLIENT_DOMAIN || return $? DFLT_GANGLIACLIENT_SERVER=ganglia.$DNSCLIENT_DOMAIN question --force-ask=false --prompted-vars-list=SETTINGS_WHICH_CALLED_THE_QUESTION_FUNCTION $SETTING_REF "name of ganglia server" "$DFLT_GANGLIACLIENT_SERVER" "" validate_fullyqualified_hostname rationalise_fullyqualified_hostname } get_ssd_flag() { local SETTING_REF SETTING_LOCAL SETTING_REF=$1 get_setting VM_FLAG || return $? if $VM_FLAG; then SETTING_LOCAL=false # This comes from http://unix.stackexchange.com/questions/65595/how-to-know-if-a-disk-is-an-ssd-or-an-hdd. elif grep -q 0 /sys/block/sd?/queue/rotational; then SETTING_LOCAL=true else SETTING_LOCAL=false fi eval "$SETTING_REF=\"\$SETTING_LOCAL\"" } get_realtek_flag() { local SETTING_REF SETTING_LOCAL SETTING_REF=$1 # Realtek RTL8111/8168B (in mandala) if lspci -n | grep -q 10ec:8168; then SETTING_LOCAL=true # Other cards will require this script to be modified. elif lspci -n | grep -q 10ec:; then internal "get_realtek_flag: looks like there is an Realtek card not supported by this script; please update script" # No Realtek card. else SETTING_LOCAL=false fi eval "$SETTING_REF=\"\$SETTING_LOCAL\"" } get_nvidia_flag() { local SETTING_REF SETTING_LOCAL SETTING_REF=$1 get_setting RELEASE || return $? # nVidia NV44 [Quadro NVS 285] (in torchio) if lspci -n | grep -q 10de:0165; then SETTING_LOCAL=true # nVidia G84 [Quadro FX 570] (in fiori) elif lspci -n | grep -q 10de:040e; then SETTING_LOCAL=true # nVidia NVS 160M (in Dell Latitude E6500) elif lspci -n | grep -q 10de:06eb; then SETTING_LOCAL=true # Other cards will require this script to be modified. If one of the legacy drivers is required # then I might need to change NVIDIA_FLAG from being a logical to being a string representing which, # if any, driver to use. Note there is a script on http://wiki.debian.org/NvidiaGraphicsDrivers # which will identify which driver is needed; search that page for "To determine which version you should use" elif lspci -n | grep -q 10de:; then internal "get_nvidia_flag: looks like there is an nVidia card not supported by this script; please update script" # No nVidia card. else SETTING_LOCAL=false fi eval "$SETTING_REF=\"\$SETTING_LOCAL\"" } get_radeon_flag() { local SETTING_REF SETTING_LOCAL SETTING_REF=$1 get_setting RELEASE || return $? # Radeon HD 6310 (in mandala) if lspci -n | grep -q 1002:9802; then SETTING_LOCAL=true # Other cards will require this script to be modified. If one of the legacy drivers is required # then I might need to change RADEON_FLAG from being a logical to being a string representing which, # if any, driver to use. elif lspci -n | grep -q 1002:; then internal "get_radeon_flag: looks like there is an Radeon card not supported by this script; please update script" # No Radeon card. else SETTING_LOCAL=false fi eval "$SETTING_REF=\"\$SETTING_LOCAL\"" } get_release() { local SETTING_REF SETTING_LOCAL SETTING_REF=$1 SETTING_LOCAL=$(lsb_release -c | sed 's/.