Compare commits

..

No commits in common. "bdd7f9837946b617474f3a2d7a2f729137fdc6ef" and "66a965e4669bc6d3503f9a9535b0329a80ef1a3f" have entirely different histories.

7 changed files with 336 additions and 119 deletions

3
.gitignore vendored
View File

@ -1,11 +1,10 @@
.apt-mirror-config .apt-mirror-config
.customDocker.sh .customDocker.sh
.customVM.sh
.proxy-config .proxy-config
.vagrant .vagrant
DEADJOE DEADJOE
Vagrantfile
/files/log /files/log
/files/kaz/download /files/kaz/download
/files/kaz/git /files/kaz/git
/files/kaz/log /files/kaz/log
/files/customVM.sh

View File

@ -20,6 +20,10 @@ Nous utilisons :
Vous avez besoin de [vagrant](https://www.vagrantup.com/), [VirtualBox](https://www.virtualbox.org/) et éventuellement git. Vous avez besoin de [vagrant](https://www.vagrantup.com/), [VirtualBox](https://www.virtualbox.org/) et éventuellement git.
UDP/53 ne doit pas être filtré depuis votre poste (par un firewall d'entreprise par exemple). Pour tester:
```bash
# dig @80.67.169.12 www.kaz.bzh
```
## Installation ## Installation
@ -30,14 +34,18 @@ git clone git+ssh://git@git.kaz.bzh:2202/KAZ/kaz-vagrant.git # pour contribuer
cd kaz-vagrant/ cd kaz-vagrant/
git switch develop-snster # dans les 2 cas git switch develop-snster # dans les 2 cas
``` ```
* (Optionnel) Ajustez éventuellement la mémoire et les cpus utilisés dans Vagrantfile (par défaut 4GB et 2 vCPUs) * Personalisez votre simulateur avec la commande (au besoin ajustez la mémoire et les cpus utilisés dans Vagrantfile) :
```bash
vagrant plugin install vagrant-disksize
vagrant plugin install vagrant-vbguest
./init.sh # vous pouvez laisser les choix par défaut
```
* Pour créer tout l'univers Kaz il faut se placer dans le répertoire et lancer la commande : * Pour créer tout l'univers Kaz il faut se placer dans le répertoire et lancer la commande :
```bash ```bash
vagrant up vagrant up
``` ```
Cette étape peut-être (très) longue. Notamment, la construction de kaz-prod se fait dans un conteneur LXC, dans lequel les overlays docker passent par un filesystem plus lent qu'en natif... Comptez entre 40 minutes et quelques heures, selon la connexion réseau et les performances de la machine. Cette étape peut-être (très) longue. Notamment, la construction de kaz-prod se fait dans un conteneur LXC, dans lequel les overlays docker passent par un filesystem FUSE beaucoup plus lent qu'en natif...
## Mise au point ## Mise au point

50
Vagrantfile vendored
View File

@ -1,50 +0,0 @@
# coding: utf-8
# -*- mode: ruby -*-
# vi: set ft=ruby :
unless Vagrant.has_plugin?("vagrant-disksize")
raise Vagrant::Errors::VagrantError.new, "vagrant-disksize plugin is missing. Please install it using 'vagrant plugin install vagrant-disksize' and rerun 'vagrant up'"
