From 442e804b78716c9f9bd5a50076b76af608cf74f2 Mon Sep 17 00:00:00 2001 From: Dieter Plaetinck Date: Thu, 18 Dec 2008 19:43:12 +0100 Subject: 'dieter' is now project 'ddeploy' that aims to be usable to many people --- unofficial/modules/ddeploy/libs/lib-deployment.sh | 21 +++ unofficial/modules/ddeploy/procedures/automatic | 152 ++++++++++++++++++++++ unofficial/modules/ddeploy/whatsthis.txt | 9 ++ unofficial/modules/dieter/libs/lib-deployment.sh | 21 --- unofficial/modules/dieter/procedures/automatic | 152 ---------------------- unofficial/modules/dieter/whatsthis.txt | 2 - 6 files changed, 182 insertions(+), 175 deletions(-) create mode 100644 unofficial/modules/ddeploy/libs/lib-deployment.sh create mode 100644 unofficial/modules/ddeploy/procedures/automatic create mode 100644 unofficial/modules/ddeploy/whatsthis.txt delete mode 100644 unofficial/modules/dieter/libs/lib-deployment.sh delete mode 100644 unofficial/modules/dieter/procedures/automatic delete mode 100644 unofficial/modules/dieter/whatsthis.txt (limited to 'unofficial/modules') diff --git a/unofficial/modules/ddeploy/libs/lib-deployment.sh b/unofficial/modules/ddeploy/libs/lib-deployment.sh new file mode 100644 index 0000000..da63f3f --- /dev/null +++ b/unofficial/modules/ddeploy/libs/lib-deployment.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +_accept_ssl_cert () +{ + mkdir -p /root/.subversion/auth/svn.ssl.server + cat > /root/.subversion/auth/svn.ssl.server/1123d3c8b27895efee3848cc779e526a << EOF +K 10 +ascii_cert +V 716 +MIICFTCCAX6gAwIBAgIBAjANBgkqhkiG9w0BAQQFADBVMRswGQYDVQQKExJBcGFjaGUgSFRUUCBTZXJ2ZXIxIjAgBgNVBAsTGUZvciB0ZXN0aW5nIHB1cnBvc2VzIG9ubHkxEjAQBgNVBAMTCWxvY2FsaG9zdDAeFw0wNjA3MjQxMjUwMzdaFw0wNzA3MjQxMjUwMzdaMEwxGzAZBgNVBAoTEkFwYWNoZSBIVFRQIFNlcnZlcjEZMBcGA1UECxMQVGVzdCBDZXJ0aWZpY2F0ZTESMBAGA1UEAxMJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDF5PB1NnUve2jkisDTGsxKC9qzpnl+eX8UIR/1s+yX2ZIPNnIryeqTc6sS3cBHz2/AufIr0xbpXkTa4V5Es5bXA7W1D7+ZzuFHjjyi4E2eqYVkhkv1sRL5TpAovfjAA+96iaFHp3yKYiuw/nWwQTSW9M1VrDEym4ODxyJOtNdgQQIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABY0bnBf9tL1WMC1sLxB1eDXvs5qNY96mny+EKGAbyQROPaXwsRQB0HrAkuWfHzQlgIdD6AfGsd+YMcEuqSPzIz6t6mA45jl++WvI6we9t3eYChtdPD2xjgHti0aSiDyVLTJbXPnkdgzKvIjYZcXBwbmbQSrg0STO5m+cSYt3chx +K 8 +failures +V 2 +14 +K 15 +svn:realmstring +V 23 +https://192.168.1.2:443 +END +EOF +} diff --git a/unofficial/modules/ddeploy/procedures/automatic b/unofficial/modules/ddeploy/procedures/automatic new file mode 100644 index 0000000..2887e1d --- /dev/null +++ b/unofficial/modules/ddeploy/procedures/automatic @@ -0,0 +1,152 @@ +#!/bin/bash +depend_module yaourt +depend_procedure core base + +var_RUNTIME_PACKAGES="svn" + +phase_preparation=(\ + configure \ + intro \ + sysprep \ + msg_manual \ + runtime_network \ + runtime_svn \ + msg_automatic \ + select_source \ + runtime_packages \ + runtime_yaourt) + +phase_finish=(configure_home msg_report) + + +worker_intro () +{ + notify "Dieter::automatic procedure running..." +} + + +worker_configure () +{ + var_UI_TYPE=${arg_ui_type:-cli} +} + + +worker_msg_manual () +{ + # All things that need to be done manually first + notify "A few manual things need to happen first..." +} + + +worker_msg_automatic () +{ + notify "**** From now on. everything will be automatic. Enjoy the show!" # not true: you need pass for dm_crypt +} + + +worker_runtime_network () +{ + if ask_yesno "Do you want to (re)-configure your networking?" + then + interactive_runtime_network + else + infofy "Ok. skipping network config" + fi +} + + +worker_runtime_svn () +{ + SVN_USERNAME=dieter + ask_password