Commit 4759fbca authored by Marco Marinello's avatar Marco Marinello

Merge branch 'develop' into 'master'

Develop

See merge request !1
parents 9b682d44 2595ecba
Pipeline #36 passed with stages
in 17 minutes and 24 seconds
clientScripts/new_root_pw
README.pdf
README.txt
vmlinuz
initrd.img
filesystem.squashfs
Clonezilla-Live-Version
live/squashfs-root
clonezilla_live.pub
id_rsa
id_rsa.pub
debian/fuss-fucc
debian/.debhelper/
debian/debhelper-build-stamp
debian/files
debian/fuss-fucc.debhelper.log
debian/fuss-fucc.substvars
variables:
GIT_DEPTH: 1
# Is performed before the scripts in the stages step
before_script:
- source /etc/profile
# Defines stages which are to be executed
stages:
- clonezilla
- packaging
# Stage "build"
rebuild-squashfs:
image: debian:buster
stage: clonezilla
script:
- apt-get update -qy
- apt-get install -y build-essential debhelper libncurses5-dev libglib2.0-dev libgeoip-dev libtokyocabinet-dev zlib1g-dev libncursesw5-dev libbz2-dev unzip wget squashfs-tools openssh-client
- make full-clean
- make rebuild-squashfs
# The files which are to be made available in GitLab
artifacts:
paths:
- live/Clonezilla-Live-Version
- live/filesystem.squashfs
- live/initrd.img
- live/vmlinuz
- utils/clonezilla_live.pub
build-buster:
image: debian:buster
stage: packaging
script:
- apt-get update -qy
- apt-get install -y build-essential debhelper libncurses5-dev libglib2.0-dev libgeoip-dev libtokyocabinet-dev zlib1g-dev libncursesw5-dev libbz2-dev pandoc devscripts texlive
- debian/rules debsrc
- mkdir dist
- cp ../* dist || true
# The files which are to be made available in GitLab
artifacts:
paths:
- dist
Donato Florio
Paolo Dongilli
Marco Marinello
This diff is collapsed.
CLONEZILLA_SOURCE="https://vorboss.dl.sourceforge.net/project/clonezilla/clonezilla_live_stable/2.6.2-15/clonezilla-live-2.6.2-15-i686.zip"
CLONEZILLA_SAVE_TO="../clonezilla-orig.zip"
all:
full-clean:
rm -f ${CLONEZILLA_SAVE_TO}
rm -rf live
download:
test -e ${CLONEZILLA_SAVE_TO} || wget -O ${CLONEZILLA_SAVE_TO} ${CLONEZILLA_SOURCE}
prepare-clonezilla: download
test -e live || unzip ${CLONEZILLA_SAVE_TO} live/*
rm -f live/filesystem.packages live/filesystem.packages-remove live/filesystem.size live/freedos.img live/ipxe.efi live/ipxe.lkn live/memtest
rebuild-squashfs: prepare-clonezilla
useradd clonezilla || true
cd live; test -e squashfs-root || unsquashfs filesystem.squashfs
cd live/squashfs-root; test -e home/clonezilla/.ssh || mkdir -p home/clonezilla/.ssh
cd live/squashfs-root/home/clonezilla/.ssh; test -e id_rsa || ssh-keygen -t rsa -N "" -f id_rsa -C "clonezilla@fucc-live"
chmod 700 live/squashfs-root/home/clonezilla/.ssh
chmod 600 live/squashfs-root/home/clonezilla/.ssh/id_rsa
chmod 644 live/squashfs-root/home/clonezilla/.ssh/id_rsa.pub
chown -R clonezilla. live/squashfs-root/home/clonezilla/.ssh
cd live; rm -f filesystem.squashfs; mksquashfs squashfs-root filesystem.squashfs -comp zstd
rm -f live/squashfs-root/home/clonezilla/.ssh/id_rsa
cp live/squashfs-root/home/clonezilla/.ssh/id_rsa.pub utils/clonezilla_live.pub
# FUSS FUCC
## Fully Unattended Clonezilla Cloning
## Ottenere una copia di FUSS FUCC
### Da repository
Per ottenere l’ultima versione del software è possibile scaricare direttamente l’ultima build da GitLab.
