Merge branch 'develop' into 'master'

Develop

See merge request !1

.gitignore

+clientScripts/new_root_pw
+README.pdf
+README.txt
+vmlinuz
+initrd.img
+filesystem.squashfs
+Clonezilla-Live-Version
+live/squashfs-root
+clonezilla_live.pub
+id_rsa
+id_rsa.pub
+debian/fuss-fucc
+debian/.debhelper/
+debian/debhelper-build-stamp
+debian/files
+debian/fuss-fucc.debhelper.log
+debian/fuss-fucc.substvars

.gitlab-ci.yml

+variables:
+  GIT_DEPTH: 1
+
+# Is performed before the scripts in the stages step
+before_script:
+  - source /etc/profile
+
+# Defines stages which are to be executed
+stages:
+  - clonezilla
+  - packaging
+
+# Stage "build"
+rebuild-squashfs:
+  image: debian:buster
+  stage: clonezilla
+  script:
+    - apt-get update -qy
+    - apt-get install -y build-essential debhelper libncurses5-dev libglib2.0-dev libgeoip-dev libtokyocabinet-dev zlib1g-dev libncursesw5-dev libbz2-dev unzip wget squashfs-tools openssh-client
+    - make full-clean
+    - make rebuild-squashfs
+
+  # The files which are to be made available in GitLab
+  artifacts:
+    paths:
+      - live/Clonezilla-Live-Version
+      - live/filesystem.squashfs
+      - live/initrd.img
+      - live/vmlinuz
+      - utils/clonezilla_live.pub
+
+
+build-buster:
+  image: debian:buster
+  stage: packaging
+  script:
+    - apt-get update -qy
+    - apt-get install -y build-essential debhelper libncurses5-dev libglib2.0-dev libgeoip-dev libtokyocabinet-dev zlib1g-dev libncursesw5-dev libbz2-dev pandoc devscripts texlive
+    - debian/rules debsrc
+    - mkdir dist
+    - cp ../* dist || true
+
+  # The files which are to be made available in GitLab
+  artifacts:
+    paths:
+      - dist
+

AUTHORS

+Donato Florio
+Paolo Dongilli
+Marco Marinello

Makefile

+CLONEZILLA_SOURCE="https://vorboss.dl.sourceforge.net/project/clonezilla/clonezilla_live_stable/2.6.2-15/clonezilla-live-2.6.2-15-i686.zip"
+CLONEZILLA_SAVE_TO="../clonezilla-orig.zip"
+
+
+all: 
+
+
+full-clean:
+	rm -f ${CLONEZILLA_SAVE_TO}
+	rm -rf live
+
+
+download:
+	test -e ${CLONEZILLA_SAVE_TO} || wget -O ${CLONEZILLA_SAVE_TO} ${CLONEZILLA_SOURCE}
+
+
+prepare-clonezilla: download
+	test -e live || unzip ${CLONEZILLA_SAVE_TO} live/*
+	rm -f live/filesystem.packages live/filesystem.packages-remove live/filesystem.size live/freedos.img live/ipxe.efi live/ipxe.lkn live/memtest
+
+
+rebuild-squashfs: prepare-clonezilla
+	useradd clonezilla || true
+	cd live; test -e squashfs-root || unsquashfs filesystem.squashfs
+	cd live/squashfs-root; test -e home/clonezilla/.ssh || mkdir -p home/clonezilla/.ssh
+	cd live/squashfs-root/home/clonezilla/.ssh; test -e id_rsa || ssh-keygen -t rsa -N "" -f id_rsa -C "clonezilla@fucc-live"
+	chmod 700 live/squashfs-root/home/clonezilla/.ssh
+	chmod 600 live/squashfs-root/home/clonezilla/.ssh/id_rsa
+	chmod 644 live/squashfs-root/home/clonezilla/.ssh/id_rsa.pub
+	chown -R clonezilla. live/squashfs-root/home/clonezilla/.ssh
+	cd live; rm -f filesystem.squashfs; mksquashfs squashfs-root filesystem.squashfs -comp zstd
+	rm -f live/squashfs-root/home/clonezilla/.ssh/id_rsa
+	cp live/squashfs-root/home/clonezilla/.ssh/id_rsa.pub utils/clonezilla_live.pub

