Add script to install new virtual machines.

8 files changed, 161 insertions, 0 deletions

diff --git a/tdf-postinst-udeb/debian/changelog b/tdf-postinst-udeb/debian/changelog
new file mode 100644
index 0000000..41eb167
--- /dev/null
+++ b/tdf-postinst-udeb/debian/changelog
@@ -0,0 +1,5 @@
+tdf-postinst-udeb (0.1) unstable; urgency=low
+
+  * Initial release.
+
+ -- Guilhem Moulin <guilhem@libreoffice.org>  Tue, 18 Oct 2016 19:23:23 +0200
diff --git a/tdf-postinst-udeb/debian/compat b/tdf-postinst-udeb/debian/compat
new file mode 100644
index 0000000..ec63514
--- /dev/null
+++ b/tdf-postinst-udeb/debian/compat
@@ -0,0 +1 @@
+9
diff --git a/tdf-postinst-udeb/debian/control b/tdf-postinst-udeb/debian/control
new file mode 100644
index 0000000..2b1ff24
--- /dev/null
+++ b/tdf-postinst-udeb/debian/control
@@ -0,0 +1,11 @@
+Source: tdf-postinst-udeb
+Section: debian-installer
+Priority: optional
+Maintainer: Guilhem Moulin <guilhem@libreoffice.org>
+Build-Depends: debhelper (>= 9)
+
+Package: tdf-postinst-udeb
+XC-Package-Type: udeb
+Architecture: all
+Depends: ${misc:Depends}
+Description: Postinstall hook for TDF VMs setup
diff --git a/tdf-postinst-udeb/debian/copyright b/tdf-postinst-udeb/debian/copyright
new file mode 100644
index 0000000..409a651
--- /dev/null
+++ b/tdf-postinst-udeb/debian/copyright
@@ -0,0 +1,15 @@
+Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Source: native package
+
+Files: *
+Copyright: © 2016 The Document Foundation <hostmaster@documentfoundation.org>
+License: GPL-3+
+
+License: GPL-3+
+ This package is free software; you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by the
+ Free Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+ .
+ On Debian systems, the complete text of the GNU General Public License
+ version 3 can be found in file "/usr/share/common-licenses/GPL-3".
diff --git a/tdf-postinst-udeb/debian/install b/tdf-postinst-udeb/debian/install
new file mode 100644
index 0000000..d477454
--- /dev/null
+++ b/tdf-postinst-udeb/debian/install
@@ -0,0 +1 @@
+finish-install.d/*  /usr/lib/finish-install.d
diff --git a/tdf-postinst-udeb/debian/rules b/tdf-postinst-udeb/debian/rules
new file mode 100755
index 0000000..2d33f6a
--- /dev/null
+++ b/tdf-postinst-udeb/debian/rules
@@ -0,0 +1,4 @@
+#!/usr/bin/make -f
+
+%:
+	dh $@
diff --git a/tdf-postinst-udeb/debian/templates b/tdf-postinst-udeb/debian/templates
new file mode 100644
index 0000000..e56a68a
--- /dev/null
+++ b/tdf-postinst-udeb/debian/templates
@@ -0,0 +1,9 @@
+Template: tdf-postinst/salt_master
+Type: text
+Description: Hostname or ipv4 of the Salt master
+
+Template: tdf-postinst/salt_master_fingerprint
+Type: text
+Description: Salt master fingerprint
+  Fingerprint of the master public key to validate the identity of
+  the Salt master before the initial key exchange
diff --git a/tdf-postinst-udeb/finish-install.d/07tdf-postinst b/tdf-postinst-udeb/finish-install.d/07tdf-postinst
new file mode 100755
index 0000000..3b92d76
--- /dev/null
+++ b/tdf-postinst-udeb/finish-install.d/07tdf-postinst
@@ -0,0 +1,115 @@
+#!/bin/sh
+set -e
+
+. /usr/share/debconf/confmodule || true
+
+in-target modprobe 9pnet_virtio || true
+in-target modprobe 9p           || true
+
+virtfs="$(mktemp -d)"
+mount -t 9p -o trans=virtio,version=9p2000.L virtfs "$virtfs" || true
+trap 'umount "$virtfs"; rmdir "$virtfs"' EXIT TERM INT
+
+