La versione `master` (stabile) può essere scaricata con:
```bash
wget -O fuss-fucc.deb https://gitlab.fuss.bz.it/fuss/fucc/-/jobs/artifacts/master/raw/dist/fuss-fucc_0.1_all.deb?job=build-buster
```
Mentre la versione `develop` (instabile) può essere scaricata con:
```bash
wget -O fuss-fucc.deb https://gitlab.fuss.bz.it/fuss/fucc/-/jobs/artifacts/develop/raw/dist/fuss-fucc_0.1_all.deb?job=build-buster
```
Fatto ciò è possibile installare FUCC semplicemente con
```bash
dpkg -i fuss-fucc.deb
```
### Da un archivio tgz
Bisogna copiare l'archivio FUCC-XX.tgz sul server (in genere va bene anche la cartella "/tmp").
Una volta effettuato questo passo bisogna estrarre la cartella dall'archivio con il comando:
```bash
tar -C /opt -xvzf FUCC-XX.tgz
```
## Compilare fuss-fucc
Se non si vuole utlizzare la versione buildata in GitLab si può compilare autonomamente una copia di fuss-fucc.
Installare innanzitutto le dipendenze con
```bash
apt-get install -y build-essential debhelper libncurses5-dev libglib2.0-dev libgeoip-dev libtokyocabinet-dev zlib1g-dev libncursesw5-dev libbz2-dev unzip wget squashfs-tools openssh-client
```
e procedere poi alla compilazione vera e propria con (N.B. i comandi vanno eseguiti come root per poter modificare i permessi dello squashfs)
```bash
make full-clean
make rebuild-squashfs
debian/rules binary
```
## Verifica importante (ed eventuale modifica da fare)
Se sul fuss-server la cartella di clonezilla é "/srv/clonezilla" non c'é bisogno di fare nessuna modifica.
Nel caso in cui la cartella fosse un'altra (ad esempio "/var/clonezilla") e si volesse tenere questa bisognerá effettuare delle correzioni ai seguenti file nella cartella FUCC-XX prima di eseguire lo script installFucc.sh.
### File "default"
Questo file contiene i parametri di boot in cui viene specificata la "cartella di clonezilla" (che contiene le immagini per i cloni).
Bisogna cercare la stringa "clonezilla@proxy:/srv/clonezilla" e sostituire "/srv/clonezilla" con la cartella che si vuole usare.
Questa sostituzione é da fare 2 volte in questo file. Una per ogni "menu entry".
### File "installFucc.sh"
Qui bisogna cambiare il valore della variabile "clonezillaFolder" sostituendo il valore "/srv/clonezilla" con quello che si vuole usare.
## Configurazione del cambio automatico della password di root
FUCC è in grado di modificare automaticamente la password di root con una criptata che gli viene passata. Per configurarlo eseguire lo script
```bash
./gen-root-changepassword.sh
```
ed inserire due volte la password di root da dare ai client. Di norma questo script andrebbe eseguito prima di eseguire lo script installFucc.sh ; se doveste aver già eseguito l’installazione di FUCC potete semplicemente copiare il file `new_root_pw` da `clientScripts` nella cartella /srv/clonezilla/clientScripts o vostra equivalente.
## Copia in automatico dei file
Una volta effettuate le verifiche e fatti gli eventuali cambiamenti si puó lanciare lo script installFucc.sh.
## Compilazione della lista dei computer
Nella cartella "/srv/clonezilla" (normalmente cartella standard di clonezilla … meglio controllare!) ora si trova il file computerList.txt in cui bisogna elencare i nomi che si vogliono assegnare ai computer specificando il mac-address, l'immagine di clonezilla che si vuole usare per il computer facendo seguire questa indicazione alla parola "join" se si vuole agganciare il computer in dominio ed eventualmente, come ultimo parametro il nome del cluster, se nel dominio si usano i cluster.