*[ \t]//') eval "$SETTING_REF=\"\$SETTING_LOCAL\"" } get_arch() { local SETTING_REF SETTING_LOCAL UNAMEM SETTING_REF=$1 UNAMEM=$(uname -m) case $UNAMEM in i686) SETTING_LOCAL=i386 ;; x86_64) SETTING_LOCAL=amd64 ;; *) internal "get_arch: $UNAMEM: unhandled architecture" ;; esac eval "$SETTING_REF=\"\$SETTING_LOCAL\"" } get_dhcpserver_flag() { local SETTING_REF SETTING_LOCAL SETTING_REF=$1 get_setting DNSSERVER_FLAG || return $? eval "$SETTING_REF=$DNSSERVER_FLAG" } get_vm_flag() { local SETTING_REF SETTING_LOCAL SETTING_REF=$1 question --force-ask=false --prompted-vars-list=SETTINGS_WHICH_CALLED_THE_QUESTION_FUNCTION $SETTING_REF "is this an VM" "y" "" validate_logical rationalise_logical } get_hvm_flag() { local SETTING_REF SETTING_LOCAL SETTING_REF=$1 get_setting VM_FLAG || return $? if $VM_FLAG; then question --force-ask=false --prompted-vars-list=SETTINGS_WHICH_CALLED_THE_QUESTION_FUNCTION $SETTING_REF "is this an HVM" "n" "" validate_logical rationalise_logical else SETTING_LOCAL=false eval "$SETTING_REF=$SETTING_LOCAL" fi } get_nis_domain() { local SETTING_REF SETTING_LOCAL SETTING_REF=$1 get_setting DNSCLIENT_DOMAIN || return $? eval "$SETTING_REF=$DNSCLIENT_DOMAIN" } get_nic_method() { local DFLT_METHOD NIC SETTING_REF SETTING_LOCAL SETTING_REF=$1 NIC=$(var2nic $SETTING_REF) debug 100 "get_nic_method: SETTING_REF=$SETTING_REF, NIC=$NIC" if expr "$NIC" : 'br.*' > /dev/null; then DFLT_METHOD=static elif expr "$NIC" : 'eth.*' > /dev/null; then DFLT_METHOD=static else DFLT_METHOD=dhcp fi question --force-ask=false --prompted-vars-list=SETTINGS_WHICH_CALLED_THE_QUESTION_FUNCTION $SETTING_REF "$NIC config method (dhcp, static, manual, none)" "$DFLT_METHOD" "" "validate_method" echo } get_nic_hostname() { local NIC SETTING_REF SETTING_LOCAL SETTING_REF=$1 NIC=$(var2nic $SETTING_REF) debug 100 "get_nic_hostname: SETTING_REF=$SETTING_REF, NIC=$NIC" question --force-ask=false --prompted-vars-list=SETTINGS_WHICH_CALLED_THE_QUESTION_FUNCTION $SETTING_REF "$NIC hostname (, none)" "" "" validate_hostname_or_none echo } get_nic_ipaddr() { local SETTING_REF SETTING_LOCAL NIC SETTING_REF=$1 NIC=$(var2nic $SETTING_REF) question --force-ask=false --prompted-vars-list=SETTINGS_WHICH_CALLED_THE_QUESTION_FUNCTION $SETTING_REF "$NIC IP address" "" "" validate_ipaddr echo } get_nic_brnics() { local SETTING_REF NIC DFLT_BRIDGENICS SETTING_REF=$1 NIC=$(var2nic $SETTING_REF) debug 10 "get_nic_brnics: NIC=$NIC" debug 10 "get_nic_brnics: checking if NIC looks like a bridge ..." if ! [[ $NIC =~ ^br ]]; then debug 10 "get_nic_brnics: NIC does not look like a bridge, so saying it can have no NICs plumbed into it" SETTING_LOCAL=none eval "$SETTING_REF=\"\$SETTING_LOCAL\"" return 0 fi debug 10 "get_nic_brnics: NIC does look like a bridge, so will ask ..." case $NIC in br0) DFLT_BRIDGENICS=eth0 ;; br*) DFLT_BRIDGENICS=eth0.${NIC#br} ;; *) internal "get_nic_brnics: earlier code in this function should have ensured we don't arrive here" ;; esac question --force-ask=false --prompted-vars-list=SETTINGS_WHICH_CALLED_THE_QUESTION_FUNCTION $SETTING_REF "NICs to be plumbed into the $NIC bridge" "$DFLT_BRIDGENICS" "" "validate_nic_list_or_none" echo } get_nic_netmask() { local SETTING_REF SETTING_LOCAL NIC IPADDR DFLT_NETMASK SETTING_REF=$1 NIC=$(var2nic $SETTING_REF) get_setting NIC_CONFIG_IPADDR_$NIC || return $? eval "IPADDR=\$NIC_CONFIG_IPADDR_$(nic2hashindex $NIC)" case $IPADDR in 192.168.*) DFLT_NETMASK=255.255.255.0 ;; *) DFLT_NETMASK= ;; esac question --force-ask=false --prompted-vars-list=SETTINGS_WHICH_CALLED_THE_QUESTION_FUNCTION $SETTING_REF "$NIC netmask" "$DFLT_NETMASK" "" validate_netmask echo } get_nic_gatewayipaddr() { local SETTING_REF SETTING_LOCAL NIC DFLT_GATEWAYIPADDR SETTING_REF=$1 NIC=$(var2nic $SETTING_REF) ! [[ $NIC =~ ^br[1-9]$ ]] || DFLT_GATEWAYIPADDR=none question --force-ask=false --prompted-vars-list=SETTINGS_WHICH_CALLED_THE_QUESTION_FUNCTION $SETTING_REF "$NIC gateway