end
# All Vagrant configuration is done below. The "2" in Vagrant.configure
# configures the configuration version (we support older styles for
# backwards compatibility). Please don't change it unless you know what
# you're doing.
Vagrant.configure("2") do |config|
required_plugins = %w( vagrant-vbguest vagrant-disksize )
_retry = false
required_plugins.each do |plugin|
unless Vagrant.has_plugin? plugin
system "vagrant plugin install #{plugin}"
_retry=true
end
end
if (_retry)
exec "vagrant " + ARGV.join(' ')
end
config.vm.box = "debian/bullseye64"
config.vm.hostname = 'kaz-vm'
config.disksize.size = '32GB'
config.vm.provider "virtualbox" do |vb|
vb.memory = "4096"
vb.cpus = "2"
vb.name = "kaz-vm"
vb.customize ["modifyvm", :id, "--vram", "64", "--clipboard-mode", "bidirectional", '--graphicscontroller', 'vmsvga', '--natnet1', '192.168.64.0/24']
vb.gui = true
end
#permet d'avoir un répertoire partagé entre la VM et le host
config.vm.synced_folder "/tmp/", "/tmp_host"
config.vm.synced_folder "files/", "/root/kaz-vagrant"
config.vm.provision "shell" do |s|
s.inline = "/vagrant/files/vm-provision.sh"
s.env = {"KAZGUARD" => "true", "HOSTLANG" => ENV['LANG'], "NOKAZ" => ENV['NOKAZ'], "KAZBRANCH" => ENV['KAZBRANCH']}
end
end

95
Vagrantfile.dist Normal file
View File

@ -0,0 +1,95 @@
# coding: utf-8
# -*- mode: ruby -*-
# vi: set ft=ruby :
unless Vagrant.has_plugin?("vagrant-disksize")
raise Vagrant::Errors::VagrantError.new, "vagrant-disksize plugin is missing. Please install it using 'vagrant plugin install vagrant-disksize' and rerun 'vagrant up'"
end
# All Vagrant configuration is done below. The "2" in Vagrant.configure
# configures the configuration version (we support older styles for
# backwards compatibility). Please don't change it unless you know what
# you're doing.
Vagrant.configure("2") do |config|
required_plugins = %w( vagrant-vbguest vagrant-disksize )
_retry = false
required_plugins.each do |plugin|
unless Vagrant.has_plugin? plugin
system "vagrant plugin install #{plugin}"
_retry=true
end
end
if (_retry)
exec "vagrant " + ARGV.join(' ')
end
config.vm.box = "debian/bullseye64"
config.vm.hostname = 'kaz-vm'
config.disksize.size = '32GB'
# Disable automatic box update checking. If you disable this, then
# boxes will only be checked for updates when the user runs
# `vagrant box outdated`. This is not recommended.
# config.vm.box_check_update = false
# Create a forwarded port mapping which allows access to a specific port
# within the machine from a port on the host machine. In the example below,
# accessing "localhost:8080" will access port 80 on the guest machine.
# config.vm.network "forwarded_port", guest: 80, host: 8080
# Create a private network, which allows host-only access to the machine
# using a specific IP.
# config.vm.network "private_network", ip: "192.168.33.10"
# Create a public network, which generally matched to bridged network.
# Bridged networks make the machine appear as another physical device on
# your network.
# config.vm.network "public_network"
# Share an additional folder to the guest VM. The first argument is
# the path on the host to the actual folder. The second argument is
# the path on the guest to mount the folder. And the optional third
# argument is a set of non-required options.
# config.vm.synced_folder "data", "/vagrant_data"
# config.vm.synced_folder "..", "/root/mi-lxc", create:true, type:"rsync",
# rsync__exclude: [".git/", "zzlocal/", "vagrant/"]
# Provider-specific configuration so you can fine-tune various
# backing providers for Vagrant. These expose provider-specific options.
# Example for VirtualBox:
#
config.vm.provider "virtualbox" do |vb|
# # Display the VirtualBox GUI when booting the machine
# vb.gui = true
#
# # Customize the amount of memory on the VM:
vb.memory = "4096"
vb.cpus="2"
vb.name = "kaz-vm"
vb.customize ["modifyvm", :id, "--vram", "64", "--clipboard-mode", "bidirectional", '--graphicscontroller', 'vmsvga', '--natnet1', '192.168.64.0/24']