Il file contiene un piccolo esempio.
## Primo lancio sul client
Una volta fatto tutto quanto descritto in precedenza si puó lanciare clonezilla su un computer (in genere si preme il tasto F12 … ma potrebbe variare a seconda del computer) per effettuare la copia delle chiavi ssh.
Quando compare il menu di clonezilla si sceglie la prima volta l'opzione "manuale" (vedi immagine seguente).
![clonezilla boot](images/setup-1.png)
Quindi confermiamo con "yes" (vedi immagine seguente).
![clonezilla boot](images/setup-2.png)
Inseriamo la password dell'utente clonezilla (del server) e confermiamo (vedi immagine seguente).
![clonezilla boot](images/setup-3.png)
A questo punto scegliamo di far partire una "shell" (vedi immagine seguente).
![clonezilla boot](images/setup-4.png)
Al prompt inseriamo il comando:
```bash
ssh-copy-id proxy
```
(vedi immagine seguente)
![clonezilla boot](images/setup-5.png)
Il sistema ci chiederá di inserire la password per l'utente clonezilla e, se si é inserita la password correttamente ci dirá che da ora in poi si potrá fare login senza specificare la password.
Importante! Questa operazione si deve fare una sola volta su un solo computer. Una volta che la chiave é stata copiata sul server questa vale per tutte le operazioni con clonezilla (sul server).
## 7. Reinstallazione di un’aula con FUCC
La procedura più semplice per reinstallare un’aula con FUCC è la seguente:
1. Accendere tutti i computer e, via cssh, verificare che l’ultima versione di octofuss-client sia installata;
2. Eseguire octofuss-client per effettuare un invio manuale dei dati al server;
3. Sul server, eseguire lo script gen-computerList.sh ;
4. Copiare il file list.txt al posto di /srv/clonezilla/computerList.txt
5. Procedere con la reinstallazione. Ai client verrà ridato lo stesso nome di prima e lo stesso cluster.
## 8. NOTA IMPORTANTE PER LE IMMAGINI CLONEZILLA!
Per le operazioni di clonazione in genere si usano le immagini standard messe a disposizione dal "Nucleo Fuss".
Queste immagini hanno la partizione directory radice ("/") nella SECONDA PARTIZIONE del disco fisso e pertanto nel file "script" é stata settata la variabile "rootPartition" con il valore "2"
Se si sceglie di creare proprie immagini con uno schema di partizionamento diverso si deve indicare in suddetta variabile quale é la partizione contenente la directory radice.
Questo deve valere per tutte le immagini che si intendono utilizzare.
File deleted
File deleted
command="if [[ \"$SSH_ORIGINAL_COMMAND\" =~ ^scp[[:space:]]-f ]] || [[ \"$SSH_ORIGINAL_COMMAND\" =~ ^add_client_principal ]] || [[ \"$SSH_ORIGINAL_COMMAND\" =~ rm[[:space:]]/root/ ]]; then $SSH_ORIGINAL_COMMAND; else echo \"Access Denied $SSH_ORIGINAL_COMMAND\"; fi" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFSAosolNwBqREhwepuHhdul0pK/44/NXAGLT+FnVJr22No0OCbIjOpPNp5GMh8YJI+o14+628b+yFwBwsb59f7nQyqbzEuf2AxF/u3L+iNZJpMOe13FqlwcxDq827kLFGss4uC1I3yaiUz5c+yPO4xtfuo6Y6gu6WlDCopGdqtiJkpxCXPIpKOvN2ab2DoUq9acGWBz/dA/avePGzYP5t4T1CihdsabKLIb7UMS6zVTb+9QDEusX/GxntwJJRNYybfO5tJPIoJbRtSffcjUqdSWHtBO8fFaJWMJVRUao5jY7wo4St/ikMM6bvl7TGWeUKh6gsq7ec99ldL2ApZykX root@g450ddd
#!/bin/bash
myNic="$(ls /sys/class/net/ -1 | grep -v lo | grep -v wlan)"
if [ -e /root/reboot ];then
rm /root/reboot
touch /root/join
shutdown -r now
fi
if [ -e /root/cluster ];then
clusterJoin="$(cat /root/cluster)"
fi
if [ -e /root/join ];then
# Following dhclient was necessary inside a virtual(box) environment. Not sure if needed anymore. In case it can be removed or commented.
