blob: 9e46c1127183eeee24fac490b89ac219f5bf8080 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
|
#!/bin/bash
# script for installing a Debian Edu Workstation with ITZkS modifications
set -e
# Add user locadm if not already there
if [ -z $"(getent passwd locadm)" ]; then
adduser --gecos "Local Administrator" locadm
adduser locadm sudo
fi
# Enlarge root-fs
if [ -e /dev/vg_system/usr ]; then
lvextend -L 18G /dev/vg_system/usr || true
resize2fs /dev/vg_system/usr
else
lvextend -L 22G /dev/vg_system/root || true
resize2fs /dev/vg_system/root
fi
# Retrieve LDAP CA certificate
invoke-rc.d fetch-ldap-cert start
# Add itzks.list and its contents if file not already there
if [ ! -e "/etc/apt/sources.list.d/itzks.list" ]; then
touch /etc/apt/sources.list.d/itzks.list
echo "deb http://packages.it-zukunft-schule.de/debian stretch main contrib non-free" >> /etc/apt/sources.list.d/itzks.list
echo "deb http://packages.it-zukunft-schule.de/debian stretch-backports main contrib non-free" >> /etc/apt/sources.list.d/itzks.list
fi
# Export proxy-settings for first install
export https_proxy=http://webcache:3128
export http_proxy=http://webcache:3128
export ftp_proxy=http://webcache:3128
# We don't want to use Debian's old redirector service, but the new one...
sed -r -i /etc/apt/sources.list -e "s@http.debian.net@httpredir.debian.org@g"
# Get update and add itzks-keyring and itzks-systems-common package
apt-get update
apt-get install -y --force-yes itzks-keyring && apt-get update && apt-get install -y --force-yes itzks-systems-common && apt-get update
# Install the itzks-systems-workstation package
apt-get install --yes --force-yes ocsinventory-agent
itzks-systems.do_preseed
apt-get install -y --force-yes itzks-systems-workstation
# Install wireless-tools for configuration of WiFi
apt-get install -y --force-yes wireless-tools uuid-runtime
# Install libpacparser1
apt-get install -y --force-yes libpacparser1
# Make sure, we have Oracle's JAVA 8... (and that it is the default that people use)
apt-get install -y --force-yes oracle-java8-bin oracle-java8-jre oracle-java8-plugin
update-java-alternatives --jre --set java-8-oracle
update-java-alternatives --plugin --set java-8-oracle
# Install libdvdcss2 if needed
read -p "Verfügt der Rechner über ein DVD-Laufwerk bzw. sollen DVDs abgespielt werden könnne? (j/n)? " answer
case ${answer:0:1} in
y|Y|j|J )
apt install libdvdcss2
;;
*)
:
;;
esac
####################
# Scripted edit to /etc/network/interfaces when script is run
sed -r -e 's/auto\s+eth[0-9]//' -i /etc/network/interfaces
sed -r -e 's/^(iface\s+eth[0-9]\s+inet\s+dhcp)\s*/#NetworkManager \1/' -i /etc/network/interfaces
