-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathmakecon.sh
More file actions
executable file
·124 lines (110 loc) · 4.05 KB
/
makecon.sh
File metadata and controls
executable file
·124 lines (110 loc) · 4.05 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
#!/bin/bash
set -u
set -e
source base.sh
IP_CORE1=172.16.1.100
IP_CORE2=172.16.1.101
IP_NS1=172.16.1.102
IP_NS2=172.16.1.103
IP_NS3=172.16.1.104
BASTION_IP=172.16.1.71
# Note: base changes director to IMGDIR, so local paths must be
# absolute or relative to IMGDIR
function core {
base "$1" "$2" \
--install "nsd,dnsutils,isc-dhcp-server,python-twisted" \
--install "libcgi-pm-perl,libperl4-corelibs-perl,dhcpdump" \
--run-command "systemctl enable nsd.service" \
--copy-in ../dhcp:/etc \
--copy-in ../3rdparty/dhcpstatus:/usr/local \
--run-command "ln -s /etc/dhcp/dhcpd.conf* /usr/local/dhcpstatus/scripts" \
--move /etc/dhcp/dhcpstatus.py:/usr/local \
--move /etc/dhcp/dhcpstatus.service:/etc/systemd/system \
--run-command "systemctl enable dhcpstatus.service" \
--move /etc/dhcp/dhcpd.conf.${1}:/etc/dhcp/dhcpd.conf \
--run-command "chgrp -R qcadmin /etc/dhcp" \
--run-command "systemctl enable isc-dhcp-server.service" \
--run-command "chmod -R g+w /etc/dhcp" \
--copy-in ../dhcp/isc-dhcp-server.service:/etc/systemd/system \
--run-command 'cat <<EOF > /etc/openntpd/ntpd.conf
servers pool.ntp.org
constraints from "https://www.google.com/"
listen on *
EOF
' \
"${@:3}"
}
function bastion {
base "tehlinux" "$BASTION_IP" \
--install "git,nsd,isc-dhcp-server,unbound" \
--copy-in ../dns/secret.keys:/etc/nsd \
--run-command "git clone https://github.com/Quakecon/dns.git /home/qcadmin/dns" \
--copy /home/qcadmin/dns/scripts/pre-commit:/home/qcadmin/dns/.git/hooks \
--copy /home/qcadmin/dns/scripts/post-commit:/home/qcadmin/dns/.git/hooks \
--run-command "chgrp -R qcadmin /home/qcadmin/dns" \
--run-command "chmod -R g+w /home/qcadmin/dns" \
--run-command "git clone https://github.com/Quakecon/dhcp.git /home/qcadmin/dhcp" \
--copy /home/qcadmin/dhcp/scripts/pre-commit:/home/qcadmin/dhcp/.git/hooks \
--copy /home/qcadmin/dhcp/scripts/post-commit:/home/qcadmin/dhcp/.git/hooks \
--run-command "chgrp -R qcadmin /home/qcadmin/dhcp" \
--run-command "chmod -R g+w /home/qcadmin/dhcp"
}
function core1 {
# DHCP Primary, DNS Master, NTP Server
core core1 $IP_CORE1 \
--copy-in ../dns/secret.keys:/etc/nsd \
--copy-in ../dns/zones:/etc/nsd \
--copy-in ../dns/nsd.conf.master:/etc/nsd \
--move /etc/nsd/nsd.conf.master:/etc/nsd/nsd.conf \
--run-command "chgrp -R qcadmin /etc/nsd" \
--run-command "chmod -R g+w /etc/nsd/zones" \
--run-command "chmod g+w /etc/nsd/nsd.conf" \
--run-command 'echo "servers 172.16.1.101" >> /etc/openntpd/ntpd.conf'
}
function core2 {
# DHCP Secondary, DNS Slave, NTP Server
core core2 $IP_CORE2 \
--copy-in ../dns/secret.keys:/etc/nsd \
--copy-in ../dns/nsd.conf.slave:/etc/nsd \
--move /etc/nsd/nsd.conf.slave:/etc/nsd/nsd.conf \
--mkdir /etc/nsd/zones \
--run-command "chown -R nsd:qcadmin /etc/nsd" \
--run-command "chmod -R g+w /etc/nsd/zones" \
--run-command "chmod g+w /etc/nsd/nsd.conf" \
--run-command 'echo "servers 172.16.1.100" >> /etc/openntpd/ntpd.conf'
}
function recursive_ns {
base $1 $2 \
--install "unbound,git,dnsutils" \
--copy-in ../dns/unbound.conf:/etc/unbound \
--run-command "unbound-control-setup" \
--run-command "chgrp -R qcadmin /etc/unbound" \
--run-command "chmod g+w /etc/unbound/unbound.conf" \
--run-command "systemctl enable unbound.service" \
--run-command 'echo "net.core.rmem_max=4194304" >> /etc/sysctl.conf' \
--run-command 'echo "net.core.wmem_max=4194304" >> /etc/sysctl.conf' \
"${@:3}"
}
function web1 {
base web1 172.16.1.109 \
--size 400G \
--install "rsync" \
--run-command "useradd -m demos -s /bin/bash" \
--ssh-inject demos:file:../demos_rsa.pub \
--run-command 'chown -R demos:demos /home/qcadmin/.ssh' \
--mkdir /home/demos/quakelive \
--mkdir /home/demos/quakeworld
}
if [ $# -eq 0 ]; then
ssh-keygen -N "" -f id_rsa
cat id_rsa.pub authorized_keys.template > authorized_keys
dns/scripts/gen-secret.sh dns/secret.keys.template > dns/secret.keys
core1
core2
recursive_ns ns1 $IP_NS1
recursive_ns ns2 $IP_NS2
recursive_ns ns3 $IP_NS3
bastion
else
$@
fi