dhclient $myNic
screen -d -m -S XY
screen -S XY -X stuff "fuss-client -av $clusterJoin && rm /root/join ; reboot\n"
else
rm /etc/rc.local
rm /root/clientScript
rm -fr /root/.ssh
rm /root/cluster
fi
#!/bin/bash
myNic="$(ls /sys/class/net/ -1 | grep -v lo | grep -v wlan)"
if [ -e /root/reboot ]; then
rm /root/reboot
touch /root/join
systemctl reboot
exit 0
fi
if [ -e /root/cluster ]; then
clusterJoin="$(cat /root/cluster)"
fi
if [ -e /root/join ]; then
# Stop the display manager to output on tty7
systemctl stop lightdm
# Change root password
if [ -e /root/new_root_pw ] ; then
echo "root:$(cat /root/new_root_pw)" | chpasswd -e
fi
# Following dhclient was necessary inside a virtual(box) environment. Not sure if needed anymore. In case it can be removed or commented.
dhclient $myNic
screen -d -m -S XY
screen -S XY -X stuff "exec 2>&1 > /dev/tty7\n"
screen -S XY -X stuff "fuss-client -av $clusterJoin && rm /root/join ; reboot\n"
else
rm -fr /root/.ssh
rm -f /etc/rc.local
rm -f /root/clientScript
rm -f /root/cluster
rm -f /root/new_root_pw
fi
......@@ -55,6 +55,30 @@ rootDisk="/dev/$diskVar"
mountPoint="/mnt"
computerList="/home/partimag/computerList.txt"
macAddress=$(getNetStuff 2)
if ! grep $macAddress $computerList; then
dialog --title "FUSS FUCC" --msgbox "Hi,\nunfortunatley, there is no valid configuration to setup this computer. Please go through the next few steps to configure how to install this PC.\nPlease make sure that the file /home/clonezilla/computerList.txt is owned and writable by clonezilla, otherwise we'll not be able to save the informations you're going to enter." 13 70
hostname=$(dialog --title "FUSS FUCC" --inputbox "Please, pick an HOSTNAME for this PC" --output-fd 1 10 70)
images=$(ls -1 /home/partimag|nl)
_img=$(dialog --title "FUSS FUCC" --output-fd 1 --menu "Choose an image to be installed" 15 50 4 $images)
img=$(ls -1 /home/partimag | sed -n "${_img}p")
dialog --title "FUSS FUCC" --msgbox "Set image $img" 13 70
if dialog --title "FUSS FUCC" --yesno "Join this client to the FUSS domain?" 13 70; then
join="join"
else
join="no"
fi
cluster=$(dialog --title "FUSS FUCC" --inputbox "Please, pick a CLUSTER for this PC" --output-fd 1 10 70)
if dialog --title "FUSS FUCC" --yesno "Hostname: $hostname \nMAC: $macAddress \nImage: $img \nJoin: $join \nCluster: $cluster \nContinue?" 13 70; then
echo $hostname $macAddress $img $join $cluster >> $computerList
dialog --title "FUSS FUCC" --msgbox "Configuration completed, now start cloning." 15 70
else
dialog --title "FUSS FUCC" --msgbox "Will now reboot" 13 70
reboot
exit 0
fi
fi
imageName=$(cat $computerList | grep "$macAddress" | awk '{print $3}')
ocs-sr -b -g auto -e1 auto -e2 -r -j2 -scr -p true restoredisk $imageName $diskVar
......@@ -94,6 +118,9 @@ if [ "$joinVar" == "join" ];then
cp /home/partimag/clientScripts/rc.local /mnt/etc/
chmod 770 /mnt/etc/rc.local
cp /home/partimag/clientScripts/clientScript /mnt/root/
if [ -e /home/partimag/clientScripts/new_root_pw ] ; then
cp /home/partimag/clientScripts/new_root_pw /mnt/root/
fi
chmod 770 /mnt/root/clientScript
touch /mnt/root/reboot
fi
......
