Merge pull request #14 from eest/rework-prepare-iaas-debian
Rework prepare-iaas-debian
This commit is contained in:
commit
6c621aa5f1
11
debian-enable-root.sh
Executable file
11
debian-enable-root.sh
Executable file
|
@ -0,0 +1,11 @@
|
|||
#!/usr/bin/env bash
|
||||
#
|
||||
# This script is called from prepare-iaas-debian after logging in via ssh as
|
||||
# the default "debian" user
|
||||
#
|
||||
set -ex
|
||||
|
||||
sudo cp -r /home/debian/.ssh /root/
|
||||
sudo chown -R root:root /root/.ssh
|
||||
sudo chmod 700 /root/.ssh
|
||||
sudo chmod 600 /root/.ssh/authorized_keys
|
67
debian-setup.sh
Executable file
67
debian-setup.sh
Executable file
|
@ -0,0 +1,67 @@
|
|||
#!/usr/bin/env bash
|
||||
#
|
||||
# This script is called from prepare-iaas-debian after logging in over ssh as
|
||||
# the root user
|
||||
#
|
||||
set -x
|
||||
|
||||
# Get rid of ugly perl messages when running from macOS:
|
||||
# ===
|
||||
# apt-listchanges: Reading changelogs...
|
||||
# perl: warning: Setting locale failed.
|
||||
# perl: warning: Please check that your locale settings:
|
||||
# LANGUAGE = (unset),
|
||||
# LC_ALL = (unset),
|
||||
# LC_CTYPE = "UTF-8",
|
||||
# LC_TERMINAL = "iTerm2",
|
||||
# LANG = "C.UTF-8"
|
||||
# are supported and installed on your system.
|
||||
# perl: warning: Falling back to a fallback locale ("C.UTF-8").
|
||||
# ===
|
||||
export LC_CTYPE=C.UTF-8
|
||||
|
||||
# Make sure there is no systemd process running as "debian" after the "enable
|
||||
# root" step in prepare-iaas-debian. If there are any proceses still running as
|
||||
# the "debian" user the "userdel" command below will fail.
|
||||
#
|
||||
# Depending on how long we have waited between running the "enable root"
|
||||
# script and this one it is possible the process has timed out on its own,
|
||||
# so run this command before doing "set -e" in case there is no process
|
||||
# to match.
|
||||
pkill -u debian -xf "/lib/systemd/systemd --user"
|
||||
|
||||
# Make sure the process has gone away before continuing
|
||||
sleep_seconds=1
|
||||
attempt=1
|
||||
max_attempts=10
|
||||
while pgrep -u debian -xf "/lib/systemd/systemd --user"; do
|
||||
if [ $attempt -gt $max_attempts ]; then
|
||||
echo "failed waiting for systemd process to exit, please investigate"
|
||||
exit 1
|
||||
fi
|
||||
echo "systemd process still running as debian user, this is attempt $attempt out of $max_attempts, sleeping for $sleep_seconds seconds..."
|
||||
sleep $sleep_seconds
|
||||
attempt=$((attempt + 1))
|
||||
done
|
||||
|
||||
# From this point we expect all commands to succeed
|
||||
set -e
|
||||
|
||||
# While the man page for "userdel" recommends using "deluser" we can not
|
||||
# run "deluser" with "--remove-home" without installing more than the
|
||||
# already included `perl-base` package, so stick with the low level
|
||||
# utility.
|
||||
userdel --remove debian
|
||||
rm /etc/sudoers.d/*
|
||||
|
||||
# Make sure en_US.UTF-8 is present in the system, expected by at least
|
||||
# bootstrap-cosmos.sh
|
||||
locale_gen_file=/etc/locale.gen
|
||||
if grep -q '^# en_US.UTF-8 UTF-8$' $locale_gen_file; then
|
||||
sed -i 's/^# \(en_US.UTF-8 UTF-8\)$/\1/' $locale_gen_file
|
||||
locale-gen
|
||||
fi
|
||||
|
||||
DEBIAN_FRONTEND="noninteractive" apt-get -y update
|
||||
DEBIAN_FRONTEND="noninteractive" apt-get -o Dpkg::Options::="--force-confnew" --fix-broken --assume-yes dist-upgrade
|
||||
reboot
|
|
@ -12,13 +12,17 @@ fi
|
|||
|
||||
set -x
|
||||
|
||||
ssh "debian@${ip}" sudo cp -r /home/debian/.ssh /root/
|
||||
ssh "debian@${ip}" sudo chown -R root:root /root/.ssh
|
||||
ssh "debian@${ip}" sudo chmod 700 /root/.ssh
|
||||
ssh "debian@${ip}" sudo chmod 600 /root/.ssh/authorized_keys
|
||||
ssh "root@${ip}" deluser debian
|
||||
ssh "root@${ip}" rm /home/debian -rf
|
||||
ssh "root@${ip}" rm /etc/sudoers.d/*
|
||||
ssh "root@${ip}" DEBIAN_FRONTEND="noninteractive" apt-get -y update
|
||||
ssh "root@${ip}" DEBIAN_FRONTEND="noninteractive" apt-get -o Dpkg::Options::="--force-confnew" --fix-broken --assume-yes dist-upgrade
|
||||
ssh "root@${ip}" reboot
|
||||
# Make sure we read the additional scripts from the same directory as
|
||||
# this script is located at
|
||||
script_dir=$(dirname "$0")
|
||||
|
||||
# The reason for running two separate logins is that it is tricky to
|
||||
# remove the initial debian user while logged in as that same user:
|
||||
# ===
|
||||
# Removing user `debian' ...
|
||||
# Warning: group `debian' has no more members.
|
||||
# userdel: user debian is currently used by process 12081
|
||||
# /usr/sbin/deluser: `/sbin/userdel debian' returned error code 8. Exiting.
|
||||
# ===
|
||||
ssh "debian@${ip}" "bash -s" < "$script_dir"/debian-enable-root.sh
|
||||
ssh "root@${ip}" "bash -s" < "$script_dir"/debian-setup.sh
|
||||
|
|
Loading…
Reference in a new issue