vb.gui = true
end
# Define a Vagrant Push strategy for pushing to Atlas. Other push strategies
# such as FTP and Heroku are also available. See the documentation at
# https://docs.vagrantup.com/v2/push/atlas.html for more information.
# config.push.define "atlas" do |push|
# push.app = "YOUR_ATLAS_USERNAME/YOUR_APPLICATION_NAME"
# end
# Enable provisioning with a shell script. Additional provisioners such as
# Puppet, Chef, Ansible, Salt, and Docker are also available. Please see the
# documentation for more information about their specific syntax and use.
#permet d'avoir un répertoire partagé entre la VM et le host
config.vm.synced_folder "/tmp/", "/tmp_host"
config.vm.synced_folder "files/", "/root/kaz-vagrant"
config.vm.provision "shell" do |s|
s.inline = "/vagrant/files/vm-provision.sh"
s.env = {"KAZGUARD" => "true", "HOSTLANG" => ENV['LANG'], "NOKAZ" => ENV['NOKAZ'], "KAZBRANCH" => ENV['KAZBRANCH']}
end
end

View File

@ -80,27 +80,6 @@ fi
echo -e '#!/bin/sh\n/kaz/bin/container.sh start' >> /etc/rc.local echo -e '#!/bin/sh\n/kaz/bin/container.sh start' >> /etc/rc.local
chmod +x /etc/rc.local chmod +x /etc/rc.local
# On sauve le proxy APT
proxy=$(/sbin/ip route | awk '/default/ { print $3 }' | head -1)
sed -i -e "s/^proxy.*$/proxy=$proxy/" /usr/local/sbin/detect_proxy.sh
#echo "export http_proxy=\"http://$proxy:3142\"" > /etc/profile.d/proxy.sh
#echo "export https_proxy=\"http://$proxy:3142\"" >> /etc/profile.d/proxy.sh
mkdir /root/.docker
echo "{
\"proxies\":
{
\"default\":
{
\"httpProxy\": \"http://$proxy:3142\",
\"httpsProxy\": \"http://$proxy:3142\",
\"noProxy\": \"*.sns,127.0.0.0/8\"
}
}
}" > /root/.docker/config.json
echo "http_proxy=\"http://$proxy:3142\"
https_proxy=\"http://$proxy:3142\"
" >> /etc/default/docker
# clear apt cache # clear apt cache
DEBIAN_FRONTEND=noninteractive apt-get autoremove -y DEBIAN_FRONTEND=noninteractive apt-get autoremove -y
DEBIAN_FRONTEND=noninteractive apt-get clean DEBIAN_FRONTEND=noninteractive apt-get clean

View File

@ -15,44 +15,52 @@ mkdir -p "${VAGRANT_SRC_DIR}/log/"
export DebugLog="${VAGRANT_SRC_DIR}/log/log-vagrant-$(date +%y-%m-%d-%T)-" export DebugLog="${VAGRANT_SRC_DIR}/log/log-vagrant-$(date +%y-%m-%d-%T)-"
( (
echo "########## ********** Start Vagrant $(date +%D-%T)" echo "########## ********** Start Vagrant $(date +%D-%T)"
#pour la résolution de noms dans /etc/hosts
SERVICES_LIST="smtp mail ldap www depot tableur pad webmail sondage garradin test-garradin wiki git agora cloud office cachet quotas"
# Copie de qques fichiers # Copie de qques fichiers
cp "${VAGRANT_SRC_DIR}/keyboard" /etc/default/keyboard cp "${VAGRANT_SRC_DIR}/keyboard" /etc/default/keyboard
# gestions sources.list sysctl -w net.ipv4.ip_forward=1
# MAJ et install
sed -i -e 's/main.*/main contrib non-free/' /etc/apt/sources.list sed -i -e 's/main.*/main contrib non-free/' /etc/apt/sources.list
sed -i -e 's/https:/http:/' /etc/apt/sources.list if [ -f "${VAGRANT_SRC_DIR}/.apt-mirror-config" ]; then
apt-get --allow-releaseinfo-change update # pour ceux qui disposent d'un cache apt local et pas la fibre