fuss-fucc (0.1) unstable; urgency=medium
* Initial Release.
-- Marco Marinello <mmarinello@fuss.bz.it> Sun, 11 Aug 2019 12:29:21 +0200
/srv/clonezilla/computerList.txt
Source: fuss-fucc
Section: admin
Priority: optional
Maintainer: Marco Marinello <mmarinello@fuss.bz.it>
Build-Depends: debhelper (>= 11), pandoc
Standards-Version: 4.1.3
Homepage: https://gitlab.fuss.bz.it/fuss/fucc
Vcs-Browser: https://gitlab.fuss.bz.it/fuss/fucc
Vcs-Git: https://gitlab.fuss.bz.it/fuss/fucc.git
Package: fuss-fucc
Architecture: all
Replaces: clonezilla-pxe
Breaks: clonezilla-pxe
Depends: ${misc:Depends}
Description: The FUSS Fully Unattended Clonezilla Cloning
This package installs and configures the FUCC system.
Files: *
Copyright: 2019 Donato Florio <Donato.Florio@scuola.alto-adige.it>
2019 Paolo Dongilli <Paolo.Dongilli@scuola.alto-adige.it>
2019 Marco Marinello <mmarinello@fuss.bz.it>
License: GPL-3.0+
Files: debian/*
Copyright: 2019 Marco Marinello <mmarinello@fuss.bz.it>
License: GPL-3.0+
License: GPL-3.0+
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
.
This package is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
.
On Debian systems, the complete text of the GNU General
Public License version 3 can be found in "/usr/share/common-licenses/GPL-3".
clonezilla/computerList.txt /srv/clonezilla
clonezilla/script /srv/clonezilla
clonezilla/clientScripts /srv/clonezilla
tftp/default /srv/tftp/pxelinux.cfg
live /srv/tftp/clonezilla
utils/clonezilla_live.pub /usr/share/fuss-fucc
utils/gen-computerList.sh /usr/share/fuss-fucc
utils/gen-root-changepassword.sh /usr/share/fuss-fucc
README.md /usr/share/fuss-fucc
README.pdf /usr/share/fuss-fucc
README.txt /usr/share/fuss-fucc
AUTHORS /usr/share/fuss-fucc
LICENSE /usr/share/fuss-fucc
#!/bin/bash
mkdir -p /srv/clonezilla/.ssh
rm -rf /srv/clonezilla/.ssh/*
cp /usr/share/fuss-fucc/clonezilla_live.pub /srv/clonezilla/.ssh/authorized_keys
ssh-keyscan -H proxy > /srv/clonezilla/.ssh/known_hosts 2>/dev/null
# Check if the SSH key already exists, if so check if is in authorized-keys
if [ -e /srv/clonezilla/.ssh/id_rsa.pub ] ; then