####################
# Scripted edit to /etc/default/nfs-common when script is run
sed -e 's/^NEED_GSSD=.*/NEED_GSSD=/' -i /etc/default/nfs-common
####################
# Disable NIS netgroup cache in NSCD, has been buggy in glibc since Debian jessie...
sed -r -i /etc/nscd.conf -e "s/(\s+)enable-cache(\s+)netgroup(\s+)yes/\1enable-cache\2netgroup\3no/"
####################
# Make sure, no USB devices are listed in /etc/fstab
sed -r -i /etc/fstab -e "s@^/dev/usb[0-9]+.*@@g"
# and neither list cdrom / dvdrom drives in /etc/fstab
sed -r -i /etc/fstab -e "s@^/dev/scd[0-9]+.*@@g"
####################
# WiFi-config for NetworkManager
# Write standard config
cat <<EOT > /etc/NetworkManager/system-connections/SSID.in
[connection]
id=@SSID@
uuid=@UUID@
type=wifi
permissions=
timestamp=@TIMESTAMP@
autoconnect=true
[wifi]
mac-address-blacklist=
mode=infrastructure
ssid=@SSID@
[wifi-security]
key-mgmt=wpa-psk
psk=@password@
[ipv4]
dns-search=
method=auto
ignore-auto-routes=false
ignore-auto-dns=false
never-default=false
[ipv6]
method=ignore
EOT
# Generate uuid and timestamp and overwrite in file
UUID=$(uuidgen -t)
sed -i 's/@UUID@/'"$UUID"'/' /etc/NetworkManager/system-connections/SSID.in
TIMESTAMP=$(date +%s )
sed -i 's/@TIMESTAMP@/'"$TIMESTAMP"'/' /etc/NetworkManager/system-connections/SSID.in
# Ask user for SSID and password
echo '! WIFI-Netzwerk hinzufügen'
read -p 'Wie lautet die SSID? ' ssid
sed -i 's/@SSID@/'"$ssid"'/' /etc/NetworkManager/system-connections/SSID.in
read -p 'Wie lautet das zugehörige Passwort? ' passw
sed -i 's/@password@/'"$passw"'/' /etc/NetworkManager/system-connections/SSID.in
mv /etc/NetworkManager/system-connections/SSID.in /etc/NetworkManager/system-connections/"$ssid"
# Set permissions on generated file
chmod go-rwx /etc/NetworkManager/system-connections/"$ssid"
# Write new content for /usr/share/debian-edu-config/tools/wpad-extract.
# Workaround for Debian bug #888829. Probably fixed with debian-edu-config 1.929+deb9u1.
cat <<EOT > /usr/share/debian-edu-config/tools/wpad-extract
#!/bin/bash
#
# Detect proxy URL via WPAD
#
# Author: Wolfgang Schweer
# License: GNU General Public License v2 or later
# This version uses pactester from package libpacparser1.
# Look up one of the www.debian.org IP addresses to avoid hanging on
# DNS if the skolelinux machines are not connected to the Internet.
proxy_url=\$(curl -s http://wpad/wpad.dat | pactester -p - \\
-u http://130.89.148.14 | awk '{print \$2}' | cut -d';' -f1)
echo http_proxy=http://\$proxy_url
EOT
# Run /usr/share/debian-edu-config/tools/update-proxy-from-wpad
/usr/share/debian-edu-config/tools/update-proxy-from-wpad
####################
# Configure Plymouth
apt-get install -y --force-yes plymouth-themes
plymouth-set-default-theme solar
update-initramfs -k all -u
####################
# Install puppet-agent
echo '! Puppet-Agent installieren'
read -p 'Bevor der Puppet-Agent installiert werden kann,
muss der Hostname geändert werden. Es darf kein "lan" im
Namen auftauchen, z.B. statt mw101-lan.intern muss
es mw101.intern heißen. [ENTER]'
# Set hostname
read -p 'Wie lautet der Hostname (ohne Domain)? ' myhost
hostnamectl set-hostname "$myhost"
export HOSTNAME="$myhost"
# To be sure restart the following services
invoke-rc.d rsyslog restart
invoke-rc.d cron restart
# puppet may already be installed from a previous run...
if type -p puppet 1>/dev/null; then
invoke-rc.d puppet restart
fi
# Install and enable puppet-agent on client
echo '! Puppet-Agent wird installiert... '
apt-get install -y --force-yes puppet
echo 'Nun mit ssh auf den tjener wechseln und dort
mit puppet cert --list die am Master angemeldeten
Clients auflisten.
Anschließend mit puppet cert --sign <myhost>.intern
den Puppet-Agent des Clients authorisieren.'
puppet agent --test --waitforcert 7200
puppet agent --enable
echo '! FERTIG
Die Installation
- des Basissystems mit ITZKS-Anpassungen
- des Puppet-Agents
ist abgeschlossen.'
|