+#######################################################################
+# Configuration SSHd
+
+if [ -d /target/etc/ssh ]; then
+    in-target find /etc/ssh -maxdepth 1 -type f -a \
+        \( -name "ssh_host_*_key" -o -name "ssh_host_*_key.pub" \) \
+        -delete
+    in-target ssh-keygen -b 4096 -t rsa     -N '' -C /etc/ssh/ssh_host_rsa_key     -f /etc/ssh/ssh_host_rsa_key
+    in-target ssh-keygen         -t ed25519 -N '' -C /etc/ssh/ssh_host_ed25519_key -f /etc/ssh/ssh_host_ed25519_key
+    for pk in $(find /target/etc/ssh -maxdepth 1 -type f -name "ssh_host_*_key.pub"); do
+        cp -f "$pk" "$virtfs"
+    done
+
+    cat >/target/etc/ssh/sshd_config <<- EOF
+		# What ports, IPs and protocols we listen for
+		Port 22
+		# Use these options to restrict which interfaces/protocols sshd will
+		# bind to
+		#ListenAddress ::
+		#ListenAddress 0.0.0.0
+		Protocol 2
+		# HostKeys for protocol version 2
+		HostKey /etc/ssh/ssh_host_rsa_key
+		HostKey /etc/ssh/ssh_host_ed25519_key
+		#Privilege Separation is turned on for security
+		UsePrivilegeSeparation yes
+
+		# Logging
+		SyslogFacility AUTH
+		LogLevel INFO
+
+		# Authentication:
+		LoginGraceTime 120
+		PermitRootLogin without-password
+		StrictModes yes
+
+		PubkeyAuthentication yes
+		#AuthorizedKeysFile %h/.ssh/authorized_keys
+
+		# Change to yes to enable challenge-response passwords (beware issues
+		# with
+		# some PAM modules and threads)
+		ChallengeResponseAuthentication no
+
+		# Change to no to disable tunnelled clear text passwords
+		PasswordAuthentication no
+
+		X11Forwarding no
+		PrintMotd no
+		PrintLastLog yes
+		TCPKeepAlive yes
+
+		# Allow client to pass locale environment variables
+		AcceptEnv LANG LC_*
+
+		Subsystem sftp /usr/lib/openssh/sftp-server
+	EOF
+
+    if [ -f "/cdrom/authorized_keys" ]; then
+        authorized_keys="$(mktemp -p "/target/tmp")"
+        cat /cdrom/authorized_keys >"$authorized_keys"
+        authorized_keys="${authorized_keys#/target}"
+        if db_get passwd/username && [ "$RET" ]; then
+            username="$RET"
+        else
+            username="root"
+        fi
+        in-target sh -c "
+            install -m0700 -o $username -g $username --directory      ~$username/.ssh
+            install -m0600 -o $username -g $username $authorized_keys ~$username/.ssh/authorized_keys
+        "
+    fi
+fi
+
+
+#######################################################################
+# Configure salt-minion
+
+if [ -d /target/etc/salt ]; then
+    in-target sh -c '
+        pkidir="/etc/salt/pki/minion"
+        mkdir -p -m0700 "$pkidir"
+
+        install -m0400 /dev/null "$pkidir/minion.pem"
+        openssl genrsa -rand /dev/urandom -f4 4096 >"$pkidir/minion.pem"
+
+        install -m0644 /dev/null "$pkidir/minion.pub"
+        openssl pkey -pubout <"$pkidir/minion.pem" >"$pkidir/minion.pub"
+
+        mkdir -p /etc/salt/minion.d
+        install -m0644 /dev/null /etc/salt/minion.d/999user.conf
+    '
+    if db_get tdf-postinst/salt_master && [ "$RET" ]; then
+        echo "master: $RET" >>/target/etc/salt/minion.d/999user.conf
+    fi
+    if db_get tdf-postinst/salt_master_fingerprint && [ "$RET" ]; then
+        echo "master_finger: '$RET'" >>/target/etc/salt/minion.d/999user.conf
+    fi
+    echo "id: $(hostname).documentfoundation.org" >>/target/etc/salt/minion.d/999user.conf
+
+    cp /target/etc/salt/pki/minion/minion.pub "$virtfs"
+fi