svn #TODO: if user entered incorrect password, the install process will just fail.. + SVN="svn --username $SVN_USERNAME --password $SVN_PASSWORD" + SVN_BASE=https://192.168.1.2/svn/repos + ask_string "Which host are you installing?" desktop-a7nx8 + TARGET_HOST=$ANSWER_STRING #TODO: allow passing cmdline argument (and check with svn info). handle -z $ANSWER_STRING + _accept_ssl_cert +} + + +worker_prepare_disks () +{ + modprobe dm-crypt || die_error "Cannot modprobe dm-crypt" + modprobe -q aes-x86-64 || modprobe aes-i586 || die_error "Cannot modprobe aes-x86-64 or aes-i586" + + # Cleanup whatever state the disk is in (that includes previous, failed runs of this script) + umount /dev/mapper/cryptpool-* 2>/dev/null + vgremove -f cryptpool 2>/dev/null + pvremove /dev/mapper/sda2_crypt 2>/dev/null + cryptsetup luksClose sda2_crypt 2>/dev/null + dd if=/dev/urandom of=/dev/sda bs=512 count=1 + + #TODO: integrate this stuff into the functions in the libs (process_partitions and filesystems, rollback and bailout if needed) + do error checking and handling + #NOTE: i don't think i should quote to prevent globbing, but it does seem to help i think (hard to check as resource is busy and you can't reload kernel partition tables) + sfdisk /dev/sda 2>&1 | grep -v 'not have an msdos signature' << EOF +,10,L,'*' +,,L +EOF + [ $? -gt 0 ] && die_error "Could not sfdisk /dev/sda. Return code is $?" + #TODO: when sfdisk is done, i still have an invalid partition table? + cryptsetup --batch-mode -c aes-xts-plain -y -s 512 luksFormat /dev/sda2 || die_error "Cannot cryptsetup luksFormat /dev/sda2" + cryptsetup luksOpen /dev/sda2 sda2_crypt || die_error "Cannot cryptsetup luksOpen /dev/sda2" + pvcreate /dev/mapper/sda2_crypt || die_error "Cannot pvcreate the PV on the encrypted blockdevice" + vgcreate cryptpool /dev/mapper/sda2_crypt || die_error "Cannot create the VG an the PV on the encrypted blockdevice" + lvcreate -L 2G -n swap cryptpool && \ + lvcreate -L 500M -n tmp cryptpool && \ + lvcreate -L 10G -n home cryptpool && \ + lvcreate -L 10G -n root cryptpool && \ + lvcreate -L 3G -n var cryptpool || die_error "Could not create at least one of the LV's" + for i in home root tmp var + do + mkdir -p $var_TARGET_DIR/$i + mke2fs -j /dev/cryptpool/$i && mount /dev/cryptpool/$i $var_TARGET_DIR/$i || die_error "Could not format or mount $var_TARGET_DIR/$i" + done + + # TODO: swapon the thing and don't forget to swapoff it in the cleanup part above + # TODO: fstab? auto-add to fstab with libs? auto mkdir's on target_dir? + true +} + +worker_package_list () +{ + $SVN export $SVN_BASE/ddm-configs/$TARGET_HOST/trunk/package-list $var_PKG_FILE || die_error "Could not export package list!" + # cat -> there are newlines in it -> var=`echo $var` -> not anymore :) + TARGET_PACKAGES=`cat $var_PKG_FILE` && TARGET_PACKAGES=`echo $TARGET_PACKAGES` || die_error "Could not cat package list. THIS SHOULD NEVER HAPPEN." + true +} + + +worker_install_packages () +{ + target_prepare_pacman core extra community #TODO: it would be better if this was a separate worker, i think + [ -z "$TARGET_PACKAGES" ] && die_error "No packages listed to be installed!" + installpkg +} + + +worker_configure_home () +{ + #checkout from svn + true +} + + +worker_set_clock () +{ + #timezone="Europe/Brussels" + #Not doing anything. hwclock is set already and configs are coming from svn anyway.. + true +} + + +worker_install_bootloader () +{ + install-grub /dev/sda +} + + +worker_runtime_yaourt () +{ + _yaourt_replace_pacman +} + diff --git a/unofficial/modules/ddeploy/whatsthis.txt