README.md

+# FUSS FUCC
+
+## Fully Unattended Clonezilla Cloning
+
+
+## Ottenere una copia di FUSS FUCC 
+
+### Da repository
+
+Per ottenere l’ultima versione del software è possibile scaricare direttamente l’ultima build da GitLab.
+
+La versione `master` (stabile) può essere scaricata con:
+
+```bash
+wget -O fuss-fucc.deb https://gitlab.fuss.bz.it/fuss/fucc/-/jobs/artifacts/master/raw/dist/fuss-fucc_0.1_all.deb?job=build-buster
+```
+
+Mentre la versione `develop` (instabile) può essere scaricata con:
+
+```bash
+wget -O fuss-fucc.deb https://gitlab.fuss.bz.it/fuss/fucc/-/jobs/artifacts/develop/raw/dist/fuss-fucc_0.1_all.deb?job=build-buster
+```
+
+Fatto ciò è possibile installare FUCC semplicemente con
+
+```bash
+dpkg -i fuss-fucc.deb
+```
+
+
+### Da un archivio tgz
+
+Bisogna copiare l'archivio FUCC-XX.tgz sul server (in genere va bene anche la cartella "/tmp"). 
+Una volta effettuato questo passo bisogna estrarre la cartella dall'archivio con il comando: 
+
+```bash
+tar -C /opt -xvzf FUCC-XX.tgz 
+```
+
+
+## Compilare fuss-fucc
+
+Se non si vuole utlizzare la versione buildata in GitLab si può compilare autonomamente una copia di fuss-fucc.
+
+Installare innanzitutto le dipendenze con
+
+```bash
+apt-get install -y build-essential debhelper libncurses5-dev libglib2.0-dev libgeoip-dev libtokyocabinet-dev zlib1g-dev libncursesw5-dev libbz2-dev unzip wget squashfs-tools openssh-client
+```
+
+e procedere poi alla compilazione vera e propria con (N.B. i comandi vanno eseguiti come root per poter modificare i permessi dello squashfs)
+
+```bash
+make full-clean
+make rebuild-squashfs
+debian/rules binary
+```
+
+
+## Verifica importante (ed eventuale modifica da fare)
+
+Se sul fuss-server la cartella di clonezilla é "/srv/clonezilla" non c'é bisogno di fare nessuna modifica. 
+Nel caso in cui la cartella fosse un'altra (ad esempio "/var/clonezilla") e si volesse tenere questa bisognerá effettuare delle correzioni ai seguenti file nella cartella FUCC-XX prima di eseguire lo script installFucc.sh.
+
+### File "default"
+
+Questo file contiene i parametri di boot in cui viene specificata la "cartella di clonezilla" (che contiene le immagini per i cloni). 
+Bisogna cercare la stringa "clonezilla@proxy:/srv/clonezilla" e sostituire "/srv/clonezilla" con la cartella che si vuole usare. 
+Questa sostituzione é da fare 2 volte in questo file. Una per ogni "menu entry".
+
+### File "installFucc.sh"
+
+Qui bisogna cambiare il valore della variabile "clonezillaFolder" sostituendo il valore "/srv/clonezilla" con quello che si vuole usare.
+
+
+## Configurazione del cambio automatico della password di root
+
+FUCC è in grado di modificare automaticamente la password di root con una criptata che gli viene passata. Per configurarlo eseguire lo script
+
+```bash
+./gen-root-changepassword.sh
+```
+
+ed inserire due volte la password di root da dare ai client. Di norma questo script andrebbe eseguito prima di eseguire lo script installFucc.sh ; se doveste aver già eseguito l’installazione di FUCC potete semplicemente copiare il file `new_root_pw` da `clientScripts` nella cartella /srv/clonezilla/clientScripts o vostra equivalente.
+
+
+## Copia in automatico dei file
+
+Una volta effettuate le verifiche e fatti gli eventuali cambiamenti si puó lanciare lo script installFucc.sh.
+
+
+## Compilazione della lista dei computer
+
+Nella cartella "/srv/clonezilla" (normalmente cartella standard di clonezilla … meglio controllare!) ora si trova il file computerList.txt in cui bisogna elencare i nomi che si vogliono assegnare ai computer specificando il mac-address, l'immagine di clonezilla che si vuole usare per il computer facendo seguire questa indicazione alla parola "join" se si vuole agganciare il computer in dominio ed eventualmente, come ultimo parametro il nome del cluster, se nel dominio si usano i cluster. 
+Il file contiene un piccolo esempio.
+
+## Primo lancio sul client
+
+Una volta fatto tutto quanto descritto in precedenza si puó lanciare clonezilla su un computer (in genere si preme il tasto F12 … ma potrebbe variare a seconda del computer) per effettuare la copia delle chiavi ssh. 
+Quando compare il menu di clonezilla si sceglie la prima volta l'opzione "manuale" (vedi immagine seguente).
+
+![clonezilla boot](images/setup-1.png)
+
+Quindi confermiamo con "yes" (vedi immagine seguente).
+
+![clonezilla boot](images/setup-2.png)
+
+Inseriamo la password dell'utente clonezilla (del server) e confermiamo (vedi immagine seguente).
+
+![clonezilla boot](images/setup-3.png)
+
+A questo punto scegliamo di far partire una "shell" (vedi immagine seguente).
+
+![clonezilla boot](images/setup-4.png)
+
+Al prompt inseriamo il comando: 
+
+```bash
+ssh-copy-id proxy
+```
+
+(vedi immagine seguente) 
+
+![clonezilla boot](images/setup-5.png)
+
+Il sistema ci chiederá di inserire la password per l'utente clonezilla e, se si é inserita la password correttamente ci dirá che da ora in poi si potrá fare login senza specificare la password. 
+Importante! Questa operazione si deve fare una sola volta su un solo computer. Una volta che la chiave é stata copiata sul server questa vale per tutte le operazioni con clonezilla (sul server). 
+
+
+## 7.  Reinstallazione di un’aula con FUCC
+
+La procedura più semplice per reinstallare un’aula con FUCC è la seguente:
+1. Accendere tutti i computer e, via cssh, verificare che l’ultima versione di octofuss-client sia installata;
+2. Eseguire octofuss-client per effettuare un invio manuale dei dati al server;
+3. Sul server, eseguire lo script gen-computerList.sh ;
+4. Copiare il file list.txt al posto di /srv/clonezilla/computerList.txt
+5. Procedere con la reinstallazione. Ai client verrà ridato lo stesso nome di prima e lo stesso cluster.
+
+
+## 8.  NOTA IMPORTANTE PER LE IMMAGINI CLONEZILLA! 
+Per le operazioni di clonazione in genere si usano le immagini standard messe a disposizione dal "Nucleo Fuss". 
+Queste immagini hanno la partizione directory radice ("/") nella SECONDA PARTIZIONE del disco fisso e pertanto nel file "script" é stata settata la variabile "rootPartition" con il valore "2" 
+Se si sceglie di creare proprie immagini con uno schema di partizionamento diverso si deve indicare in suddetta variabile quale é la partizione contenente la directory radice. 
+Questo deve valere per tutte le immagini che si intendono utilizzare.

