emdete/walkthrough.sh Secret

## walkthrough.sh
#!/bin/sh -e
# see http://docs.linuxmuster.net/de/v7/appendix/install-on-kvm/index.html
# see https://github.com/linuxmuster/linuxmuster-base7/wiki/Ersteinrichtung-der-Appliances#serveropsidocker
# see http://docs.linuxmuster.net/de/v7/getting-started/setup.html#erstkonfiguration-am-server
RELEASE=20190724
TARGET=/dev/cciss/c0d0p2
comment_and_ask() {
	echo -n "$* (Enter oder ^C um abzubrechen)"
	read a
}
export LANG=C
unset VISUAL SELECTED_EDITOR EDITOR
if [ $(id -u) -ne 0 ]; then
	echo "Bitte als 'root' laufen lassen"
	exit 1
fi
if [ ! -f .ssh/id_rsa.pub ]; then
	echo "Use 'ssh-keygen' to create a SSH-Key!"
	exit 2
fi
comment_and_ask LMv7 release $RELEASE wird auf $TARGET installiert:
P="virt-manager libvirt-clients virtinst lvm2 qemu-kvm libvirt-daemon-system"
comment_and_ask Die Pakete $P werden für die Virtualisierung installiert:
apt install -y $P
comment_and_ask Vorbereitung des lvm, wenn keine Volume-Gruppe "host-bg" existiert:
if [ "$(pvdisplay | awk '/VG Name/{print $3}')" != "host-vg" ]; then
	comment_and_ask Das PV wird vorbereitet:
	pvcreate $TARGET
	vgcreate host-vg $TARGET
fi
comment_and_ask Fertige Images können von linuxmuster heruntergeladen werden:
wget -Nc https://download.linuxmuster.net/ova/v7/latest/lmn7-opnsense-${RELEASE}.ova
wget -Nc https://download.linuxmuster.net/ova/v7/latest/lmn7-opnsense-${RELEASE}.ova.sha
shasum -c lmn7-opnsense-${RELEASE}.ova.sha
wget -Nc https://download.linuxmuster.net/ova/v7/latest/lmn7-server-${RELEASE}.ova
wget -Nc https://download.linuxmuster.net/ova/v7/latest/lmn7-server-${RELEASE}.ova.sha
shasum -c lmn7-server-${RELEASE}.ova.sha
comment_and_ask Good old `ifupdown`: Erzeuge die 3 bridges für die Netzwerke:
if ! grep -q source /etc/network/interfaces ; then
	echo "source /etc/network/interfaces.d/*" >> /etc/network/interfaces
fi
cat > /etc/network/interfaces.d/eth0 <<EOF
auto eth0
iface eth0 inet manual
EOF
ifup eth0
cat > /etc/network/interfaces.d/br-dmz <<EOF
auto br-dmz
iface br-dmz inet manual
	bridge_ports none
	bridge_fd 0
	bridge_stp yes
	bridge_maxwait 0
EOF
ifup br-dmz
cat > /etc/network/interfaces.d/br-red <<EOF
auto br-red
iface br-red inet dhcp
	bridge_ports eth0
	bridge_fd 0
	bridge_stp yes
	bridge_maxwait 0
EOF
ifup br-red
cat > /etc/network/interfaces.d/br-server <<EOF
auto br-server
iface br-server inet manual
	bridge_ports eth1
	bridge_fd 0
	bridge_stp yes
	bridge_maxwait 0
EOF
ifup br-server
comment_and_ask Starte das default netzwerk und markiere es zum automatischen Start nach dem booten:
virsh net-start default
virsh net-autostart default
# See https://wiki.debian.org/BridgeNetworkConnections
#ip -br addr list | check_for_all_needed_bridges
#brctl show
comment_and_ask Erzeuge die firewall:
virt-convert lmn7-opnsense-${RELEASE}.ova
virsh shutdown lmn7-opnsense-${RELEASE}.ovf
sleep 3
virsh domrename lmn7-opnsense-${RELEASE}.ovf lmn7-opnsense
SIZE=$( qemu-img info /var/lib/libvirt/images/lmn7-opnsense-${RELEASE}-disk001.raw | awk '/^virtual size: /{print $4}'|tr -d \( )
lvcreate -L ${SIZE}b -n opnsense host-vg
qemu-img convert -O raw /var/lib/libvirt/images/lmn7-opnsense-${RELEASE}-disk001.raw /dev/host-vg/opnsense
rm /var/lib/libvirt/images/lmn7-opnsense-${RELEASE}-disk001.raw
TEMPSCRIPT=`tempfile`
TEMPFILE=`tempfile`
cat > $TEMPSCRIPT <<EOF
#!/bin/sh -e
cat \$1 |
	#<disk type='block' device='disk'>
xmlstarlet ed -d '//domain/devices/disk[1]/@type' |
xmlstarlet ed -i '//domain/devices/disk[1]' -t attr -n type -v block |
		#<source dev='/dev/host-vg/opnsense'/>
xmlstarlet ed -d '//domain/devices/disk[1]/source/@file' |
xmlstarlet ed -i '//domain/devices/disk[1]/source' -t attr -n dev -v /dev/host-vg/opnsense |