if ! grep $(cat /srv/clonezilla/.ssh/id_rsa.pub|cut -d ' ' -f 2) /root/.ssh/authorized_keys 2>&1 > /dev/null ; then
echo 'command="if [[ \"$SSH_ORIGINAL_COMMAND\" =~ ^scp[[:space:]]-f ]] || [[ \"$SSH_ORIGINAL_COMMAND\" =~ ^add_client_principal ]] || [[ \"$SSH_ORIGINAL_COMMAND\" =~ rm[[:space:]]/root/ ]]; then $SSH_ORIGINAL_COMMAND; else echo \"Access Denied $SSH_ORIGINAL_COMMAND\"; fi"' $(cat /srv/clonezilla/.ssh/id_rsa.pub) >> /root/.ssh/authorized_keys
fi
else
# else, generate a new keypair and send it to root's authorized keys
ssh-keygen -t rsa -N "" -f /srv/clonezilla/.ssh/id_rsa -C "root@fuss-fucc"
touch /root/.ssh/authorized_keys
mv /root/.ssh/authorized_keys /root/.ssh/authorized_keys.old
grep -v "root@fuss-fucc" /root/.ssh/authorized_keys.old > /root/.ssh/authorized_keys
echo 'command="if [[ \"$SSH_ORIGINAL_COMMAND\" =~ ^scp[[:space:]]-f ]] || [[ \"$SSH_ORIGINAL_COMMAND\" =~ ^add_client_principal ]] || [[ \"$SSH_ORIGINAL_COMMAND\" =~ rm[[:space:]]/root/ ]]; then $SSH_ORIGINAL_COMMAND; else echo \"Access Denied $SSH_ORIGINAL_COMMAND\"; fi"' $(cat /srv/clonezilla/.ssh/id_rsa.pub) >> /root/.ssh/authorized_keys
fi
chown -R clonezilla. /srv/clonezilla/.ssh
chmod 400 /srv/clonezilla/.ssh/id_rsa*
chown -R clonezilla. /srv/clonezilla/clientScripts
chmod -R 770 /srv/clonezilla/clientScripts
chown clonezilla. /srv/clonezilla/computerList.txt
#!/bin/bash
rm -rf /srv/tftp/pxelinux.cfg/default /srv/tftp/clonezilla
#!/usr/bin/make -f
%: prepare_build
dh $@
prepare_build:
pandoc -o README.txt README.md
pandoc -o README.pdf README.md
rm -rf ./live/squashfs-root
override_dh_fixperms:
dh_fixperms
chmod +x debian/fuss-fucc/srv/clonezilla/script
chmod +x debian/fuss-fucc/srv/clonezilla/clientScripts/clientScript
chmod +x debian/fuss-fucc/srv/clonezilla/clientScripts/rc.local
chmod +x debian/fuss-fucc/usr/share/fuss-fucc/*.sh
debsrc: prepare_build
debuild -us -uc
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAxUgKLKJTcAakRIcHqbh4XbpdKSv+OPzVwBi0/hZ1Sa9tjaND
gmyIzqTzaeRjIfGCSPqNePutvG/shcAcLG+fX+50Mqm8xLn9gMRf7ty/ojWSaTDn
tdxapcHMQ6vNu5CxRrLOLgtSN8molM+XPsjzuMbX7qOmOoLulpQwqKRnarYiZKcQ