authorizedKeysToAppendToRootOfFussServer

-command="if [[ \"$SSH_ORIGINAL_COMMAND\" =~ ^scp[[:space:]]-f ]] || [[ \"$SSH_ORIGINAL_COMMAND\" =~ ^add_client_principal ]] || [[ \"$SSH_ORIGINAL_COMMAND\" =~ rm[[:space:]]/root/ ]]; then $SSH_ORIGINAL_COMMAND; else echo \"Access Denied $SSH_ORIGINAL_COMMAND\"; fi" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFSAosolNwBqREhwepuHhdul0pK/44/NXAGLT+FnVJr22No0OCbIjOpPNp5GMh8YJI+o14+628b+yFwBwsb59f7nQyqbzEuf2AxF/u3L+iNZJpMOe13FqlwcxDq827kLFGss4uC1I3yaiUz5c+yPO4xtfuo6Y6gu6WlDCopGdqtiJkpxCXPIpKOvN2ab2DoUq9acGWBz/dA/avePGzYP5t4T1CihdsabKLIb7UMS6zVTb+9QDEusX/GxntwJJRNYybfO5tJPIoJbRtSffcjUqdSWHtBO8fFaJWMJVRUao5jY7wo4St/ikMM6bvl7TGWeUKh6gsq7ec99ldL2ApZykX root@g450ddd