		#<target dev='vda' bus='virtio'/>
xmlstarlet ed -d '//domain/devices/disk[1]/target/@dev' |
xmlstarlet ed -i '//domain/devices/disk[1]/target' -t attr -n dev -v vda |
xmlstarlet ed -d '//domain/devices/disk[1]/target/@bus' |
xmlstarlet ed -i '//domain/devices/disk[1]/target' -t attr -n bus -v virtio |
		#<address .../> <-- löschen
xmlstarlet ed -d '//domain/devices/disk[1]/address' |
	#<interface type='bridge'>
xmlstarlet ed -d '//domain/devices/interface[1]/@type' |
xmlstarlet ed -i '//domain/devices/interface[1]' -t attr -n type -v bridge |
		#<source bridge='br-server'/>
xmlstarlet ed -d '//domain/devices/interface[1]/source/@network' |
xmlstarlet ed -i '//domain/devices/interface[1]/source' -t attr -n bridge -v br-server |
	#<interface type='bridge'>
xmlstarlet ed -d '//domain/devices/interface[2]/@type' |
xmlstarlet ed -i '//domain/devices/interface[2]' -t attr -n type -v bridge |
		#<source bridge='br-red'/>
xmlstarlet ed -d '//domain/devices/interface[2]/source/@network' |
xmlstarlet ed -i '//domain/devices/interface[2]/source' -t attr -n bridge -v br-red |
	#<interface type='bridge'>
xmlstarlet ed -d '//domain/devices/interface[3]/@type' |
xmlstarlet ed -i '//domain/devices/interface[3]' -t attr -n type -v bridge |
		#<source bridge='br-dmz'/>
xmlstarlet ed -d '//domain/devices/interface[3]/source/@network' |
xmlstarlet ed -i '//domain/devices/interface[3]/source' -t attr -n bridge -v br-dmz |
cat > $TEMPFILE
mv $TEMPFILE \$1
EOF
chmod +x $TEMPSCRIPT
EDITOR=$TEMPSCRIPT virsh edit lmn7-opnsense
rm $TEMPSCRIPT $TEMPFILE
virsh autostart lmn7-opnsense
virsh start lmn7-opnsense
#virsh console lmn7-opnsense
echo "Benutze Passwort 'Muster!' um den SSH-Public-Key auf die Firewall zu kopieren"
ssh-copy-id 10.0.0.254
# Befehle innerhalb der VM: Netz Zuordnung!
comment_and_ask Erzeuge den Linuxmuster-Server:
virt-convert lmn7-server-${RELEASE}.ova
virsh shutdown lmn7-server-${RELEASE}.ovf
sleep 3
virsh domrename lmn7-server-${RELEASE}.ovf lmn7-server
SIZE=$( qemu-img info /var/lib/libvirt/images/lmn7-server-${RELEASE}-disk001.raw | awk '/^virtual size: /{print $4}'|tr -d \( )
lvcreate -L ${SIZE}b -n serverroot host-vg
qemu-img convert -O raw /var/lib/libvirt/images/lmn7-server-${RELEASE}-disk001.raw /dev/host-vg/serverroot
rm /var/lib/libvirt/images/lmn7-server-${RELEASE}-disk001.raw
SIZE=$( qemu-img info /var/lib/libvirt/images/lmn7-server-${RELEASE}-disk002.raw | awk '/^virtual size: /{print $4}'|tr -d \( )
lvcreate -L ${SIZE}b -n serverdata host-vg
qemu-img convert -O raw /var/lib/libvirt/images/lmn7-server-${RELEASE}-disk002.raw /dev/host-vg/serverdata
rm /var/lib/libvirt/images/lmn7-server-${RELEASE}-disk002.raw
TEMPSCRIPT=`tempfile`
TEMPFILE=`tempfile`
cat > $TEMPSCRIPT <<EOF
#!/bin/sh -e
cat \$1 |
	#<disk type='block' device='disk'>
xmlstarlet ed -d '//domain/devices/disk[1]/@type' |
xmlstarlet ed -i '//domain/devices/disk[1]' -t attr -n type -v block |
	#<source dev='/dev/host-vg/serverroot'/>
xmlstarlet ed -d '//domain/devices/disk[1]/source/@file' |
xmlstarlet ed -i '//domain/devices/disk[1]/source' -t attr -n dev -v /dev/host-vg/serverroot |
	#<target dev='vda' bus='virtio'/>
xmlstarlet ed -d '//domain/devices/disk[1]/target/@dev' |
xmlstarlet ed -i '//domain/devices/disk[1]/target' -t attr -n dev -v vda |
xmlstarlet ed -d '//domain/devices/disk[1]/target/@bus' |
xmlstarlet ed -i '//domain/devices/disk[1]/target' -t attr -n bus -v virtio |
	#<address .../> <-- löschen
xmlstarlet ed -d '//domain/devices/disk[1]/address' |
	#<disk type='block' device='disk'>
xmlstarlet ed -d '//domain/devices/disk[2]/@type' |
