From 5d2f8c5de297a80e23e36a7b84591508030c4bfd Mon Sep 17 00:00:00 2001 From: Frank Brehm Date: Wed, 28 Mar 2018 10:32:33 +0200 Subject: [PATCH] Redisigned bin/postinst --- bin/postinst | 105 +++++++++++++++++++++++++++++++++------------------ 1 file changed, 68 insertions(+), 37 deletions(-) diff --git a/bin/postinst b/bin/postinst index bbca9d5..912b6d5 100644 --- a/bin/postinst +++ b/bin/postinst @@ -2,14 +2,11 @@ HASH_LINE="###############################" +COBBLER_URL="http://192.168.88.8" -echo "Das ist das Post-Install-Script '$0'." +echo "$(date --rfc-3339=seconds): Das ist das Post-Install-Script '$0'." echo -echo "Creating /root/.ssh ..." -mkdir /root/.ssh -chmod 0700 /root/.ssh - echo echo "Some information:" @@ -18,45 +15,79 @@ echo " \$ip_address_ether0: $ip_address_ether0" echo " \$system_name: $system_name" #----------------------------------------------------------- -echo -echo "Creating /root/.ssh/authorized_keys ..." >/dev/console +log() { + + echo "$(date --rfc-3339=seconds): $*" + echo "$*" >/dev/console +} + +#----------------------------------------------------------- +create_authkeys() { -echo "${HASH_LINE}" >> /root/.ssh/authorized_keys -echo "ssh-dss AAAAB3NzaC1kc3MAAACBAKDLJjA6G2vfqM55xaDspJetd/IUqWWExh3wyrroHY1+wUCF39Qj3kibUP5IfynjPWjVwrxB5JDEPnGdr1kiMO9mfXMiOVZMRcB26RLXfWjpuoXSR+aUKtzEiJv9s+0R3A4Xxj9Vzn5xcGVqU/X9o25Wjltvgp2QgR8OOPjj0PLfAAAAFQDtdQMaYrc70T6Tl+E9d2pAXjJfcwAAAIBVPIqPUg6jTRU6XJgudNtWlmWOD/GdU1nlaHsTm3rKDzQY9hAx+JMKg9ihimGCGdHxXNYQwEk8UnHe04GuKwEw7Lz3+w8x/o0VUBRAkjPAYt34nIO2r2RXEH8NZUBOHPjMng5aygavLlXYovtvlcA4TZsW0T5eqf/5zS3iWhwilAAAAIBrbamvXpY/cbsVDbkw6JmqFoVeOR0jro4a3+/+fDssUygSw+9fSSRAmoXxF1eXTtq28Wx5I5jBSEVYfwSh++3YT+y9cFsnClJ3OwA9JxIWy8JhmXbNdktn8msrIusjUbGjWhIIw7DLm1LMxLcWByR7f97z1MVdetAsGQB9sfxZzQ== softdist" >> /root/.ssh/authorized_keys -echo "${HASH_LINE}" >> /root/.ssh/authorized_keys -echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDZ3QNzqiDE6jUzmXnOzIM93mZBPZtSDbCgYQd8xwOz9ZROxqLcckr8qIvyLFDv/fedwQlLDTg90LGX/zHHAB0T+0DB2dMFOWeSloIMMp+0WwG9i6H0ty6NUVSktvG6h4jbgkhMhHGUEHhxgR2LgxTjq8fpcMOLJ4HLLGW9W3BQOVtoi8hiffKm5DB9Au0HgNvXP/UrCQkBtFzMyhRb7D7aFyDyU/7SuM6m17DIYNx1cg79AH3mjRTQXaOVBrOBJ4uaqy6srbGzWs5FSIMMbgOrcmZRw5GilrG5dBbT/OQSN+sHlECx216pyLrbSWcwG1Fo11iI53pnColRUljMIPJ+XRffxT2yINEfyvfr0GGMKi4c5fcDumgYwT2+foefy72sBhNwKhzjuGySPgRU/1PH8oIcu4TJWyW1xi0AfVZnJhjU5RKeWQ9VMhh1nDntpRdD5z+0FrAL+9AINW4Bjboc6OisikIABBeoT9mbYNNGdHA7rpdJwURycJDpJDhyr0voNnmQ15JF6KZebM0+OW9apTxdotKPKYJ8pFBRGXrTENSVvFNIBbYD55IJ2MlOD2eX6XX2/tnHMdZHCE9Gi22Y8p1oiahLtCU3Th8WwazQlh4H9xAJzK0jp7MOpI3Y553i8zBU47VpO5juELH2bCNwChpdbZbY0i6MxQF61d2iJw== create-vmware-tpl@pixelpark.com" >> /root/.ssh/authorized_keys + echo -TMP_FILE=$( mktemp ) -wget -O "${TMP_FILE}" --dns-timeout=2 --connect-timeout=3 --read-timeout=3 "http://192.168.88.8/custom/create-vmware-tpl/keys/auth_keys_pp_betrieb" || true -if [[ -s "${TMP_FILE}" ]] ; then - cat "${TMP_FILE}" >> /root/.ssh/authorized_keys -fi -rm "${TMP_FILE}" + local url="${COBBLER_URL}/custom/create-vmware-tpl/keys/auth_keys_pp_betrieb" + log "Creating /root/.ssh ..." + mkdir -pv /root/.ssh + chmod -v 0700 /root/.ssh + + log "Creating /root/.ssh/authorized_keys ..." + echo "${HASH_LINE}" >> /root/.ssh/authorized_keys + echo "ssh-dss