clientScripts/clientScript

-#!/bin/bash
-
-myNic="$(ls /sys/class/net/ -1 | grep -v lo | grep -v wlan)"
-
-if [ -e /root/reboot ];then
-    rm /root/reboot
-    touch /root/join
-    shutdown -r now
-fi
-
-
-if [ -e /root/cluster ];then
-    clusterJoin="$(cat /root/cluster)"
-fi
-
-
-if [ -e /root/join ];then
-# Following dhclient was necessary inside a virtual(box) environment. Not sure if needed anymore. In case it can be removed or commented.    
-    dhclient $myNic
-    screen -d -m -S XY
-    screen -S XY -X stuff "fuss-client -av $clusterJoin && rm /root/join ; reboot\n"
-else
-    rm /etc/rc.local
-    rm /root/clientScript
-    rm -fr /root/.ssh
-    rm /root/cluster
-fi
-
-
-
-
-

clonezilla/clientScripts/clientScript

+#!/bin/bash
+
+myNic="$(ls /sys/class/net/ -1 | grep -v lo | grep -v wlan)"
+
+if [ -e /root/reboot ]; then
+	rm /root/reboot
+	touch /root/join
+	systemctl reboot
+	exit 0
+fi
+
+
+if [ -e /root/cluster ]; then
+	clusterJoin="$(cat /root/cluster)"
+fi
+
+
+if [ -e /root/join ]; then
+	# Stop the display manager to output on tty7
+	systemctl stop lightdm
+	# Change root password
+	if [ -e /root/new_root_pw ] ; then
+		echo "root:$(cat /root/new_root_pw)" | chpasswd -e
+	fi
+	# Following dhclient was necessary inside a virtual(box) environment. Not sure if needed anymore. In case it can be removed or commented.    
+	dhclient $myNic
+	screen -d -m -S XY
+	screen -S XY -X stuff "exec 2>&1 > /dev/tty7\n"
+	screen -S XY -X stuff "fuss-client -av $clusterJoin && rm /root/join ; reboot\n"
+else
+	rm -fr /root/.ssh
+	rm -f /etc/rc.local
+	rm -f /root/clientScript
+	rm -f /root/cluster
+	rm -f /root/new_root_pw
+fi
+

script → clonezilla/script

@@ -55,6 +55,30 @@ rootDisk="/dev/$diskVar"
 mountPoint="/mnt"
 computerList="/home/partimag/computerList.txt"
 macAddress=$(getNetStuff 2)
+
+if ! grep $macAddress $computerList; then
+	dialog --title "FUSS FUCC" --msgbox "Hi,\nunfortunatley, there is no valid configuration to setup this computer. Please go through the next few steps to configure how to install this PC.\nPlease make sure that the file /home/clonezilla/computerList.txt is owned and writable by clonezilla, otherwise we'll not be able to save the informations you're going to enter." 13 70
+	hostname=$(dialog --title "FUSS FUCC" --inputbox "Please, pick an HOSTNAME for this PC" --output-fd 1 10 70)
+	images=$(ls -1 /home/partimag|nl)
+	_img=$(dialog --title "FUSS FUCC" --output-fd 1 --menu "Choose an image to be installed" 15 50 4 $images)
+	img=$(ls -1 /home/partimag | sed -n "${_img}p")
+	dialog --title "FUSS FUCC" --msgbox "Set image $img" 13 70
+	if dialog --title "FUSS FUCC" --yesno "Join this client to the FUSS domain?" 13 70; then
+		join="join"
+	else
+		join="no"
+	fi
+	cluster=$(dialog --title "FUSS FUCC" --inputbox "Please, pick a CLUSTER for this PC" --output-fd 1 10 70)
+	if dialog --title "FUSS FUCC" --yesno "Hostname: $hostname \nMAC: $macAddress \nImage: $img \nJoin: $join \nCluster: $cluster \nContinue?" 13 70; then
+		echo $hostname $macAddress $img $join $cluster >> $computerList
+		dialog --title "FUSS FUCC" --msgbox "Configuration completed, now start cloning." 15 70
+	else
+		dialog --title "FUSS FUCC" --msgbox "Will now reboot" 13 70
+		reboot
+		exit 0
+	fi
+fi
+
 imageName=$(cat $computerList | grep "$macAddress" | awk '{print $3}')
 
