blob: 071a24a5b2c8592adf6f30c7079b3ecbff7a6cf4 (
plain)
| 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
 | #!/bin/bash
# script for installing a Debian Edu Workstation with ITZkS modifications
set -e
# Add user locadm if not already there
if [ -z $"(getent passwd locadm)" ]; then
	adduser --gecos "Local Administrator" locadm
	adduser locadm sudo
fi
# Enlarge root-fs
if [ -e /dev/vg_system/usr ]; then
	lvextend -L 18G /dev/vg_system/usr
	resize2fs /dev/vg_system/usr
else
	lvextend -L 22G /dev/vg_system/root
	resize2fs /dev/vg_system/root
fi
# Retrieve LDAP CA certificate
invoke-rc.d fetch-ldap-cert start
# Add itzks.list and its contents if file not already there
if [ ! -e "/etc/apt/sources.list.d/itzks.list" ]; then
	touch /etc/apt/sources.list.d/itzks.list
	echo "deb http://packages.it-zukunft-schule.de/debian stretch main contrib non-free" >> /etc/apt/sources.list.d/itzks.list
	echo "deb http://packages.it-zukunft-schule.de/debian stretch-backports main contrib non-free" >> /etc/apt/sources.list.d/itzks.list
fi
# Export proxy-settings for first install
export https_proxy=http://webcache:3128
export http_proxy=http://webcache:3128
export ftp_proxy=http://webcache:3128
# Get update and add itzks-keyring and itzks-systems-common package
apt-get update
apt-get install itzks-keyring  && apt-get update && apt-get install itzks-systems-common && apt-get update
# Install the itzks-systems-workstation package
apt-get install --yes --force-yes ocsinventory-agent
itzks-systems.do_preseed
apt-get install itzks-systems-workstation
# Install wireless-tools for configuration of WiFi
apt-get install wireless-tools uuid-runtime
# Alternate install libdvdcss2 if needed
read -p "Verfügt der Rechner über ein DVD-Laufwerk bzw. sollen DVDs abgespielt werden könnne? (j/n)? " answer
case ${answer:0:1} in
	y|Y|j|J )
		apt install libdvdcss2
	;;
	*)
		:
	;;
esac
####################
# FIXME: this should be scripted; manage with puppet instead
#read -p '''!   Änderung in Network-Interfaces
#Ändere die bestehenden Einträge für eth0 auf
#
#   #NetworkManager iface eth0 inet dhcp
#
#Starte nun den Editor mit [Enter]
#'''
#editor /etc/network/interfaces
# Alternate: scripted edit to /etc/network/interfaces when script is run
sed -i 's/auto eth0//' /etc/network/interfaces
sed -i 's/iface eth0 inet dhcp/#NetworkManager iface eth0 inet dhcp/' /etc/network/interfaces
####################
# FIXME: this should be scripted; manage with puppet instead
#read -p '''!   Änderung in NFS-Common
#Ändere die Datei /etc/default/nfs-common am Ende:
#   NEED_GSSD= (leer lassen)
#Starte nun den Editor mit [Enter]
#'''
#editor /etc/default/nfs-common
# Alternate: scripted edit to /etc/default/nfs-common when script is run
sed -i 's/NEED_GSSD=.*/NEED_GSSD=/' /etc/default/nfs-common
####################
# Add system-wide WiFi-config
# echo '!   WIFI-Netzwerk hinzufügen'
# read -p 'Wie lautet die SSID? ' ssid
# read -p 'Wie lautet das zugehörige Passwort? ' passw
# export WIFIDEV=wlan0
# wpa_passphrase $ssid $passw >> /etc/wpa_supplicant/wpa_supplicant-$WIFIDEV.conf
# Alternate: Check for WiFi-Interface before asking for SSID and PW
#FOUND=`iwconfig | grep "IEE 802.11"`
#WIFIDEV=$(echo "$FOUND" | awk '{print $1}')
# FIXME: this works for systemd-networkd, but not for NetworkManager
#if  [ -n "$FOUND" ]; then
#	export WIFIDEV
#	# Add system-wide WiFi-config
#	echo '!   WIFI-Netzwerk hinzufügen'
#	read -p 'Wie lautet die SSID? ' ssid
#	read -p 'Wie lautet das zugehörige Passwort? ' passw
#	wpa_passphrase $ssid $passw >> /etc/wpa_supplicant/wpa_supplicant-$WIFIDEV.conf
#fi
# Alternate WiFi-config for NetworkManager
# Write standard config
touch /etc/NetworkManager/system-connections/BLANK
cat <<EOT >> /etc/NetworkManager/system-connections/BLANK
[connection]
id=@SSID@
uuid=@UUID@
type=wifi
permissions=
timestamp=@TIMESTAMP@
autoconnect=true
[wifi]
mac-address-blacklist=
mode=infrastructure
ssid=@SSID@
[wifi-security]
key-mgmt=wpa-psk
psk=@password@
[ipv4]
dns-search=
method=auto
ignore-auto-routes=false
ignore-auto-dns=false
never-default=false
[ipv6]
method=ignore
EOT
# Generate uuid and timestamp and overwrite in file
UUID=$(uuidgen -t)
sed -i 's/@UUID@/'"$UUID"'/' /etc/NetworkManager/system-connections/BLANK
TIMESTAMP=$(date +%s )
sed -i 's/@TIMESTAMP@/'"$TIMESTAMP"'/' /etc/NetworkManager/system-connections/BLANK
# Ask user for SSID and password
echo '!   WIFI-Netzwerk hinzufügen'
read -p 'Wie lautet die SSID? ' ssid
sed -i 's/@SSID@/'"$ssid"'/' /etc/NetworkManager/system-connections/BLANK
# sed -i 's/id=<SSID>/id='"$ssid"'/' /etc/NetworkManager/system-connections/BLANK
read -p 'Wie lautet das zugehörige Passwort? ' passw
sed -i 's/@password@/'"$passw"'/' /etc/NetworkManager/system-connections/BLANK
mv /etc/NetworkManager/system-connections/BLANK /etc/NetworkManager/system-connections/"$ssid"
# Set permissions on generated file
chmod go-rwx /etc/NetworkManager/system-connections/"$ssid"
####################
# Install puppet-agent
echo '!   Puppet-Agent installieren'
read -p '''Bevor der Puppet-Agent installiert werden kann,
muss der Hostname geändert werden. Es darf kein "lan" im
Namen auftauchen, z.B. statt mw101-lan.intern muss
es mw101.intern heißen. [ENTER] '''
# Set hostname
read -p 'Wie lautet der Hostname (ohne Domain)? ' myhost
hostnamectl set-hostname $myhost
export HOSTNAME="$myhost"
# To be sure restart the following services
invoke-rc.d rsyslog restart
invoke-rc.d cron restart
invoke-rc.d puppet restart
# Install and enable puppet-agent on client
echo '!   Puppet-Agent wird installiert... '
apt-get install puppet
puppet agent --test --waitforcert 7200
puppet agent --enable
read -p '''Nun mit ssh auf den tjener wechseln und dort
mit   puppet cert --list   die am Master angemeldeten
Clients auflisten.
Anschließend mit   puppet cert --sign <myhost>.intern
den Puppet-Agent des Clients authorisieren. [ENTER] '''
# ssh tjener
echo '''!   FERTIG
Die Installation 
  - des Basissystems mit ITZKS-Anpassungen
  - des Puppet-Agents
ist abgeschlossen.'''
 |