# suffit d'indiquer "host:port" dans le fichier ".apt-mirror-config"
# Cache APT . "${VAGRANT_SRC_DIR}/.apt-mirror-config"
#DEBIAN_FRONTEND=noninteractive apt-get install -y apt-cacher # apt-cacher-ng does not work well on bullseye sed -i \
#echo "allowed_hosts = *" >> /etc/apt-cacher/apt-cacher.conf -e "s%s\?://deb.debian.org%://${APT_MIRROR_DEBIAN}%g" \
#service apt-cacher restart -e "s%s\?://security.debian.org%://${APT_MIRROR_DEBIAN_SECURITY}%g" \
DEBIAN_FRONTEND=noninteractive apt-get install -y squid -e "s%s\?://archive.ubuntu.com%://${APT_MIRROR_UBUNTU}%g" \
sed -i -e "s/#http_access allow localnet/http_access allow localnet/" /etc/squid/squid.conf -e "s%s\?://security.ubuntu.com%://${APT_MIRROR_UBUNTU_SECURITY}%g" \
echo "cache_dir aufs /var/spool/squid 5000 14 256 /etc/apt/sources.list
http_port 3142" >> /etc/squid/squid.conf
service squid restart
echo "Acquire::http::Proxy \"http://127.0.0.1:3142\";" > /etc/apt/apt.conf.d/01proxy; # utilisation de apt-cacher-ng
# Ajouter http://www.squid-cache.org/Doc/config/cache_peer/ à squid pour un proxy upstream
# Pour le confort de chacun, un customVM.sh optionnel
if [ -f "${VAGRANT_SRC_DIR}/customVM.sh" ]; then
bash "${VAGRANT_SRC_DIR}/customVM.sh"
fi fi
# MAJ et Install DEBIAN_FRONTEND=noninteractive apt-get --allow-releaseinfo-change update
DEBIAN_FRONTEND=noninteractive apt-get -y upgrade DEBIAN_FRONTEND=noninteractive apt-get -y upgrade
DEBIAN_FRONTEND=noninteractive apt-get -y dist-upgrade DEBIAN_FRONTEND=noninteractive apt-get -y dist-upgrade
DEBIAN_FRONTEND=noninteractive apt-get install -y apg curl git sudo unzip rsync firefox-esr tcpdump net-tools mousepad wireshark swapspace whois python3-lxc lxc python3-pygraphviz python3-pil python3-yaml imagemagick btrfs-progs # could be with --no-install-recommends DEBIAN_FRONTEND=noninteractive apt-get install -y apg curl git sudo unzip rsync firefox-esr tcpdump net-tools mousepad wireshark swapspace whois ldap-utils python3-lxc lxc python3-pygraphviz python3-pil python3-yaml imagemagick btrfs-progs # could be with --no-install-recommends
DEBIAN_FRONTEND=noninteractive apt-get install -y xfce4 lightdm xfce4-terminal xserver-xorg gitk # needs to install recommends DEBIAN_FRONTEND=noninteractive apt-get install -y xfce4 lightdm xfce4-terminal xserver-xorg gitk # needs to install recommends
ssh-keygen -t rsa -b 4096 -N '' <<<$'\ny' ssh-keygen -t rsa -b 4096 -N '' <<<$'\ny'
rsync /root/.ssh/id_rsa.pub /root/.ssh/authorized_keys rsync /root/.ssh/id_rsa.pub /root/.ssh/authorized_keys
# Pour le confort de chacun
# Le fihcier .customDocker.sh contient
# DEBIAN_FRONTEND=noninteractive apt-get install -y joe
# DEBIAN_FRONTEND=noninteractive apt-get install -y emacs
# DEBIAN_FRONTEND=noninteractive apt-get install -y vim
if [ -f "${VAGRANT_SRC_DIR}/.customDocker.sh" ]; then
chmod a+x "${VAGRANT_SRC_DIR}/.customDocker.sh"
"${VAGRANT_SRC_DIR}/.customDocker.sh"
fi
# Localisation du $LANG, en par défaut, timezone Paris # Localisation du $LANG, en par défaut, timezone Paris
if [ -z "${HOSTLANG}" ] ; then if [ -z "${HOSTLANG}" ] ; then
HOSTLANG="en_US.UTF-8" HOSTLANG="en_US.UTF-8"
fi fi
echo "Europe/Paris" > /etc/timezone echo "Europe/Paris" > /etc/timezone
ln -sf /usr/share/zoneinfo/Europe/Paris /etc/localtime ln -sf /usr/share/zoneinfo/Europe/Paris /etc/localtime
