bgallet
/
myc-manage
forked from Myceliandre/myc-manage
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
40 Commits
5 Branches
0 Tags
2.4 MiB
Tree: 599259bcdc
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '599259bcdc'
${ noResults }
myc-manage/bin/0km

387 lines
11 KiB
Raw Normal View History

new: [0km] new command Signed-off-by: Valentin Lab <valentin.lab@kalysto.org>
4 years ago
new: [0km] ``vps-check`` action added Signed-off-by: Valentin Lab <valentin.lab@kalysto.org>
4 years ago
new: [0km] new command Signed-off-by: Valentin Lab <valentin.lab@kalysto.org>
4 years ago
new: [0km] ``vps-check`` action added Signed-off-by: Valentin Lab <valentin.lab@kalysto.org>
4 years ago
new: [0km] new command Signed-off-by: Valentin Lab <valentin.lab@kalysto.org>
4 years ago
fix: [0km] would not read more than one key This is due to ``ssh`` eating available standard input. Signed-off-by: Valentin Lab <valentin.lab@kalysto.org>
4 years ago
new: [0km] new command Signed-off-by: Valentin Lab <valentin.lab@kalysto.org>
4 years ago
new: [0km] ``vps-check`` action added Signed-off-by: Valentin Lab <valentin.lab@kalysto.org>
4 years ago
new: [0km] new command Signed-off-by: Valentin Lab <valentin.lab@kalysto.org>
4 years ago
  1. #!/bin/bash
  4. . /etc/shlib
  6. include common
  7. include parse
  8. include cmdline
  9. include config
  12. [[ "${BASH_SOURCE[0]}" != "${0}" ]] && SOURCED=true
  14. version=0.1
  15. desc='Manage 0k related installs'
  16. help=""
  19. is-port-open() {
  20. local host="$1" port="$2" timeout=5
  21. start="$SECONDS"
  22. debug "Testing if $host's port $2 is open ..."
  23. while true; do
  24. timeout 1 bash -c "</dev/tcp/${host}/${port}" >/dev/null 2>&1 && break
  25. sleep 0.2
  26. if [ "$((SECONDS - start))" -gt "$timeout" ]; then
  27. return 1
  28. fi
  29. done
  30. }
  32. resolve() {
  33. local ent hostname="$1"
  34. debug "Resolving $1 ..."
  35. if ent=$(getent ahosts "$hostname"); then
  36. ent=$(echo "$ent" | egrep ^"[0-9]+.[0-9]+.[0-9]+.[0-9]+\s+" | \
  37. head -n 1 | awk '{ print $1 }')
  38. debug " .. resolved $1 to $ent."
  39. echo "$ent"
  40. else
  41. debug " .. couldn't resolve $1."
  42. return 1
  43. fi
  44. }
  47. set_errlvl() { return "${1:-1}"; }
  49. export master_pid=$$
  50. ssh:open() {
  51. local hostname ssh_cmd ssh_options
  52. ssh_cmd=(ssh)
  53. ssh_options=()
  54. while [ "$#" != 0 ]; do
  55. case "$1" in
  56. "--stdin-password")
  57. ssh_cmd=(sshpass "${ssh_cmd[@]}")
  58. ;;
  59. -o)
  60. ssh_options+=("$1" "$2")
  61. shift
  62. ;;
  63. *)
  64. [ -z "$hostname" ] && hostname="$1" || {
  65. err "Surnumerous positional argument '$1'. Expecting only hostname."
  66. return 1
  67. }
  68. ;;
  69. esac
  70. shift
  71. done
  72. "${ssh_cmd[@]}" -o ControlPath=/tmp/ssh-control-master-${master_pid} \
  73. -o ControlMaster=auto -o ControlPersist=900 \
  74. -o ConnectTimeout=5 -o "StrictHostKeyChecking=no" \
  75. "${ssh_options[@]}" \
  76. "$hostname" "$@" -- true || {
  77. err Failed: ssh -o ControlPath=/tmp/ssh-control-master-${master_pid} \
  78. -o ControlMaster=auto -o ControlPersist=900 \
  79. "$hostname" "$@" -- true
  80. return 1
  81. }
  82. trap_add EXIT,INT 'ssh:quit "$hostname"'
  83. }
  86. ssh:open-try() {
  87. local opts hostnames
  88. opts=()
  89. hostnames=()
  90. while [ "$#" != 0 ]; do
  91. case "$1" in
  92. -o)
  93. opts+=("$1" "$2")
  94. shift
  95. ;;
  96. *)
  97. hostnames+=("$1")
  98. ;;
  99. esac
  100. shift
  101. done
  102. password=''
  103. for host in "${hostnames[@]}"; do
  104. debug "Trying $host with publickey."
  105. ssh:open -o PreferredAuthentications=publickey \
  106. "${opts[@]}" \
  107. "$host" >/dev/null 2>&1 && {
  108. echo "$host"$'\n'"$password"$'\n'
  109. return 0
  110. }
  111. debug " .. failed connecting to $host with publickey."
  112. done
  113. local times=0 password
  114. while [ "$((++times))" -le 3 ]; do
  115. read -sp "$HOST's password: " password
  116. errlvl="$?"
  117. echo >&2
  118. if [ "$errlvl" -gt 0 ]; then
  119. exit 1
  120. fi
  121. for host in "${hostnames[@]}"; do
  122. debug "Trying $host with password ($times/3)"
  123. echo "$password" | ssh:open -o PreferredAuthentications=password \
  124. --stdin-password \
  125. "${opts[@]}" \
  126. "$host" >/dev/null 2>&1 && {
  127. echo "$host"$'\n'"$password"$'\n'
  128. return 0
  129. }
  130. debug " .. failed connecting to $host with password."
  131. done
  132. err "login failed. Try again... ($((times+1))/3)"
  133. done
  134. return 1
  135. }
  138. ssh:run() {
  139. local hostname="$1" ssh_options cmd
  140. shift
  142. ssh_options=()
  143. cmd=()
  144. while [ "$#" != 0 ]; do
  145. case "$1" in
  146. "--")
  147. shift
  148. cmd+=("$@")
  149. break
  150. ;;
  151. *)
  152. ssh_options+=("$1")
  153. ;;
  154. esac
  155. shift
  156. done
  157. #echo "$DARKCYAN$hostname$NORMAL $WHITE\$$NORMAL" "$@"
  158. debug "Running cmd: ${cmd[@]}"
  159. for arg in "${cmd[@]}"; do
  160. debug "$arg"
  161. done
  162. {
  163. {
  164. ssh -o ControlPath=/tmp/ssh-control-master-${master_pid}-$hostname \
  165. -o ControlMaster=auto -o ControlPersist=900 \
  166. -o "StrictHostKeyChecking=no" \
  167. "$hostname" "${ssh_options[@]}" -- "${cmd[@]}"
  168. } 3>&1 1>&2 2>&3 | sed -r "s/^/$DARKCYAN$hostname$NORMAL $DARKRED\!$NORMAL /g"
  169. set_errlvl "${PIPESTATUS[0]}"
  170. } 3>&1 1>&2 2>&3
  171. }
  173. ssh:quit() {
  174. local hostname="$1"
  175. shift
  176. ssh -o ControlPath=/tmp/ssh-control-master-${master_pid} \
  177. -o ControlMaster=auto -o ControlPersist=900 -O exit \
  178. "$hostname" 2>/dev/null
  179. }
  182. is_ovh_domain_name() {
  183. local domain="$1"
  185. [[ "$domain" == *.ovh.net ]] && return 0
  186. [[ "$domain" == "ns"*".ip-"*".eu" ]] && return 0
  187. return 1
  188. }
  190. is_ovh_hostname() {
  191. local domain="$1"
  193. [[ "$domain" =~ ^vps-[0-9a-f]*$ ]] && return 0
  194. [[ "$domain" =~ ^vps[0-9]*$ ]] && return 0
  195. return 1
  196. }
  198. vps_check() {
  199. local vps="$1"
  200. ip=$(resolve "$vps") ||
  201. { echo "no-resolve"; return; }
  203. ping -c 1 -w 1 "$ip" >/dev/null 2>&1 ||
  204. { echo "no-ping"; }
  205. is-port-open "$ip" "22" ||
  206. { echo "no-port-22-open"; return; }
  208. ssh:open -o ConnectTimeout=2 -o PreferredAuthentications=publickey \
  209. "root@$vps" >/dev/null 2>&1 ||
  210. { echo "no-ssh-root-access"; return; }
  211. compose_content=$(ssh:run "root@$vps" -- cat /opt/apps/myc-deploy/compose.yml </dev/null) ||
  212. { echo "no-compose"; return; }
  213. echo "$compose_content" | grep backup >/dev/null 2>&1 ||
  214. { echo "no-backup"; return; }
  215. }
  219. [ "$SOURCED" ] && return 0
  221. ##
  222. ## Command line processing
  223. ##
  226. cmdline.spec.gnu
  227. cmdline.spec.reporting
  229. cmdline.spec.gnu vps-setup
  231. cmdline.spec::cmd:vps-setup:run() {
  233. : :posarg: HOST 'Target host to check/fix ssh-access'
  235. depends sshpass shyaml
  237. KEY_PATH="ssh-access.public-keys"
  238. local keys=$(config get-value -y "ssh-access.public-keys") || true
  239. if [ -z "$keys" ]; then
  240. err "No ssh publickeys configured in config file."
  241. echo " Looking for keys in ${WHITE}${KEY_PATH}${NORMAL}" \
  242. "in config file." >&2
  243. config:exists --message 2>&1 | prefix " "
  244. if [ "${PIPESTATUS[0]}" == "0" ]; then
  245. echo " Config file found in $(config:filename)"
  246. fi
  247. return 1
  248. fi
  249. local tkey=$(e "$keys" | shyaml get-type)
  250. if [ "$tkey" != "sequence" ]; then
  251. err "Value type of ${WHITE}${KEY_PATH}${NORMAL} unexpected (is $tkey, expecting sequence)."
  252. echo " Check content of $(config:filename), and make sure to use a sequence." >&2
  253. return 1
  254. fi
  256. local IP NAME keys host_pass_connected
  257. if ! IP=$(resolve "$HOST"); then
  258. err "'$HOST' name unresolvable."
  259. exit 1
  260. fi
  262. NAME="$HOST"
  263. if [ "$IP" != "$HOST" ]; then
  264. NAME="$HOST ($IP)"
  265. fi
  267. if ! is-port-open "$IP" "22"; then
  268. err "$NAME unreachable or port 22 closed."
  269. exit 1
  270. fi
  271. debug "Host $IP's port 22 is open."
  272. if ! host_pass_connected=$(ssh:open-try \
  273. {root,debian}@"$HOST"); then
  274. err "Could not connect to {root,debian}@$HOST with publickey nor password."
  275. exit 1
  276. fi
  278. read-0a host password <<<"$host_pass_connected"
  280. sudo_if_necessary=
  281. if [ "$password" -o "${host%%@*}" != "root" ]; then
  282. if ! ssh:run "$host" -- sudo -n true >/dev/null 2>&1; then
  283. err "Couldn't do a password-less sudo from $host."
  284. echo " This is not yet supported."
  285. exit 1
  286. else
  287. sudo_if_necessary=sudo
  288. fi
  289. fi
  291. Section Checking access
  292. while read-0 key; do
  293. prefix="${key%% *}"
  294. if [ "$prefix" != "ssh-rsa" ]; then
  295. err "Unsupported key:"$'\n'"$key"
  296. return 1
  297. fi
  298. label="${key##* }"
  299. Elt "considering adding key ${DARKYELLOW}$label${NORMAL}"
  300. dest="/root/.ssh/authorized_keys"
  301. if ssh:run "$host" -- $sudo_if_necessary grep "\"$key\"" "$dest" >/dev/null 2>&1 </dev/null; then
  302. print_info "already present"
  303. print_status noop
  304. Feed
  305. else
  306. if echo "$key" | ssh:run "$host" -- $sudo_if_necessary tee -a "$dest" >/dev/null; then
  307. print_info added
  308. else
  309. echo
  310. Feedback failure
  311. return 1
  312. fi
  313. Feedback success
  314. fi
  315. done < <(e "$keys" | shyaml get-values-0)
  317. Section Checking ovh hostname file
  318. Elt "Checking /etc/ovh-hostname"
  319. if ! ssh:run "$host" -- $sudo_if_necessary [ -e "/etc/ovh-hostname" ]; then
  320. print_info "creating"
  321. ssh:run "$host" -- $sudo_if_necessary cp /etc/hostname /etc/ovh-hostname
  322. ovhname=$(ssh:run "$host" -- $sudo_if_necessary cat /etc/ovh-hostname)
  323. Elt "Checking /etc/ovh-hostname: $ovhname"
  324. Feedback || return 1
  325. else
  326. ovhname=$(ssh:run "$host" -- $sudo_if_necessary cat /etc/ovh-hostname)
  327. Elt "Checking /etc/ovh-hostname: $ovhname"
  328. print_info "already present"
  329. print_status noop
  330. Feed
  331. fi
  333. if ! is_ovh_domain_name "$HOST" && ! str_is_ipv4 "$HOST"; then
  334. Section Checking hostname
  335. Elt "Checking /etc/hostname..."
  336. if [ "$old" != "$HOST" ]; then
  337. old="$(ssh:run "$host" -- $sudo_if_necessary cat /etc/hostname)"
  338. Elt "Hostname is '$old'"
  339. if is_ovh_hostname "$old"; then
  340. Elt "Hostname '$old' --> '$HOST'"
  341. print_info "creating"
  342. echo "$HOST" | ssh:run "$host" -- $sudo_if_necessary tee /etc/hostname >/dev/null &&
  343. ssh:run "$host" -- $sudo_if_necessary hostname "$HOST"
  344. Feedback || return 1
  345. else
  346. print_info "not changing"
  347. print_status noop
  348. Feed
  349. fi
  351. else
  352. print_info "already set"
  353. print_status noop
  354. Feed
  355. fi
  356. else
  357. info "Not changing domain as '$HOST' doesn't seem to be final domain."
  358. fi
  360. }
  364. cmdline.spec.gnu vps-check
  366. cmdline.spec::cmd:vps-check:run() {
  368. : :posarg: [VPS...] 'Target host to check'
  370. VPS=($(printf "%s\n" "${VPS[@]}" | sort))
  371. declare -A vps_done;
  372. for vps in "${VPS[@]}"; do
  373. [ "${vps_done[$vps]}" ] && {
  374. warn "duplicate vps '$vps' provided. Ignoring."
  375. continue
  376. }
  377. vps_done[$vps]=1
  378. (
  379. vps_check "$vps" 2>&1 | sed "s/^/$vps: /g"
  380. [ "${PIPESTATUS[0]}" == 0 ]
  381. ) &
  382. done
  383. wait
  384. }
  387. cmdline::parse "$@"