 ocs-sr -b -g auto -e1 auto -e2 -r -j2 -scr -p true restoredisk $imageName $diskVar
@@ -94,6 +118,9 @@ if [ "$joinVar" == "join" ];then
     cp /home/partimag/clientScripts/rc.local /mnt/etc/
     chmod 770 /mnt/etc/rc.local
     cp /home/partimag/clientScripts/clientScript /mnt/root/
+    if [ -e /home/partimag/clientScripts/new_root_pw ] ; then
+        cp /home/partimag/clientScripts/new_root_pw /mnt/root/
+    fi
     chmod 770 /mnt/root/clientScript
     touch /mnt/root/reboot
 fi

debian/changelog

+fuss-fucc (0.1) unstable; urgency=medium
+
+  * Initial Release.
+
+ -- Marco Marinello <mmarinello@fuss.bz.it>  Sun, 11 Aug 2019 12:29:21 +0200

debian/compat

+11

debian/conffiles

+/srv/clonezilla/computerList.txt

debian/control

+Source: fuss-fucc
+Section: admin
+Priority: optional
+Maintainer: Marco Marinello <mmarinello@fuss.bz.it>
+Build-Depends: debhelper (>= 11), pandoc
+Standards-Version: 4.1.3
+Homepage: https://gitlab.fuss.bz.it/fuss/fucc
+Vcs-Browser: https://gitlab.fuss.bz.it/fuss/fucc
+Vcs-Git: https://gitlab.fuss.bz.it/fuss/fucc.git
+
+Package: fuss-fucc
+Architecture: all
+Replaces: clonezilla-pxe
+Breaks: clonezilla-pxe
+Depends: ${misc:Depends}
+Description: The FUSS Fully Unattended Clonezilla Cloning
+ This package installs and configures the FUCC system.

debian/copyright

+Files: *
+Copyright: 2019 Donato Florio <Donato.Florio@scuola.alto-adige.it>
+           2019 Paolo Dongilli <Paolo.Dongilli@scuola.alto-adige.it>
+           2019 Marco Marinello <mmarinello@fuss.bz.it>
+License: GPL-3.0+
+
+Files: debian/*
+Copyright: 2019 Marco Marinello <mmarinello@fuss.bz.it>
+License: GPL-3.0+
+
+License: GPL-3.0+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+ .
+ This package is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ GNU General Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <https://www.gnu.org/licenses/>.
+ .
+ On Debian systems, the complete text of the GNU General
+ Public License version 3 can be found in "/usr/share/common-licenses/GPL-3".
+

debian/install

+clonezilla/computerList.txt	/srv/clonezilla
+clonezilla/script	/srv/clonezilla
+clonezilla/clientScripts	/srv/clonezilla
+
+tftp/default	/srv/tftp/pxelinux.cfg
+live	/srv/tftp/clonezilla
+
+utils/clonezilla_live.pub	/usr/share/fuss-fucc
+utils/gen-computerList.sh	/usr/share/fuss-fucc
+utils/gen-root-changepassword.sh	/usr/share/fuss-fucc
+
+README.md	/usr/share/fuss-fucc
+README.pdf	/usr/share/fuss-fucc
+README.txt	/usr/share/fuss-fucc
+AUTHORS	/usr/share/fuss-fucc
+LICENSE	/usr/share/fuss-fucc