lzyKSjrzdmm9g6FKvWnBlgc/3QP2r3jxs2D+beE9QooXbGmyiyG+1DEus1U2/vUA
xLrF/xsZ7cCSUTWMm3zubSTyKCW0bUn33I1KnUlh7QTvHxWiVjCVUVGqOY2O8KOE
rf4pDDOm75e0xlnlCoeoLKu3nPfZXS9gKWcpFwIDAQABAoIBAA2JePFBHjqUqhbt
sQ/rUY8U56mYlDQy3TP2Pg0lW1z4BatvZYWAjw6m8PD2M/szSD5buvNvSaehgnhX
C1fdPPFnOl/zl7lkDcoVL4QDb77gsDA5o9ytxyaSmsKV+mMBdbilMlKkgjrDwqab
bARp45dtRYnhftmK/HYmqwQXa+U9hUfKMbLjumQksbpHBOd14CSCeMYsXWO6Y1Fq
3bAUn5gG6hmehKFIdQCYRZ/15jG/Ci+XfmIW2LC3x+AUEmPii1k+vr6AyUkDDunD
3heWlxrFj2TB/YTFysGBscsY/8fFWyE7T5vzVsmrWlpnW86foixliNQyKwOs6SSz
IxQ3K6ECgYEA8ef0JSXCFwcHit7APSDyh6fzsOBwvH03Dlvs+AjRcRE4V2VFSQsu
Ecv577ePmfz3WVgQe8zVCTLsX68rUeoIPnpfW24rqHPltPbU6ODzcOLuZJ1t+9cl
/2q/1jlY82vEy96+Nae1RI45z5JHnpCSZ95Flku6r9wBsfbssNcMgIcCgYEA0MaB
iUvwcY/gXBH0k+JTPwxuiObvg8R1sWctEn1JRB30UZixlETSTAlfW2xbGL7zBJxh
IjlZpzCwQl1Tlpe9Qoc8qCidMTyvH5RbOMxQFz7JTea1Y/Pk9gQQaL9ZJ7Pugphj
hkkeqvBG6z7uKRxdY43Y6cK2qxX1I7issfopBvECgYBf1T9wc/vnOX6wcjyAOww5
17x/5vpigcyM4LgJLx0iCOtkHBeNr2Mp47/5SqQWIhQvjebB1MzU3xqrcW7c/bUU
Y1BhnUyoaHmo7lw8gdmPcCd3LrMCoSJJhJXJHWDy1k/ZYD3EbdMu/JVEeTPsSmPl
yDWTLB8iSitVwHfWOuuWAwKBgDbyB2V69uzsUL/qedPx3LbbLrwZCzBCpDbsUJBt
KLskpwhSh2neMvqP/Oiyu8bnek3cWjQHo/C8f6b3qOgZR1YbAXvANJ6gufY1tUxd
eTak75XxAgwsRDX7G9Z1haFNWZhFQuw0kj2qvv9qsINhU7K/wjbDaA/e14VvNQQi
MmoBAoGAOER5lSRUoDpRctB5zgWkug92MdPLbL52R2X+JI1pJ6nHNOTXtaHeNhPn
zTraPMBj2i9Ivic9fP2yCYFNuZydGymbeq6w6m5/qv33WZTLXFPADxVV9Zj1VdnC
BUm7u+3SNXSRRHQEZHMzJKlBzk0xKEZ5V8XAJcf3kOhzBOZsmiE=
-----END RSA PRIVATE KEY-----
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFSAosolNwBqREhwepuHhdul0pK/44/NXAGLT+FnVJr22No0OCbIjOpPNp5GMh8YJI+o14+628b+yFwBwsb59f7nQyqbzEuf2AxF/u3L+iNZJpMOe13FqlwcxDq827kLFGss4uC1I3yaiUz5c+yPO4xtfuo6Y6gu6WlDCopGdqtiJkpxCXPIpKOvN2ab2DoUq9acGWBz/dA/avePGzYP5t4T1CihdsabKLIb7UMS6zVTb+9QDEusX/GxntwJJRNYybfO5tJPIoJbRtSffcjUqdSWHtBO8fFaJWMJVRUao5jY7wo4St/ikMM6bvl7TGWeUKh6gsq7ec99ldL2ApZykX root@g450ddd
......@@ -3,7 +3,7 @@ DEFAULT menu.c32
# MENU MASTER PASSWD myPassword
# END ANSIBLE MANAGED (default)
# BEGIN ANSIBLE MANAGED (clonezilla)
timeout 300
timeout 15
label Clonezilla-unattended
MENU LABEL Clonezilla Automatico (Ramdisk)
# MENU PASSWD myPassword
......