@ -63,33 +71,38 @@ http_port 3142" >> /etc/squid/squid.conf
dpkg-reconfigure --frontend=noninteractive locales || true # don't fail for a locales problem dpkg-reconfigure --frontend=noninteractive locales || true # don't fail for a locales problem
update-locale LANG=${HOSTLANG} || true # don't fail for a locales problem update-locale LANG=${HOSTLANG} || true # don't fail for a locales problem
# Creation des utilisateurs
echo -e "\n #### create user\n" echo -e "\n #### create user\n"
# Creation des utilisateurs
usermod -p $(mkpasswd --method=sha-512 root) root usermod -p $(mkpasswd --method=sha-512 root) root
useradd -m -s "/bin/bash" -p $(mkpasswd --method=sha-512 debian) debian || true # don't fail if user already exists useradd -m -s "/bin/bash" -p $(mkpasswd --method=sha-512 debian) debian || true # don't fail if user already exists
# augmentation de la taille de /run si lowmem
#echo "tmpfs /run tmpfs nosuid,noexec,size=26M 0 0" >> /etc/fstab
#mount -o remount /run
# Désactivation de la mise en veille de l'écran # Désactivation de la mise en veille de l'écran
mkdir -p /etc/X11/xorg.conf.d/ mkdir -p /etc/X11/xorg.conf.d/
rsync -a "${VAGRANT_SRC_DIR}/10-monitor.conf" /etc/X11/xorg.conf.d/ rsync -a "${VAGRANT_SRC_DIR}/10-monitor.conf" /etc/X11/xorg.conf.d/
# mv /etc/xdg/autostart/light-locker.desktop /etc/xdg/autostart/light-locker.desktop.bak # mv /etc/xdg/autostart/light-locker.desktop /etc/xdg/autostart/light-locker.desktop.bak
DEBIAN_FRONTEND=noninteractive apt-get remove --purge -y light-locker DEBIAN_FRONTEND=noninteractive apt-get remove --purge -y light-locker
#faut virer exim, inutile #faut virer exim, il fout la grouille avec le docker postfix
DEBIAN_FRONTEND=noninteractive apt-get remove --purge -y exim4-base exim4-config exim4-daemon-light DEBIAN_FRONTEND=noninteractive apt-get remove --purge -y exim4-base exim4-config exim4-daemon-light
#login ssh avec mot de passe #login ssh avec mot de passe
sed -i "s/PasswordAuthentication no/PasswordAuthentication yes/" /etc/ssh/sshd_config sed -i "s/PasswordAuthentication no/PasswordAuthentication yes/" /etc/ssh/sshd_config
if ! grep -q "PasswordAuthentication yes" /etc/ssh/sshd_config 2>/dev/null; then if ! grep -q "PasswordAuthentication yes" /etc/ssh/sshd_config 2>/dev/null; then
echo "PasswordAuthentication yes" >> /etc/ssh/sshd_config echo "PasswordAuthentication yes" >> /etc/ssh/sshd_config
fi fi
# autorisation du routing et augmentation inotify # autorisation du routing et augmentation inotify
if ! grep -q "net.ipv4.ip_forward" /etc/sysctl.conf 2>/dev/null; then if ! grep -q "net.ipv4.ip_forward" /etc/sysctl.conf 2>/dev/null; then
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
fi fi
sed -i "s/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/" /etc/sysctl.conf sed -i "s/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/" /etc/sysctl.conf
if ! grep -q "fs.inotify.max_queued_events" /etc/sysctl.conf 2>/dev/null; then if ! grep -q "fs.inotify.max_queued_events" /etc/sysctl.conf 2>/dev/null; then
echo -e "fs.inotify.max_queued_events=1048576\nfs.inotify.max_user_instances=1048576\nfs.inotify.max_user_watches=1048576" >> /etc/sysctl.conf echo -e "fs.inotify.max_queued_events=1048576\nfs.inotify.max_user_instances=1048576\nfs.inotify.max_user_watches=1048576" >> /etc/sysctl.conf