IP address (, none)" "" "" validate_ipaddr_or_none echo } get_upstream_news_servers() { local SETTING_REF SETTING_LOCAL SETTING_REF=$1 eval "$SETTING_REF=\"\$SETTING_LOCAL\"" } get_loginserver_runx_flag() { local SETTING_REF SETTING_LOCAL DFLT_LOGINSERVER_RUNX_FLAG SETTING_REF=$1 get_setting LOGINSERVER_FLAG || return $? get_setting VM_FLAG || return $? get_setting HVM_FLAG || return $? # Non-login servers don't manage displays. if ! $LOGINSERVER_FLAG; then SETTING_LOCAL=false eval "$SETTING_REF=\"\$SETTING_LOCAL\"" # PV VMs don't. elif $VM_FLAG && ! $HVM_FLAG; then SETTING_LOCAL=false eval "$SETTING_REF=\"\$SETTING_LOCAL\"" # All the rest do. else SETTING_LOCAL=true eval "$SETTING_REF=\"\$SETTING_LOCAL\"" fi } get_loginserver_networkmanager_flag() { local SETTING_REF BRIDGE_IN_NICS_RE SETTING_REF=$1 get_setting LOGINSERVER_FLAG || return $? get_setting NICS || return $? # Sanity checks and derivations BRIDGE_IN_NICS_RE='\bbr[0-9]\b' # Non-login servers use static NIC configurations. if ! $LOGINSERVER_FLAG; then eval "$SETTING_REF=false" # Login servers with bridges need static NIC configurations elif [[ $NICS =~ $BRIDGE_IN_NICS_RE ]]; then eval "$SETTING_REF=false" # Otherwise ask. else question --force-ask=false --prompted-vars-list=SETTINGS_WHICH_CALLED_THE_QUESTION_FUNCTION $SETTING_REF "run network manager" n "" validate_logical rationalise_logical fi } ############################################################################## # # SETTINGS MANAGEMENT # ############################################################################## load_settings() { debug 10 "load_settings: sof" if [ -f $PDI_PARAMS_FILE ]; then . $PDI_PARAMS_FILE # Seed pdi answers with mdi answers elif [ -f $MDI_PARAMS_FILE ]; then cp $MDI_PARAMS_FILE $PDI_PARAMS_FILE . $PDI_PARAMS_FILE # Avoid complains later when we cmp against this file. else touch $PDI_PARAMS_FILE fi } save_settings() { local VAR debug 10 "save_settings: sof" mkdir -p $(dirname $PDI_PARAMS_FILE) for VAR in "${SETTINGS_WHICH_CALLED_THE_QUESTION_FUNCTION[@]}"; do eval "echo \"$VAR=\\\"\$$VAR\\\"\"" done | sort -u > $PDI_PARAMS_FILE.$$ if cmp -s $PDI_PARAMS_FILE $PDI_PARAMS_FILE.$$; then rm -f $PDI_PARAMS_FILE.$$ return 0 fi # Save answers so that pdi and udi's fix_missing_udi_params_file() function can read them. mv $PDI_PARAMS_FILE.$$ $PDI_PARAMS_FILE info "settings have been saved; sleeping 10s in case you want to break out before running tasks ..." sleep 10 return 0 } get_settings() { local I TASK_MODE debug 10 "get_settings: sof" for ((I=0; $I<${#ALL_TASKS[*]}; I++)); do debug 100 "get_settings: requesting task handler '${ALL_TASKS[$I]}' to collect settings ..." TASK_MODE=get_settings ${ALL_TASKS[$I]} || return $? done } get_setting() { local I SETTING_REF SETTING_REGEXP SETTER_TYPE SETTER_PARAMLIST SETTING_REF=$1 # Determine setter for $SETTING_REF MATCH=false for ((I=0; $I<${#REGEXP2EVALUATOR_MAP[*]}; I=I+3)); do SETTING_REGEXP=${REGEXP2EVALUATOR_MAP[$I]} SETTER_TYPE=${REGEXP2EVALUATOR_MAP[$((I+1))]} SETTER_PARAMLIST=${REGEXP2EVALUATOR_MAP[$((I+2))]} # This expr call is very time consuming over the many loops. [[ ... ]] is *much* faster. #! expr "$SETTING_REF" : "$SETTING_REGEXP\$" > /dev/null || { MATCH=true; break; } [[ $SETTING_REF =~ ^$SETTING_REGEXP$ ]] && { MATCH=true; break; } done $MATCH || internal "$SETTING_REF: no setter found" if [ $SETTER_TYPE = assign ]; then eval "$SETTING_REF=\"$SETTER_PARAMLIST\"" elif [ $SETTER_TYPE = question ]; then debug 10 "get_setting: calling question() for $SETTING_REF ..." eval "question --force-ask=false --prompted-vars-list=SETTINGS_WHICH_CALLED_THE_QUESTION_FUNCTION $SETTING_REF $SETTER_PARAMLIST" >&2 elif [ $SETTER_TYPE = function ]; then $SETTER_PARAMLIST $SETTING_REF || return $? else internal "get_setting: $SETTER_TYPE: unhandled case" fi return 0 } ############################################################################## # # TASK MANAGEMENT # ############################################################################## exec_tasks() { for ((I=0; $I<${#TASKS[*]}; I++)); do if [ $APPLY_MODE = skip ]; then set_task_done ${TASKS[$I]} elif [ $APPLY_MODE = force ] || ! get_task_done ${TASKS[$I]}; then info "starting task ${TASKS[$I]} ..." [ "X$(type -t ${TASKS[$I]})" = Xfunction ] || error "${TASKS[$I]}: no such task" TASK_MODE=perform_tasks ${TASKS[$I]} || return $? set_task_done ${TASKS[$I]} #info "finished task ${TASKS[$I]}; sleeping 10s before next task ..." #sleep 10 fi done } set_task_done() { local TASK TASK=$1 mkdir -p ~/.$PROGNAME/tasks-done touch ~/.$PROGNAME/tasks-done/$TASK } get_task_done() { local TASK TASK=$1 [ -f ~/.$PROGNAME/tasks-done/$TASK ] } ############################################################################## # # UTILS # ############################################################################## ipaddrander() { perl -e 'sub i2n { my($i)=@_; return(hex(sprintf("%02x%02x%02x%02x", split(/\./, $i)))); } sub n2i { my($n)=@_; join(".", $n/256**3%256, $n/256**2%256, $n/256%256, $n%256) } printf "%s\n", &n2i(&i2n($ARGV[0]) & &i2n($ARGV[1]));' $1 $2 } sort_nics_so_lo_comes_out_first() { local NICS NIC NICS="$1" for NIC in $NICS; do case $NIC in lo) echo "0 $NIC" ;; *) echo "1 $NIC" ;; esac done | sort -k 1n | cut -f2 -d' ' } lc() { echo "$1" | tr '[A-Z]' '[a-z]' } send_email() { /usr/lib/sendmail -t } start_shell() { local MESSAGE PROMPT DIR WRAP MESSAGE="Launching shell ..." PROMPT="$PROGNAME> " DIR=. WRAP=true while [ "X$1" != X ]; do case "$1" in --no-wrap) WRAP=false ;; --wrap=*) WRAP=${1#*=} ;; --prompt=*) PROMPT=${1#*=} ;; --message=*) MESSAGE=${1#*=} ;; --dir=*) DIR=${1#*=} ;; --) shift; break ;; -*) internal "start_shell: $1: unknown option" ;; *) break ;; esac shift done echo -e "$MESSAGE" | if $WRAP; then fmt -72 else cat fi ( cd $DIR && PS1="$PROMPT" bash --norc ) echo } svcadmin() { local VERB SERVICE VERB=$1 SERVICE=$2 get_setting RELEASE || return $? case $VERB in restart|reload|start|stop) service $SERVICE $VERB ;; remove) update-rc.d -f $SERVICE remove ;; defaults) update-rc.d -f $SERVICE defaults > /dev/null ;; *) internal "svcadmin: $VERB: unhandled " ;; esac } pkgadmin() { local VERB APTGET_OPTS ALLOWUNAUTHENTICATED_OPT PKG # Defaults for options ALLOWUNAUTHENTICATED_OPT= NOINSTALLRECOMMENDS_OPT= # Process options while [ "X$1" != X ]; do case $1 in --allow-unauthenticated) ALLOWUNAUTHENTICATED_OPT=--allow-unauthenticated ;; --no-install-recommends) NOINSTALLRECOMMENDS_OPT=--no-install-recommends ;; --) shift; break ;; -*) internal "pkgadmin: $1: invalid option" ;; *) break ;; esac shift done # Process arguments [ "X$1" != X ] || internal "pkgadmin: usage error (no verb)" VERB=$1 shift # This keeps turning on. Here we just fix it every time. ! [ -x /usr/bin/debconf-set-selections ] || echo "debconf debconf/frontend select noninteractive" | debconf-set-selections # Unauthenticated needed because Debian certificate