#!/bin/bash
IMAGE="fuss9-64bit-2019-08-07-16-img"
LENOVO_IMAGE="001-ThincCentre-500gb-20190801-img"
JOIN="join"
DB="/var/lib/octofuss/octofuss.db"
rm -f list.txt
touch list.txt
PCS=$(sqlite3 $DB <<EOF
select distinct hostname from client_component;
.quit
EOF
)
for fqdn in $PCS; do
client=$(echo $fqdn | cut -d '.' -f 1)
# Check if the host has already been mapped
if ! grep $client list.txt 2>&1 > /dev/null; then
# Find that MAC
MAC=$(sqlite3 $DB <<EOF
select value from client_component where hostname = "$fqdn" and component like "mac%";
.quit
EOF
)
MAC=$(echo $MAC|cut -d ' ' -f 1)
VENDOR=$(sqlite3 $DB <<EOF
select value from client_component where hostname = "$fqdn" and component like "system_vendor";
.quit
EOF
)
VENDOR=$(echo $VENDOR | cut -d ' ' -f 1)
if [ -z "$MAC" ] ; then
echo No mac for $fqdn
else
if ! grep $MAC list.txt 2>&1 > /dev/null ; then
THIS="$IMAGE"
if [ "$VENDOR" = "LENOVO" ] ; then
THIS="$LENOVO_IMAGE"
fi
echo $client $MAC $THIS $JOIN $(grep $client /etc/clusters | head -1 | cut -d ' ' -f 1) >> list.txt
else
echo "$MAC has more than one fqdn ($fqdn)"
fi
fi
fi
done
#!/bin/bash
read -s -p "Clients password: " pw1
echo
read -s -p "Confirm clients password: " pw2
echo
if ! [ "$pw1" = "$pw2" ] ; then
echo "Password mismatch! Please retry"
else
perl -e "print crypt(\"$pw1\", \"salt\")" > clientScripts/new_root_pw
fi
unset pw1
unset pw2
......@@ -28,15 +28,20 @@ if [ -e /root/.ssh/authorized_keys ];then
cp /root/.ssh/authorized_keys /root/.ssh/authorized_keys.BKP-$DATUM
fi
grep root@g450ddd /root/.ssh/authorized_keys >/dev/null
if [ $? -eq 0 ]; then
echo "authorized keys already there"
# Check if the SSH key already exists, if so check if is in authorized-keys
if [ -e $clonezillaFolder/.ssh/id_rsa.pub ] ; then
if ! grep $(cat $clonezillaFolder/.ssh/id_rsa.pub|cut -d ' ' -f 2) /root/.ssh/authorized_keys 2>&1 > /dev/null ; then
echo 'command="if [[ \"$SSH_ORIGINAL_COMMAND\" =~ ^scp[[:space:]]-f ]] || [[ \"$SSH_ORIGINAL_COMMAND\" =~ ^add_client_principal ]] || [[ \"$SSH_ORIGINAL_COMMAND\" =~ rm[[:space:]]/root/ ]]; then $SSH_ORIGINAL_COMMAND; else echo \"Access Denied $SSH_ORIGINAL_COMMAND\"; fi"' $(cat $clonezillaFolder/.ssh/id_rsa.pub) >> /root/.ssh/authorized_keys
fi
else
cat authorizedKeysToAppendToRootOfFussServer >> /root/.ssh/authorized_keys
# else, generate a new keypair and send it to root's authorized keys
mkdir -p $clonezillaFolder/.ssh
ssh-keygen -t rsa -N "" -f $clonezillaFolder/.ssh/id_rsa -C "root@fuss-fucc"
echo 'command="if [[ \"$SSH_ORIGINAL_COMMAND\" =~ ^scp[[:space:]]-f ]] || [[ \"$SSH_ORIGINAL_COMMAND\" =~ ^add_client_principal ]] || [[ \"$SSH_ORIGINAL_COMMAND\" =~ rm[[:space:]]/root/ ]]; then $SSH_ORIGINAL_COMMAND; else echo \"Access Denied $SSH_ORIGINAL_COMMAND\"; fi"' $(cat $clonezillaFolder/.ssh/id_rsa.pub) >> /root/.ssh/authorized_keys
fi
cp -r sshKeysForClonezillaClient $clonezillaFolder/.ssh
ssh-keyscan -H proxy > $clonezillaFolder/.ssh/known_hosts 2>/dev/null
chown -R clonezilla. $clonezillaFolder/.ssh
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment