diff --git a/debian-enable-root.sh b/debian-enable-root.sh deleted file mode 100755 index 392e0b4..0000000 --- a/debian-enable-root.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/usr/bin/env bash -# -# This script is called from prepare-iaas-debian after logging in via ssh as -# the default "debian" user -# -set -ex - -sudo cp -r /home/debian/.ssh /root/ -sudo chown -R root:root /root/.ssh -sudo chmod 700 /root/.ssh -sudo chmod 600 /root/.ssh/authorized_keys diff --git a/iaas-enable-root.sh b/iaas-enable-root.sh new file mode 100755 index 0000000..d6bb107 --- /dev/null +++ b/iaas-enable-root.sh @@ -0,0 +1,17 @@ +#!/usr/bin/env bash +# +# This script is called from prepare-iaas-$os after logging in via ssh as +# the default user existing in cloud images +# +set -ex + +os=$(lsb_release -si | tr '[:upper:]' '[:lower:]') +if [ "$os" != "ubuntu" ] && [ "$os" != "debian" ]; then + echo "unsupported os: '$os'" + exit 1 +fi + +sudo cp -r /home/"$os"/.ssh /root/ +sudo chown -R root:root /root/.ssh +sudo chmod 700 /root/.ssh +sudo chmod 600 /root/.ssh/authorized_keys diff --git a/debian-setup.sh b/iaas-setup.sh similarity index 67% rename from debian-setup.sh rename to iaas-setup.sh index 56e923a..30c9db0 100755 --- a/debian-setup.sh +++ b/iaas-setup.sh @@ -1,10 +1,16 @@ #!/usr/bin/env bash # -# This script is called from prepare-iaas-debian after logging in over ssh as +# This script is called from prepare-iaas-$os after logging in over ssh as # the root user # set -x +os=$(lsb_release -si | tr '[:upper:]' '[:lower:]') +if [ "$os" != "ubuntu" ] && [ "$os" != "debian" ]; then + echo "unsupported os: '$os'" + exit 1 +fi + # Get rid of ugly perl messages when running from macOS: # === # apt-listchanges: Reading changelogs... @@ -20,26 +26,27 @@ set -x # === export LC_CTYPE=C.UTF-8 -# Make sure there is no systemd process running as "debian" after the "enable -# root" step in prepare-iaas-debian. If there are any proceses still running as -# the "debian" user the "userdel" command below will fail. +# Make sure there is no systemd process running as the initial cloud image user +# # after the "enable root" step in prepare-iaas-$os. If there are any # +# proceses still running as the specified user the "userdel" command # below +# will fail. # # Depending on how long we have waited between running the "enable root" # script and this one it is possible the process has timed out on its own, # so run this command before doing "set -e" in case there is no process # to match. -pkill -u debian -xf "/lib/systemd/systemd --user" +pkill -u "$os" -xf "/lib/systemd/systemd --user" # Make sure the process has gone away before continuing sleep_seconds=1 attempt=1 max_attempts=10 -while pgrep -u debian -xf "/lib/systemd/systemd --user"; do +while pgrep -u "$os" -xf "/lib/systemd/systemd --user"; do if [ $attempt -gt $max_attempts ]; then echo "failed waiting for systemd process to exit, please investigate" exit 1 fi - echo "systemd process still running as debian user, this is attempt $attempt out of $max_attempts, sleeping for $sleep_seconds seconds..." + echo "systemd process still running as '$os' user, this is attempt $attempt out of $max_attempts, sleeping for $sleep_seconds seconds..." sleep $sleep_seconds attempt=$((attempt + 1)) done @@ -49,9 +56,9 @@ set -e # While the man page for "userdel" recommends using "deluser" we can not # run "deluser" with "--remove-home" without installing more than the -# already included `perl-base` package, so stick with the low level -# utility. -userdel --remove debian +# already included `perl-base` package on debian, so stick with the low +# level utility. +userdel --remove "$os" rm /etc/sudoers.d/* # Make sure en_US.UTF-8 is present in the system, expected by at least diff --git a/prepare-iaas-debian b/prepare-iaas-debian index 4147883..cf36fb3 100755 --- a/prepare-iaas-debian +++ b/prepare-iaas-debian @@ -17,12 +17,9 @@ set -x script_dir=$(dirname "$0") # The reason for running two separate logins is that it is tricky to -# remove the initial debian user while logged in as that same user: +# remove the initial user while logged in as that same user: # === -# Removing user `debian' ... -# Warning: group `debian' has no more members. -# userdel: user debian is currently used by process 12081 -# /usr/sbin/deluser: `/sbin/userdel debian' returned error code 8. Exiting. +# userdel: user debian is currently used by process 1082 # === -ssh "debian@${ip}" "bash -s" < "$script_dir"/debian-enable-root.sh -ssh "root@${ip}" "bash -s" < "$script_dir"/debian-setup.sh +ssh "debian@${ip}" "bash -s" < "$script_dir"/iaas-enable-root.sh +ssh "root@${ip}" "bash -s" < "$script_dir"/iaas-setup.sh diff --git a/prepare-iaas-ubuntu b/prepare-iaas-ubuntu index 3fdff8d..c21bf87 100755 --- a/prepare-iaas-ubuntu +++ b/prepare-iaas-ubuntu @@ -12,13 +12,14 @@ fi set -x -ssh "ubuntu@${ip}" sudo cp -r /home/ubuntu/.ssh /root/ -ssh "ubuntu@${ip}" sudo chown -R root:root /root/.ssh -ssh "ubuntu@${ip}" sudo chmod 700 /root/.ssh -ssh "ubuntu@${ip}" sudo chmod 600 /root/.ssh/authorized_keys -ssh "root@${ip}" deluser ubuntu -ssh "root@${ip}" rm /home/ubuntu -rf -ssh "root@${ip}" rm /etc/sudoers.d/* -ssh "root@${ip}" DEBIAN_FRONTEND="noninteractive" apt-get -y update -ssh "root@${ip}" DEBIAN_FRONTEND="noninteractive" apt-get -o Dpkg::Options::="--force-confnew" --fix-broken --assume-yes dist-upgrade -ssh "root@${ip}" reboot +# Make sure we read the additional scripts from the same directory as +# this script is located at +script_dir=$(dirname "$0") + +# The reason for running two separate logins is that it is tricky to +# remove the initial user while logged in as that same user: +# === +# userdel: user ubuntu is currently used by process 44063 +# === +ssh "ubuntu@${ip}" "bash -s" < "$script_dir"/iaas-enable-root.sh +ssh "root@${ip}" "bash -s" < "$script_dir"/iaas-setup.sh