Merge pull request #14 from eest/rework-prepare-iaas-debian

Rework prepare-iaas-debian
This commit is contained in:
Fredrik Thulin 2022-10-10 16:52:15 +02:00 committed by GitHub
commit 6c621aa5f1
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 92 additions and 10 deletions

11
debian-enable-root.sh Executable file
View file

@ -0,0 +1,11 @@
#!/usr/bin/env bash
#
# This script is called from prepare-iaas-debian after logging in via ssh as
# the default "debian" user
#
set -ex
sudo cp -r /home/debian/.ssh /root/
sudo chown -R root:root /root/.ssh
sudo chmod 700 /root/.ssh
sudo chmod 600 /root/.ssh/authorized_keys

67
debian-setup.sh Executable file
View file

@ -0,0 +1,67 @@
#!/usr/bin/env bash
#
# This script is called from prepare-iaas-debian after logging in over ssh as
# the root user
#
set -x
# Get rid of ugly perl messages when running from macOS:
# ===
# apt-listchanges: Reading changelogs...
# perl: warning: Setting locale failed.
# perl: warning: Please check that your locale settings:
# LANGUAGE = (unset),
# LC_ALL = (unset),
# LC_CTYPE = "UTF-8",
# LC_TERMINAL = "iTerm2",
# LANG = "C.UTF-8"
# are supported and installed on your system.
# perl: warning: Falling back to a fallback locale ("C.UTF-8").
# ===
export LC_CTYPE=C.UTF-8
# Make sure there is no systemd process running as "debian" after the "enable
# root" step in prepare-iaas-debian. If there are any proceses still running as
# the "debian" user the "userdel" command below will fail.
#
# Depending on how long we have waited between running the "enable root"
# script and this one it is possible the process has timed out on its own,
# so run this command before doing "set -e" in case there is no process
# to match.
pkill -u debian -xf "/lib/systemd/systemd --user"
# Make sure the process has gone away before continuing
sleep_seconds=1
attempt=1
max_attempts=10
while pgrep -u debian -xf "/lib/systemd/systemd --user"; do
if [ $attempt -gt $max_attempts ]; then
echo "failed waiting for systemd process to exit, please investigate"
exit 1
fi
echo "systemd process still running as debian user, this is attempt $attempt out of $max_attempts, sleeping for $sleep_seconds seconds..."
sleep $sleep_seconds
attempt=$((attempt + 1))
done
# From this point we expect all commands to succeed
set -e
# While the man page for "userdel" recommends using "deluser" we can not
# run "deluser" with "--remove-home" without installing more than the
# already included `perl-base` package, so stick with the low level
# utility.
userdel --remove debian
rm /etc/sudoers.d/*
# Make sure en_US.UTF-8 is present in the system, expected by at least
# bootstrap-cosmos.sh
locale_gen_file=/etc/locale.gen
if grep -q '^# en_US.UTF-8 UTF-8$' $locale_gen_file; then
sed -i 's/^# \(en_US.UTF-8 UTF-8\)$/\1/' $locale_gen_file
locale-gen
fi
DEBIAN_FRONTEND="noninteractive" apt-get -y update
DEBIAN_FRONTEND="noninteractive" apt-get -o Dpkg::Options::="--force-confnew" --fix-broken --assume-yes dist-upgrade
reboot

View file

@ -12,13 +12,17 @@ fi
set -x
ssh "debian@${ip}" sudo cp -r /home/debian/.ssh /root/
ssh "debian@${ip}" sudo chown -R root:root /root/.ssh
ssh "debian@${ip}" sudo chmod 700 /root/.ssh
ssh "debian@${ip}" sudo chmod 600 /root/.ssh/authorized_keys
ssh "root@${ip}" deluser debian
ssh "root@${ip}" rm /home/debian -rf
ssh "root@${ip}" rm /etc/sudoers.d/*
ssh "root@${ip}" DEBIAN_FRONTEND="noninteractive" apt-get -y update
ssh "root@${ip}" DEBIAN_FRONTEND="noninteractive" apt-get -o Dpkg::Options::="--force-confnew" --fix-broken --assume-yes dist-upgrade
ssh "root@${ip}" reboot
# Make sure we read the additional scripts from the same directory as
# this script is located at
script_dir=$(dirname "$0")
# The reason for running two separate logins is that it is tricky to
# remove the initial debian user while logged in as that same user:
# ===
# Removing user `debian' ...
# Warning: group `debian' has no more members.
# userdel: user debian is currently used by process 12081
# /usr/sbin/deluser: `/sbin/userdel debian' returned error code 8. Exiting.
# ===
ssh "debian@${ip}" "bash -s" < "$script_dir"/debian-enable-root.sh
ssh "root@${ip}" "bash -s" < "$script_dir"/debian-setup.sh