b/unofficial/modules/ddeploy/whatsthis.txt new file mode 100644 index 0000000..eb7b810 --- /dev/null +++ b/unofficial/modules/ddeploy/whatsthis.txt @@ -0,0 +1,9 @@ +ddeploy is a module for deploying a system automatically. + +Right now I use convention over configuration. +Your disk layout, package list, /etc/, ~ etc are expected to be in certain places inside svn/ddm/git repositories. +(although I'll probably make this more configurable in the future to allow more choice in vcs technology etc.) + +Right now I (Dieter) am probably the only one using this, but everyone can have a similar setup! +For now the conventions are not documented yet. +Just look at the source of the procedures to see what is expected where. \ No newline at end of file diff --git a/unofficial/modules/dieter/libs/lib-deployment.sh b/unofficial/modules/dieter/libs/lib-deployment.sh deleted file mode 100644 index da63f3f..0000000 --- a/unofficial/modules/dieter/libs/lib-deployment.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash - -_accept_ssl_cert () -{ - mkdir -p /root/.subversion/auth/svn.ssl.server - cat > /root/.subversion/auth/svn.ssl.server/1123d3c8b27895efee3848cc779e526a << EOF -K 10 -ascii_cert -V 716 -MIICFTCCAX6gAwIBAgIBAjANBgkqhkiG9w0BAQQFADBVMRswGQYDVQQKExJBcGFjaGUgSFRUUCBTZXJ2ZXIxIjAgBgNVBAsTGUZvciB0ZXN0aW5nIHB1cnBvc2VzIG9ubHkxEjAQBgNVBAMTCWxvY2FsaG9zdDAeFw0wNjA3MjQxMjUwMzdaFw0wNzA3MjQxMjUwMzdaMEwxGzAZBgNVBAoTEkFwYWNoZSBIVFRQIFNlcnZlcjEZMBcGA1UECxMQVGVzdCBDZXJ0aWZpY2F0ZTESMBAGA1UEAxMJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDF5PB1NnUve2jkisDTGsxKC9qzpnl+eX8UIR/1s+yX2ZIPNnIryeqTc6sS3cBHz2/AufIr0xbpXkTa4V5Es5bXA7W1D7+ZzuFHjjyi4E2eqYVkhkv1sRL5TpAovfjAA+96iaFHp3yKYiuw/nWwQTSW9M1VrDEym4ODxyJOtNdgQQIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABY0bnBf9tL1WMC1sLxB1eDXvs5qNY96mny+EKGAbyQROPaXwsRQB0HrAkuWfHzQlgIdD6AfGsd+YMcEuqSPzIz6t6mA45jl++WvI6we9t3eYChtdPD2xjgHti0aSiDyVLTJbXPnkdgzKvIjYZcXBwbmbQSrg0STO5m+cSYt3chx -K 8 -failures -V 2 -14 -K 15 -svn:realmstring -V 23 -https://192.168.1.2:443 -END -EOF -} diff --git a/unofficial/modules/dieter/procedures/automatic b/unofficial/modules/dieter/procedures/automatic deleted file mode 100644 index 2887e1d..0000000 --- a/unofficial/modules/dieter/procedures/automatic +++ /dev/null @@ -1,152 +0,0 @@ -#!/bin/bash -depend_module yaourt -depend_procedure core base - -var_RUNTIME_PACKAGES="svn" - -phase_preparation=(\ - configure \ - intro \ - sysprep \ - msg_manual \ - runtime_network \ - runtime_svn \ - msg_automatic \ - select_source \ - runtime_packages \ - runtime_yaourt) - -phase_finish=(configure_home msg_report) - - -worker_intro () -{ - notify "Dieter::automatic procedure running..." -} - - -worker_configure () -{ - var_UI_TYPE=${arg_ui_type:-cli} -} - - -worker_msg_manual () -{ - # All things that need to be done manually first - notify "A few manual things need to happen first..." -} - - -worker_msg_automatic () -{ - notify "**** From now on. everything will be automatic. Enjoy the show!" # not true: you need pass for dm_crypt -} - - -worker_runtime_network () -{ - if ask_yesno "Do you want to (re)-configure your networking?" - then - interactive_runtime_network - else - infofy "Ok. skipping network config" - fi -} - - -worker_runtime_svn () -{ - SVN_USERNAME=dieter - ask_password svn #TODO: if user entered incorrect password, the install process will just fail.. - SVN="svn --username $SVN_USERNAME --password $SVN_PASSWORD" - SVN_BASE=https://192.168.1.2/svn/repos - ask_string "Which host are you installing?" desktop-a7nx8 - TARGET_HOST=$ANSWER_STRING #TODO: allow passing cmdline argument (and check