debian/postinst

+#!/bin/bash
+
+mkdir -p /srv/clonezilla/.ssh
+rm -rf /srv/clonezilla/.ssh/*
+cp /usr/share/fuss-fucc/clonezilla_live.pub /srv/clonezilla/.ssh/authorized_keys
+ssh-keyscan -H proxy > /srv/clonezilla/.ssh/known_hosts 2>/dev/null
+
+# Check if the SSH key already exists, if so check if is in authorized-keys
+if [ -e /srv/clonezilla/.ssh/id_rsa.pub ] ; then
+	if ! grep $(cat /srv/clonezilla/.ssh/id_rsa.pub|cut -d ' ' -f 2) /root/.ssh/authorized_keys 2>&1 > /dev/null ; then
+		echo 'command="if [[ \"$SSH_ORIGINAL_COMMAND\" =~ ^scp[[:space:]]-f ]] || [[ \"$SSH_ORIGINAL_COMMAND\" =~ ^add_client_principal ]] || [[ \"$SSH_ORIGINAL_COMMAND\" =~ rm[[:space:]]/root/ ]]; then $SSH_ORIGINAL_COMMAND; else echo \"Access Denied $SSH_ORIGINAL_COMMAND\"; fi"' $(cat /srv/clonezilla/.ssh/id_rsa.pub) >> /root/.ssh/authorized_keys
+	fi
+else
+	# else, generate a new keypair and send it to root's authorized keys
+	ssh-keygen -t rsa -N "" -f /srv/clonezilla/.ssh/id_rsa -C "root@fuss-fucc"
+	touch /root/.ssh/authorized_keys
+	mv /root/.ssh/authorized_keys /root/.ssh/authorized_keys.old
+	grep -v "root@fuss-fucc" /root/.ssh/authorized_keys.old > /root/.ssh/authorized_keys
+	echo 'command="if [[ \"$SSH_ORIGINAL_COMMAND\" =~ ^scp[[:space:]]-f ]] || [[ \"$SSH_ORIGINAL_COMMAND\" =~ ^add_client_principal ]] || [[ \"$SSH_ORIGINAL_COMMAND\" =~ rm[[:space:]]/root/ ]]; then $SSH_ORIGINAL_COMMAND; else echo \"Access Denied $SSH_ORIGINAL_COMMAND\"; fi"' $(cat /srv/clonezilla/.ssh/id_rsa.pub) >> /root/.ssh/authorized_keys
+fi
+
+chown -R clonezilla. /srv/clonezilla/.ssh
+chmod 400 /srv/clonezilla/.ssh/id_rsa*
+chown -R clonezilla. /srv/clonezilla/clientScripts
+chmod -R 770 /srv/clonezilla/clientScripts
+chown clonezilla. /srv/clonezilla/computerList.txt

debian/preinst

+#!/bin/bash
+
+rm -rf /srv/tftp/pxelinux.cfg/default /srv/tftp/clonezilla

debian/rules

+#!/usr/bin/make -f
+
+%: prepare_build
+	dh $@
+
+
+prepare_build:
+	pandoc -o README.txt README.md
+	pandoc -o README.pdf README.md
+	rm -rf ./live/squashfs-root
+
+
+override_dh_fixperms:
+	dh_fixperms
+	chmod +x debian/fuss-fucc/srv/clonezilla/script
+	chmod +x debian/fuss-fucc/srv/clonezilla/clientScripts/clientScript
+	chmod +x debian/fuss-fucc/srv/clonezilla/clientScripts/rc.local
+	chmod +x debian/fuss-fucc/usr/share/fuss-fucc/*.sh
+
+debsrc: prepare_build
+	debuild -us -uc
+

debian/source/format

+3.0 (native)