AAAAB3NzaC1kc3MAAACBAKDLJjA6G2vfqM55xaDspJetd/IUqWWExh3wyrroHY1+wUCF39Qj3kibUP5IfynjPWjVwrxB5JDEPnGdr1kiMO9mfXMiOVZMRcB26RLXfWjpuoXSR+aUKtzEiJv9s+0R3A4Xxj9Vzn5xcGVqU/X9o25Wjltvgp2QgR8OOPjj0PLfAAAAFQDtdQMaYrc70T6Tl+E9d2pAXjJfcwAAAIBVPIqPUg6jTRU6XJgudNtWlmWOD/GdU1nlaHsTm3rKDzQY9hAx+JMKg9ihimGCGdHxXNYQwEk8UnHe04GuKwEw7Lz3+w8x/o0VUBRAkjPAYt34nIO2r2RXEH8NZUBOHPjMng5aygavLlXYovtvlcA4TZsW0T5eqf/5zS3iWhwilAAAAIBrbamvXpY/cbsVDbkw6JmqFoVeOR0jro4a3+/+fDssUygSw+9fSSRAmoXxF1eXTtq28Wx5I5jBSEVYfwSh++3YT+y9cFsnClJ3OwA9JxIWy8JhmXbNdktn8msrIusjUbGjWhIIw7DLm1LMxLcWByR7f97z1MVdetAsGQB9sfxZzQ== softdist" >> /root/.ssh/authorized_keys + echo "${HASH_LINE}" >> /root/.ssh/authorized_keys + echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDZ3QNzqiDE6jUzmXnOzIM93mZBPZtSDbCgYQd8xwOz9ZROxqLcckr8qIvyLFDv/fedwQlLDTg90LGX/zHHAB0T+0DB2dMFOWeSloIMMp+0WwG9i6H0ty6NUVSktvG6h4jbgkhMhHGUEHhxgR2LgxTjq8fpcMOLJ4HLLGW9W3BQOVtoi8hiffKm5DB9Au0HgNvXP/UrCQkBtFzMyhRb7D7aFyDyU/7SuM6m17DIYNx1cg79AH3mjRTQXaOVBrOBJ4uaqy6srbGzWs5FSIMMbgOrcmZRw5GilrG5dBbT/OQSN+sHlECx216pyLrbSWcwG1Fo11iI53pnColRUljMIPJ+XRffxT2yINEfyvfr0GGMKi4c5fcDumgYwT2+foefy72sBhNwKhzjuGySPgRU/1PH8oIcu4TJWyW1xi0AfVZnJhjU5RKeWQ9VMhh1nDntpRdD5z+0FrAL+9AINW4Bjboc6OisikIABBeoT9mbYNNGdHA7rpdJwURycJDpJDhyr0voNnmQ15JF6KZebM0+OW9apTxdotKPKYJ8pFBRGXrTENSVvFNIBbYD55IJ2MlOD2eX6XX2/tnHMdZHCE9Gi22Y8p1oiahLtCU3Th8WwazQlh4H9xAJzK0jp7MOpI3Y553i8zBU47VpO5juELH2bCNwChpdbZbY0i6MxQF61d2iJw== create-vmware-tpl@pixelpark.com" >> /root/.ssh/authorized_keys + + local tmp_file=$( mktemp ) + wget -O "${tmp_file}" --dns-timeout=2 --connect-timeout=3 --read-timeout=3 "${url}" || true + if [[ -s "${tmp_file}" ]] ; then + cat "${tmp_file}" >> /root/.ssh/authorized_keys + fi + rm "${tmp_file}" +} #----------------------------------------------------------- -echo -echo "Importing SSH host keys ..." >/dev/console - -mkdir -pv /etc/ssh - -for stem in ssh_host_ecdsa_key ssh_host_ed25519_key ssh_host_rsa_key ; do - for fullname in "${stem}" "${stem}.pub" ; do - TMP_FILE=$( mktemp ) - URL="http://192.168.88.8/custom/create-vmware-tpl/keys/${fullname}" - wget -O "${TMP_FILE}" --dns-timeout=2 --connect-timeout=3 --read-timeout=3 "${URL}" - if [[ -s "${TMP_FILE}" ]] ; then - mv -v "${TMP_FILE}" "/etc/ssh/${fullname}" - if [[ "${stem}" == "${fullname}" ]] ; then - chown -v root:ssh_keys "/etc/ssh/${fullname}" - chmod -v 0640 "/etc/ssh/${fullname}" - else - chmod -v 0644 "/etc/ssh/${fullname}" +import_ssh_hostkeys() { + + echo + log "Importing SSH host keys ..." + + mkdir -pv /etc/ssh + local tmp_file= + local stem= + local fullname= + local url= + + for stem in ssh_host_ecdsa_key ssh_host_ed25519_key ssh_host_rsa_key ; do + for fullname in "${stem}" "${stem}.pub" ; do + tmp_file=$( mktemp ) + url="${COBBLER_URL}/custom/create-vmware-tpl/keys/${fullname}" + wget -O "${tmp_file}" --dns-timeout=2 --connect-timeout=3 --read-timeout=3 "${url}" + if [[ -s "${tmp_file}" ]] ; then + mv -v "${tmp_file}" "/etc/ssh/${fullname}" + if [[ "${stem}" == "${fullname}" ]] ; then + chown -v root:ssh_keys "/etc/ssh/${fullname}" + chmod -v 0640 "/etc/ssh/${fullname}" + else + chmod -v 0644 "/etc/ssh/${fullname}" + fi fi - fi - rm -f "${TMP_FILE}" + rm -f "${tmp_file}" + done done -done +} + +#----------------------------------------------------------- +main() { + + create_authkeys + import_ssh_hostkeys + +} + + +#----------------------------------------------------------- +main "$@" # vim: ts=4 et -- 2.39.5