fi fi
sysctl -p sysctl -p
@ -115,45 +128,50 @@ EOF
mkdir -p $(dirname "${TERM_CFG}") mkdir -p $(dirname "${TERM_CFG}")
touch "${TERM_CFG}" touch "${TERM_CFG}"
if ! grep -q "ShortcutsNoMnemonics" "${TERM_CFG}" 2>/dev/null; then if ! grep -q "ShortcutsNoMnemonics" "${TERM_CFG}" 2>/dev/null; then
echo -e "[Configuration]\nShortcutsNoMnemonics=TRUE" >> "${TERM_CFG}" echo -e "[Configuration]\nShortcutsNoMnemonics=TRUE" >> "${TERM_CFG}"
fi fi
# free swapspace at shutdown
echo -e "\n #### set swapspace\n" echo -e "\n #### set swapspace\n"
# free swapspace at shutdown
sed -i -e 's/ExecStart=\/usr\/sbin\/swapspace/ExecStart=\/usr\/sbin\/swapspace\nExecStop=\/usr\/sbin\/swapspace -e/' /lib/systemd/system/swapspace.service sed -i -e 's/ExecStart=\/usr\/sbin\/swapspace/ExecStart=\/usr\/sbin\/swapspace\nExecStop=\/usr\/sbin\/swapspace -e/' /lib/systemd/system/swapspace.service
systemctl daemon-reload systemctl daemon-reload
# limit journald log size # limit journald log size
mkdir -p /etc/systemd/journald.conf.d mkdir -p /etc/systemd/journald.conf.d
if [ ! -f /etc/systemd/journald.conf.d/sizelimit.conf ]; then if [ ! -f /etc/systemd/journald.conf.d/sizelimit.conf ]; then
cat > /etc/systemd/journald.conf.d/sizelimit.conf <<EOF cat > /etc/systemd/journald.conf.d/sizelimit.conf <<EOF
[Journal] [Journal]
SystemMaxUse=20M SystemMaxUse=20M
SystemMaxFileSize=2M SystemMaxFileSize=2M
EOF EOF
fi fi
# CA et certifs avec mkcert #***********DEBUT CERTIF*******************
#*****************ATTENTION: MARCHE PAS (il faut accepter toutes les exceptions de sécurité
echo -e "\n #### mkcert\n" echo -e "\n #### mkcert\n"
# Récupérer mkcert et générer la CA
DEBIAN_FRONTEND=noninteractive apt-get install -y libnss3-tools DEBIAN_FRONTEND=noninteractive apt-get install -y libnss3-tools
mkdir -p /root/mkcert mkdir -p /root/mkcert
cd /root/mkcert cd /root/mkcert
if [ ! -f mkcert ]; then if [ ! -f mkcert ]; then
wget https://github.com/FiloSottile/mkcert/releases/download/v1.4.3/mkcert-v1.4.3-linux-amd64 -O mkcert wget https://github.com/FiloSottile/mkcert/releases/download/v1.4.3/mkcert-v1.4.3-linux-amd64 -O mkcert
chmod +x mkcert chmod +x mkcert
mkdir -p /etc/letsencrypt/local/ mkdir -p /etc/letsencrypt/local/
export CAROOT=/etc/letsencrypt/local/ export CAROOT=/etc/letsencrypt/local/
/root/mkcert/mkcert -install # CA dans /etc/letsencrypt/local/ /root/mkcert/mkcert -install # CA dans /etc/letsencrypt/local/
cd "${CAROOT}" cd "${CAROOT}"
/root/mkcert/mkcert "*.kaz.sns" # cert et clé dans /etc/letsencrypt/local/ /root/mkcert/mkcert "*.kaz.sns" # cert et clé dans /etc/letsencrypt/local/
mkdir -p /etc/letsencrypt/live/kaz.sns/ mkdir -p /etc/letsencrypt/live/kaz.sns/
ln -s ../../local/_wildcard.kaz.sns.pem /etc/letsencrypt/live/kaz.sns/fullchain.pem ln -s ../../local/_wildcard.kaz.sns.pem /etc/letsencrypt/live/kaz.sns/fullchain.pem
ln -s ../../local/_wildcard.kaz.sns-key.pem /etc/letsencrypt/live/kaz.sns/privkey.pem ln -s ../../local/_wildcard.kaz.sns-key.pem /etc/letsencrypt/live/kaz.sns/privkey.pem
fi fi
#***********FIN CERTIF*******************