sshKeysForClonezillaClient/id_rsa

------BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAxUgKLKJTcAakRIcHqbh4XbpdKSv+OPzVwBi0/hZ1Sa9tjaND
-gmyIzqTzaeRjIfGCSPqNePutvG/shcAcLG+fX+50Mqm8xLn9gMRf7ty/ojWSaTDn
-tdxapcHMQ6vNu5CxRrLOLgtSN8molM+XPsjzuMbX7qOmOoLulpQwqKRnarYiZKcQ
-lzyKSjrzdmm9g6FKvWnBlgc/3QP2r3jxs2D+beE9QooXbGmyiyG+1DEus1U2/vUA
-xLrF/xsZ7cCSUTWMm3zubSTyKCW0bUn33I1KnUlh7QTvHxWiVjCVUVGqOY2O8KOE
-rf4pDDOm75e0xlnlCoeoLKu3nPfZXS9gKWcpFwIDAQABAoIBAA2JePFBHjqUqhbt
-sQ/rUY8U56mYlDQy3TP2Pg0lW1z4BatvZYWAjw6m8PD2M/szSD5buvNvSaehgnhX
-C1fdPPFnOl/zl7lkDcoVL4QDb77gsDA5o9ytxyaSmsKV+mMBdbilMlKkgjrDwqab
-bARp45dtRYnhftmK/HYmqwQXa+U9hUfKMbLjumQksbpHBOd14CSCeMYsXWO6Y1Fq
-3bAUn5gG6hmehKFIdQCYRZ/15jG/Ci+XfmIW2LC3x+AUEmPii1k+vr6AyUkDDunD
-3heWlxrFj2TB/YTFysGBscsY/8fFWyE7T5vzVsmrWlpnW86foixliNQyKwOs6SSz
-IxQ3K6ECgYEA8ef0JSXCFwcHit7APSDyh6fzsOBwvH03Dlvs+AjRcRE4V2VFSQsu
-Ecv577ePmfz3WVgQe8zVCTLsX68rUeoIPnpfW24rqHPltPbU6ODzcOLuZJ1t+9cl
-/2q/1jlY82vEy96+Nae1RI45z5JHnpCSZ95Flku6r9wBsfbssNcMgIcCgYEA0MaB
-iUvwcY/gXBH0k+JTPwxuiObvg8R1sWctEn1JRB30UZixlETSTAlfW2xbGL7zBJxh
-IjlZpzCwQl1Tlpe9Qoc8qCidMTyvH5RbOMxQFz7JTea1Y/Pk9gQQaL9ZJ7Pugphj
-hkkeqvBG6z7uKRxdY43Y6cK2qxX1I7issfopBvECgYBf1T9wc/vnOX6wcjyAOww5
-17x/5vpigcyM4LgJLx0iCOtkHBeNr2Mp47/5SqQWIhQvjebB1MzU3xqrcW7c/bUU
-Y1BhnUyoaHmo7lw8gdmPcCd3LrMCoSJJhJXJHWDy1k/ZYD3EbdMu/JVEeTPsSmPl
-yDWTLB8iSitVwHfWOuuWAwKBgDbyB2V69uzsUL/qedPx3LbbLrwZCzBCpDbsUJBt
-KLskpwhSh2neMvqP/Oiyu8bnek3cWjQHo/C8f6b3qOgZR1YbAXvANJ6gufY1tUxd
-eTak75XxAgwsRDX7G9Z1haFNWZhFQuw0kj2qvv9qsINhU7K/wjbDaA/e14VvNQQi
-MmoBAoGAOER5lSRUoDpRctB5zgWkug92MdPLbL52R2X+JI1pJ6nHNOTXtaHeNhPn
-zTraPMBj2i9Ivic9fP2yCYFNuZydGymbeq6w6m5/qv33WZTLXFPADxVV9Zj1VdnC
-BUm7u+3SNXSRRHQEZHMzJKlBzk0xKEZ5V8XAJcf3kOhzBOZsmiE=
------END RSA PRIVATE KEY-----

sshKeysForClonezillaClient/id_rsa.pub

-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFSAosolNwBqREhwepuHhdul0pK/44/NXAGLT+FnVJr22No0OCbIjOpPNp5GMh8YJI+o14+628b+yFwBwsb59f7nQyqbzEuf2AxF/u3L+iNZJpMOe13FqlwcxDq827kLFGss4uC1I3yaiUz5c+yPO4xtfuo6Y6gu6WlDCopGdqtiJkpxCXPIpKOvN2ab2DoUq9acGWBz/dA/avePGzYP5t4T1CihdsabKLIb7UMS6zVTb+9QDEusX/GxntwJJRNYybfO5tJPIoJbRtSffcjUqdSWHtBO8fFaJWMJVRUao5jY7wo4St/ikMM6bvl7TGWeUKh6gsq7ec99ldL2ApZykX root@g450ddd

default → tftp/default

@@ -3,7 +3,7 @@ DEFAULT menu.c32
 # MENU MASTER PASSWD myPassword
 # END ANSIBLE MANAGED (default)
 # BEGIN ANSIBLE MANAGED (clonezilla)
-timeout 300
+timeout 15
 label Clonezilla-unattended
 MENU LABEL Clonezilla Automatico (Ramdisk)
 # MENU PASSWD myPassword