with svn info). handle -z $ANSWER_STRING - _accept_ssl_cert -} - - -worker_prepare_disks () -{ - modprobe dm-crypt || die_error "Cannot modprobe dm-crypt" - modprobe -q aes-x86-64 || modprobe aes-i586 || die_error "Cannot modprobe aes-x86-64 or aes-i586" - - # Cleanup whatever state the disk is in (that includes previous, failed runs of this script) - umount /dev/mapper/cryptpool-* 2>/dev/null - vgremove -f cryptpool 2>/dev/null - pvremove /dev/mapper/sda2_crypt 2>/dev/null - cryptsetup luksClose sda2_crypt 2>/dev/null - dd if=/dev/urandom of=/dev/sda bs=512 count=1 - - #TODO: integrate this stuff into the functions in the libs (process_partitions and filesystems, rollback and bailout if needed) + do error checking and handling - #NOTE: i don't think i should quote to prevent globbing, but it does seem to help i think (hard to check as resource is busy and you can't reload kernel partition tables) - sfdisk /dev/sda 2>&1 | grep -v 'not have an msdos signature' << EOF -,10,L,'*' -,,L -EOF - [ $? -gt 0 ] && die_error "Could not sfdisk /dev/sda. Return code is $?" - #TODO: when sfdisk is done, i still have an invalid partition table? - cryptsetup --batch-mode -c aes-xts-plain -y -s 512 luksFormat /dev/sda2 || die_error "Cannot cryptsetup luksFormat /dev/sda2" - cryptsetup luksOpen /dev/sda2 sda2_crypt || die_error "Cannot cryptsetup luksOpen /dev/sda2" - pvcreate /dev/mapper/sda2_crypt || die_error "Cannot pvcreate the PV on the encrypted blockdevice" - vgcreate cryptpool /dev/mapper/sda2_crypt || die_error "Cannot create the VG an the PV on the encrypted blockdevice" - lvcreate -L 2G -n swap cryptpool && \ - lvcreate -L 500M -n tmp cryptpool && \ - lvcreate -L 10G -n home cryptpool && \ - lvcreate -L 10G -n root cryptpool && \ - lvcreate -L 3G -n var cryptpool || die_error "Could not create at least one of the LV's" - for i in home root tmp var - do - mkdir -p $var_TARGET_DIR/$i - mke2fs -j /dev/cryptpool/$i && mount /dev/cryptpool/$i $var_TARGET_DIR/$i || die_error "Could not format or mount $var_TARGET_DIR/$i" - done - - # TODO: swapon the thing and don't forget to swapoff it in the cleanup part above - # TODO: fstab? auto-add to fstab with libs? auto mkdir's on target_dir? - true -} - -worker_package_list () -{ - $SVN export $SVN_BASE/ddm-configs/$TARGET_HOST/trunk/package-list $var_PKG_FILE || die_error "Could not export package list!" - # cat -> there are newlines in it -> var=`echo $var` -> not anymore :) - TARGET_PACKAGES=`cat $var_PKG_FILE` && TARGET_PACKAGES=`echo $TARGET_PACKAGES` || die_error "Could not cat package list. THIS SHOULD NEVER HAPPEN." - true -} - - -worker_install_packages () -{ - target_prepare_pacman core extra community #TODO: it would be better if this was a separate worker, i think - [ -z "$TARGET_PACKAGES" ] && die_error "No packages listed to be installed!" - installpkg -} - - -worker_configure_home () -{ - #checkout from svn - true -} - - -worker_set_clock () -{ - #timezone="Europe/Brussels" - #Not doing anything. hwclock is set already and configs are coming from svn anyway.. - true -} - - -worker_install_bootloader () -{ - install-grub /dev/sda -} - - -worker_runtime_yaourt () -{ - _yaourt_replace_pacman -} - diff --git a/unofficial/modules/dieter/whatsthis.txt b/unofficial/modules/dieter/whatsthis.txt deleted file mode 100644 index 5c55ca8..0000000 --- a/unofficial/modules/dieter/whatsthis.txt +++ /dev/null @@ -1,2 +0,0 @@ -module with stuff for my (Dieter) own environment. Customized for my needs -(my data and settings are in svn/ddm repositories) \ No newline at end of file -- cgit v1.2.3-54-g00ecf