# clear apt cache # clear apt cache
DEBIAN_FRONTEND=noninteractive apt-get autoremove -y DEBIAN_FRONTEND=noninteractive apt-get autoremove -y
DEBIAN_FRONTEND=noninteractive apt-get clean DEBIAN_FRONTEND=noninteractive apt-get clean
@ -173,16 +191,22 @@ EOF
mkfs.btrfs -f /root/btrfs.img mkfs.btrfs -f /root/btrfs.img
echo "/root/btrfs.img /var/lib/lxc btrfs loop 0 0" >> /etc/fstab echo "/root/btrfs.img /var/lib/lxc btrfs loop 0 0" >> /etc/fstab
mount /var/lib/lxc mount /var/lib/lxc
#losetup -f /root/btrfs.img
#mount /dev/loop0 /var/lib/lxc
sed -i -e "s/template=self.template/template=self.template, bdevtype='btrfs'/" /usr/local/lib/python3.9/dist-packages/backends/LxcBackend.py sed -i -e "s/template=self.template/template=self.template, bdevtype='btrfs'/" /usr/local/lib/python3.9/dist-packages/backends/LxcBackend.py
# SNSTER KAZ # SNSTER KAZ
# cp -ar ${VAGRANT_SRC_DIR}/templates /root
cp -ar ${VAGRANT_SRC_DIR}/snster-kaz /root cp -ar ${VAGRANT_SRC_DIR}/snster-kaz /root
# crypto keys # crypto keys
cp -ar /etc/letsencrypt /root/snster-kaz/kaz/prod/ cp -ar /etc/letsencrypt /root/snster-kaz/kaz/prod/
cp -ar /etc/letsencrypt /root/snster-kaz/isp-a/home/ cp -ar /etc/letsencrypt /root/snster-kaz/isp-a/home/
# On lie le filesystem de kaz-prod dans le /kaz de la VM pour le dév # On monte le filesystem de kaz-prod dans le /kaz de la VM pour le dév (en nofail)
# mkdir /kaz-prod /kaz
# echo "overlay /kaz-prod overlay lowerdir=/var/lib/lxc/sr-masters-bullseye/rootfs,upperdir=/var/lib/lxc/kaz-kaz-prod/overlay/delta,workdir=/var/lib/lxc/kaz-kaz-prod/overlay/work,nofail 0 0" >> /etc/fstab
# echo "/kaz-prod/kaz /kaz none bind,nofail 0 0" >> /etc/fstab
ln -s /var/lib/lxc/kaz-kaz-prod/rootfs/ /kaz-prod ln -s /var/lib/lxc/kaz-kaz-prod/rootfs/ /kaz-prod
ln -s /kaz-prod/kaz /kaz ln -s /kaz-prod/kaz /kaz

162
init.sh Executable file
View File

@ -0,0 +1,162 @@
#!/bin/bash
### Personalisation de la VM
cd "$(dirname $0)"
BOLD=''
RED=''
GREEN=''
YELLOW=''
BLUE=''
MAGENTA=''
CYAN=''
NC='' # No Color
NL='
'
mkdir -p ./files/kaz/log/ ./files/kaz/download/ ./files/kaz/git/
chmod a+rxw ./files/kaz/log/ ./files/kaz/download/ ./files/kaz/git/
cp Vagrantfile.dist Vagrantfile
OLD_MEN=$(grep vb.memory Vagrantfile | sed -e 's%.*vb.memory\s*=\s*"\([^"]*\)".*%\1%')
OLD_CUPS=$(grep vb.cpus Vagrantfile | sed -e 's%.*vb.cpus\s*=\s*"\([^"]*\)".*%\1%')
MEM=$(expr $(head -1 /proc/meminfo | awk '{print $2}') / 4096)
CUP=$(expr $(nproc) / 2)
cat <<EOF
${GREEN}${BOLD}
MEM: ${OLD_MEN} => ${MEM}
CUP: ${OLD_CUPS} => ${CUP}
${NC}
Update './Vagrantfile'
EOF
sed -i Vagrantfile \
-e 's%vb.memory\s*=\s*"[^"]*"%vb.memory = "'${MEM}'"%' \
-e 's%vb.cpus\s*=\s*"[^"]*"%vb.cpus = "'${CUP}'"%'
APT_CONF="files/.apt-mirror-config"
if [ -f "${APT_CONF}" ]; then
. "${APT_CONF}"
fi
### Personalisation d'un cache apt
if [ -z "${APT_MIRROR_DEBIAN}" ]; then
APT_MIRROR_DEBIAN=$(grep "deb\s.*/debian[^-]" /etc/apt/sources.list | head -1 | sed -e "s%.*deb\s.*://\([^/]*\)/debian.*%\1%")
fi
if [ -z "${APT_MIRROR_DEBIAN_SECURITY}" ]; then
APT_MIRROR_DEBIAN_SECURITY=$(grep "deb\s.*/debian-security" /etc/apt/sources.list | head -1 | sed -e "s%.*deb\s.*://\([^/]*\)/debian-security.*%\1%")
fi