utils/gen-computerList.sh

+#!/bin/bash
+
+IMAGE="fuss9-64bit-2019-08-07-16-img"
+LENOVO_IMAGE="001-ThincCentre-500gb-20190801-img"
+JOIN="join"
+DB="/var/lib/octofuss/octofuss.db"
+
+rm -f list.txt
+touch list.txt
+
+PCS=$(sqlite3 $DB <<EOF
+select distinct hostname from client_component;
+.quit
+EOF
+)
+
+for fqdn in $PCS; do
+        client=$(echo $fqdn | cut -d '.' -f 1)
+        # Check if the host has already been mapped
+        if ! grep $client list.txt 2>&1 > /dev/null; then
+                # Find that MAC
+                MAC=$(sqlite3 $DB <<EOF
+select value from client_component where hostname = "$fqdn" and component like "mac%";
+.quit
+EOF
+)
+                MAC=$(echo $MAC|cut -d ' ' -f 1)
+                VENDOR=$(sqlite3 $DB <<EOF
+select value from client_component where hostname = "$fqdn" and component like "system_vendor";
+.quit
+EOF
+)
+		VENDOR=$(echo $VENDOR | cut -d ' ' -f 1)
+                if [ -z "$MAC" ] ; then
+                        echo No mac for $fqdn
+                else
+			if ! grep $MAC list.txt 2>&1 > /dev/null ; then
+				THIS="$IMAGE"
+				if [ "$VENDOR" = "LENOVO" ] ; then
+					THIS="$LENOVO_IMAGE"
+				fi
+	                        echo $client $MAC $THIS $JOIN $(grep $client /etc/clusters | head -1 | cut -d ' ' -f 1) >> list.txt
+			else
+				echo "$MAC has more than one fqdn ($fqdn)"
+			fi
+                fi
+        fi
+done
+

utils/gen-root-changepassword.sh

+#!/bin/bash
+
+read -s -p "Clients password: " pw1
+echo
+read -s -p "Confirm clients password: " pw2
+echo
+
+if ! [ "$pw1" = "$pw2" ] ; then
+	echo "Password mismatch! Please retry"
+else
+	perl -e "print crypt(\"$pw1\", \"salt\")" > clientScripts/new_root_pw
+fi
+
+unset pw1
+unset pw2

installFucc.sh → utils/installFucc.sh

@@ -28,15 +28,20 @@ if [ -e /root/.ssh/authorized_keys ];then
     cp /root/.ssh/authorized_keys /root/.ssh/authorized_keys.BKP-$DATUM
 fi
 
-grep root@g450ddd /root/.ssh/authorized_keys >/dev/null
 
-if [ $? -eq 0 ]; then
-    echo "authorized keys already there"
+# Check if the SSH key already exists, if so check if is in authorized-keys
+if [ -e $clonezillaFolder/.ssh/id_rsa.pub ] ; then
+	if ! grep $(cat $clonezillaFolder/.ssh/id_rsa.pub|cut -d ' ' -f 2) /root/.ssh/authorized_keys 2>&1 > /dev/null ; then
+		echo 'command="if [[ \"$SSH_ORIGINAL_COMMAND\" =~ ^scp[[:space:]]-f ]] || [[ \"$SSH_ORIGINAL_COMMAND\" =~ ^add_client_principal ]] || [[ \"$SSH_ORIGINAL_COMMAND\" =~ rm[[:space:]]/root/ ]]; then $SSH_ORIGINAL_COMMAND; else echo \"Access Denied $SSH_ORIGINAL_COMMAND\"; fi"' $(cat $clonezillaFolder/.ssh/id_rsa.pub) >> /root/.ssh/authorized_keys
+	fi
 else
-    cat authorizedKeysToAppendToRootOfFussServer >> /root/.ssh/authorized_keys    
+	# else, generate a new keypair and send it to root's authorized keys
+	mkdir -p $clonezillaFolder/.ssh
+	ssh-keygen -t rsa -N "" -f $clonezillaFolder/.ssh/id_rsa -C "root@fuss-fucc"
+	echo 'command="if [[ \"$SSH_ORIGINAL_COMMAND\" =~ ^scp[[:space:]]-f ]] || [[ \"$SSH_ORIGINAL_COMMAND\" =~ ^add_client_principal ]] || [[ \"$SSH_ORIGINAL_COMMAND\" =~ rm[[:space:]]/root/ ]]; then $SSH_ORIGINAL_COMMAND; else echo \"Access Denied $SSH_ORIGINAL_COMMAND\"; fi"' $(cat $clonezillaFolder/.ssh/id_rsa.pub) >> /root/.ssh/authorized_keys
 fi
 
-cp -r sshKeysForClonezillaClient $clonezillaFolder/.ssh
+ssh-keyscan -H proxy > $clonezillaFolder/.ssh/known_hosts 2>/dev/null
 
 chown -R clonezilla. $clonezillaFolder/.ssh