expired. APT_OPTS="-y -qq $ALLOWUNAUTHENTICATED_OPT $NOINSTALLRECOMMENDS_OPT" # Guts if [ $VERB = remove ]; then info "removing $* ..." apt-get $APT_OPTS --purge remove "$@" > /dev/null MATCH=false for PKG in "$@"; do ! dpkg -l $PKG 2>&1 | grep '^ii' > /dev/null || { MATCH=true; break; } done ! $MATCH || { error "a package in this batch ($*) is still installed"; return 1; } elif [ $VERB = install ]; then # apt-get does not like being run in the background (e.g. when pdi # itself is backgrounded); setsid fixes this. setsid apt-get $APT_OPTS --purge --reinstall -o DPkg::options::=--force-confmiss,confnew install "$@" >> /var/tmp/$PROGNAME-apt.log 2>&1 || true # That on its own was not enough to mark packages not for autoremoval. # This is and we can now guarantee it won't ask anything awkward. setsid apt-get $APT_OPTS install "$@" >> /var/tmp/$PROGNAME-apt.log 2>&1 || true debug 10 "pkgadmin: checking packages are installed ..." MATCH=false for PKG in "$@"; do dpkg -l $PKG 2>&1 | grep '^ii' > /dev/null || { MATCH=true; break; } done ! $MATCH || { error "a package in this batch ($*) failed to install"; return 1; } elif [ $VERB = update ]; then info "update ..." # This update seems particularly problematic, so we'll leave # the invisible and visible versions here, albeit with one # commented out. apt-get $APT_OPTS update >> /var/tmp/$PROGNAME-apt.log 2>&1 #apt-get -y update elif [ $VERB = upgrade ]; then info "upgrading $* ..." apt-get $APT_OPTS dist-upgrade >> /var/tmp/$PROGNAME-apt.log 2>&1 elif [ $VERB = list ]; then dpkg -l | awk '{ print $2 }' elif [ $VERB = checkpoint ]; then dpkg -l | sed -n 's/^ii *\([^ ]*\).*/\1/p' | sort > /var/tmp/$PROGNAME-checkpoint elif [ $VERB = rollback -a -f /var/tmp/$PROGNAME-checkpoint ]; then apt-get $APT_OPTS --purge remove $(diff /var/tmp/$PROGNAME-checkpoint <(dpkg -l | sed -n 's/^ii *\([^ ]*\).*/\1/p' | sort) | sed -n 's/^> //p' | paste -s -d' ') elif [ $VERB = rollback -a ! -f /var/tmp/$PROGNAME-checkpoint ]; then internal "pkgadmin: rollback without checkpoint" elif [ $VERB = verify-installed ]; then MATCH=false for PKG in "$@"; do dpkg -l $PKG | grep '^ii' > /dev/null || { MATCH=true; break; } done ! $MATCH || { error "a package in this batch ($*) is not installed"; return 1; } else internal "pkgadmin: $VERB: unhandled verb" fi } configure_nagios_client() { # Get settings we'll need for this task. get_setting NAGIOSCLIENT_FLAG || return $? ! $NAGIOSCLIENT_FLAG || get_setting NAGIOSCLIENT_KEY || return $? [ $TASK_MODE != get_settings ] || return 0 # Task applicability $NAGIOSCLIENT_FLAG || return 0 # Peform task pkgadmin install nagios-plugins-basic nagios-plugins sudo # Set up nagios account groupadd --system nagios useradd --system --home-dir /var/local/nagios --gid nagios --create-home --shell /bin/bash nagios mkdir -p ~nagios/.ssh echo "$NAGIOSCLIENT_KEY" >> ~nagios/.ssh/authorized_keys chown -R nagios:nagios ~nagios/ # Remove crud from sudoers. echo "# [,...] [,...] = [NOPASSWD:] [,...]" > /etc/sudoers # Local plugins mkdir -p /usr/local/opt/nagios chown -R nagios:nagios /usr/local/opt/nagios send_email <> /etc/sudoers } rc2truth() { local CODE TRUTH TRUTH_REF CODE=$1 TRUTH_REF=$2 if eval "$CODE"; then TRUTH=true else TRUTH=false fi eval "$TRUTH_REF=$TRUTH" } var2nic() { local VAR HASHINDEX VAR="$1" HASHINDEX=${VAR##*_} echo "$HASHINDEX" | sed 's/DOT/./g' } nic2hashindex() { local NIC NIC="$1" echo "$NIC" | sed 's/\./DOT/g' } main "$@"