if [ -z "${APT_MIRROR_UBUNTU}" ]; then
APT_MIRROR_UBUNTU=$(grep "deb\s.*://\([^/]*\)/ubuntu" /etc/apt/sources.list | head -1 | sed -e "s%.*deb\s.*://\([^/]*\)/ubuntu.*%\1%")
fi
if [ -z "${APT_MIRROR_UBUNTU_SECURITY}" ]; then
APT_MIRROR_UBUNTU_SECURITY=$(grep "deb\s.*://\([^/]*\)/ubuntu.*-security" /etc/apt/sources.list | head -1 | sed -e "s%.*deb\s.*://\([^/]*\)/ubuntu.*%\1%")
fi
if [ -z "${APT_MIRROR_UBUNTU}" ]; then
APT_MIRROR_UBUNTU="${APT_MIRROR_DEBIAN}"
fi
if [ -z "${APT_MIRROR_UBUNTU_SECURITY}" ]; then
APT_MIRROR_UBUNTU_SECURITY="${APT_MIRROR_DEBIAN_SECURITY}"
fi
while : ; do
cat <<EOF
${GREEN}${BOLD}
APT_MIRROR_DEBIAN=${APT_MIRROR_DEBIAN}
APT_MIRROR_DEBIAN_SECURITY=${APT_MIRROR_DEBIAN_SECURITY}
APT_MIRROR_UBUNTU=${APT_MIRROR_UBUNTU}
APT_MIRROR_UBUNTU_SECURITY=${APT_MIRROR_UBUNTU_SECURITY}
${NC}
EOF
read -p "Update '${APT_CONF}' (ip:port or y/n)? [no] " proxy
case "${proxy}" in
*:* )
APT_MIRROR_DEBIAN=${proxy}
APT_MIRROR_DEBIAN_SECURITY=${proxy}
APT_MIRROR_UBUNTU=${proxy}
APT_MIRROR_UBUNTU_SECURITY=${proxy}
;;
[YyOo]* )
cat > "${APT_CONF}" <<EOF
# Generated by $(pwd)$(basename $0)
# $(date "+%x %X")
APT_MIRROR_DEBIAN=${APT_MIRROR_DEBIAN}
APT_MIRROR_DEBIAN_SECURITY=${APT_MIRROR_DEBIAN_SECURITY}
APT_MIRROR_UBUNTU=${APT_MIRROR_UBUNTU}
APT_MIRROR_UBUNTU_SECURITY=${APT_MIRROR_UBUNTU_SECURITY}
EOF
break;;
""|[Nn]* ) break;;
* ) echo "Please answer ip:port, yes or no.";;
esac
done
PROXY_CONF="files/.proxy-config"
if [ -f "${PROXY_CONF}" ]; then
FTP_PROXY=$(grep "ftp_proxy" "${PROXY_CONF}" | head -1 | sed -e "s%.*ftp_proxy\s*=\s*.*://\(.*\)%\1%")
HTTP_PROXY=$(grep "http_proxy" "${PROXY_CONF}" | head -1 | sed -e "s%.*http_proxy\s*=\s*.*://\(.*\)%\1%")
HTTPS_PROXY=$(grep "https_proxy" "${PROXY_CONF}" | head -1 | sed -e "s%.*https_proxy\s*=\s*.*://\(.*\)%\1%")
fi
while : ; do
cat <<EOF
${GREEN}${BOLD}
export ftp_proxy=ftp://${FTP_PROXY}
export http_proxy=http://${HTTP_PROXY}
export https_proxy=https://${HTTPS_PROXY}
${NC}
EOF
read -p "proxy in '${PROXY_CONF}' (ip:port, yes or no)? [no] " proxy
case "${proxy}" in
*:* )
FTP_PROXY=${proxy}
HTTP_PROXY=${proxy}
HTTPS_PROXY=${proxy}
;;
[yY]*|[Oo]* )
cat > "${PROXY_CONF}" <<EOF
# Generated by $(pwd)$(basename $0)
# $(date "+%x %X")
export ftp_proxy=ftp://${FTP_PROXY}
export http_proxy=http://${HTTP_PROXY}
export https_proxy=https://${HTTPS_PROXY}
EOF
break;;
""|[Nn]* ) break;;
* ) echo "Please answer ip:port, yes or no.";;
esac
done
CUSTOM_CONF=files/.customDocker.sh
echo
if [ -f "${CUSTOM_CONF}" ]; then
OLD_EDITOR=$(grep install "${CUSTOM_CONF}" | grep "\(joe\|emacs\|vim\)" | head -1 | sed -e "s%.*\(joe\|emacs\|vim\).*%\1%")
fi
while : ; do
read -p "Choose editor in '${CUSTOM_CONF}' (joe, emacs, vim or no)? [${GREEN}${BOLD}${OLD_EDITOR}${NC}] " editor
case "${editor}" in
joe|emacs|vim )
if [ ! -f "${CUSTOM_CONF}" ]; then
echo "#!/bin/bash" > "${CUSTOM_CONF}"
fi
chmod a+x "${CUSTOM_CONF}"
if ! grep -qw "${editor}" "${CUSTOM_CONF}" 2> /dev/null ; then
echo "DEBIAN_FRONTEND=noninteractive apt-get install -y ${editor}" >> "${CUSTOM_CONF}"
echo "rsync -a /vagrant/files/.emacs* /root/" >> "${CUSTOM_CONF}"
fi
break;;
""|[Nn]* ) break;;
* ) echo "Please answer joe, emacs, vim or no.";;
esac
done