xmlstarlet ed -i '//domain/devices/disk[2]' -t attr -n type -v block |
	#<source dev='/dev/host-vg/serverdata'/>
xmlstarlet ed -d '//domain/devices/disk[2]/source/@file' |
xmlstarlet ed -i '//domain/devices/disk[2]/source' -t attr -n dev -v /dev/host-vg/serverdata |
	#<target dev='vdb' bus='virtio'/>
xmlstarlet ed -d '//domain/devices/disk[2]/target/@dev' |
xmlstarlet ed -i '//domain/devices/disk[2]/target' -t attr -n dev -v vdb |
xmlstarlet ed -d '//domain/devices/disk[2]/target/@bus' |
xmlstarlet ed -i '//domain/devices/disk[2]/target' -t attr -n bus -v virtio |
	#<address .../> <-- löschen
xmlstarlet ed -d '//domain/devices/disk[2]/address' |
	#<interface type='bridge'>
xmlstarlet ed -d '//domain/devices/interface[1]/@type' |
xmlstarlet ed -i '//domain/devices/interface[1]' -t attr -n type -v bridge |
	#<source bridge='br-server'/>
xmlstarlet ed -d '//domain/devices/interface[1]/source/@network' |
xmlstarlet ed -i '//domain/devices/interface[1]/source' -t attr -n bridge -v br-server |
cat > $TEMPFILE
mv $TEMPFILE \$1
EOF
chmod +x $TEMPSCRIPT
EDITOR=$TEMPSCRIPT virsh edit lmn7-server
virsh autostart lmn7-server
virsh start lmn7-server
#virsh console lmn7-server
echo "Benutze Passwort 'Muster!' um den SSH-Public-Key auf den Server zu kopieren"
ssh-copy-id 10.0.0.1
ssh 10.0.0.1 apt purge cloud-init unattended-upgrades
ssh 10.0.0.1 linuxmuster-prepare -s -u -d schule.lan
ssh 10.0.0.1 linuxmuster-client download -c bionic
ssh 10.0.0.1 apt update
ssh 10.0.0.1 apt -y dist-upgrade
ssh 10.0.0.1 linuxmuster-setup --location=Steyerberg --schoolname="Freie Schule Mittelweser" --country=de --state=NI
comment_and_ask Installation beended, nun müssen die VMs konfiguriert werden.
	#!/bin/sh -e
	# see http://docs.linuxmuster.net/de/v7/appendix/install-on-kvm/index.html
	# see https://github.com/linuxmuster/linuxmuster-base7/wiki/Ersteinrichtung-der-Appliances#serveropsidocker
	# see http://docs.linuxmuster.net/de/v7/getting-started/setup.html#erstkonfiguration-am-server
	RELEASE=20190724
	TARGET=/dev/cciss/c0d0p2
	comment_and_ask() {
	echo -n "$* (Enter oder ^C um abzubrechen)"
	read a
	}
	export LANG=C
	unset VISUAL SELECTED_EDITOR EDITOR
	if [ $(id -u) -ne 0 ]; then
	echo "Bitte als 'root' laufen lassen"
	exit 1
	fi
	if [ ! -f .ssh/id_rsa.pub ]; then
	echo "Use 'ssh-keygen' to create a SSH-Key!"
	exit 2
	fi
	comment_and_ask LMv7 release $RELEASE wird auf $TARGET installiert:
	P="virt-manager libvirt-clients virtinst lvm2 qemu-kvm libvirt-daemon-system"
	comment_and_ask Die Pakete $P werden für die Virtualisierung installiert:
	apt install -y $P
	comment_and_ask Vorbereitung des lvm, wenn keine Volume-Gruppe "host-bg" existiert:
	if [ "$(pvdisplay \| awk '/VG Name/{print $3}')" != "host-vg" ]; then
	comment_and_ask Das PV wird vorbereitet:
	pvcreate $TARGET
	vgcreate host-vg $TARGET
	fi
	comment_and_ask Fertige Images können von linuxmuster heruntergeladen werden:
	wget -Nc https://download.linuxmuster.net/ova/v7/latest/lmn7-opnsense-${RELEASE}.ova
	wget -Nc https://download.linuxmuster.net/ova/v7/latest/lmn7-opnsense-${RELEASE}.ova.sha
	shasum -c lmn7-opnsense-${RELEASE}.ova.sha
	wget -Nc https://download.linuxmuster.net/ova/v7/latest/lmn7-server-${RELEASE}.ova
	wget -Nc https://download.linuxmuster.net/ova/v7/latest/lmn7-server-${RELEASE}.ova.sha
	shasum -c lmn7-server-${RELEASE}.ova.sha
	comment_and_ask Good old `ifupdown`: Erzeuge die 3 bridges für die Netzwerke:
	if ! grep -q source /etc/network/interfaces ; then
	echo "source /etc/network/interfaces.d/*" >> /etc/network/interfaces
	fi
	cat > /etc/network/interfaces.d/eth0 <<EOF
	auto eth0
	iface eth0 inet manual
	EOF
	ifup eth0
	cat > /etc/network/interfaces.d/br-dmz <<EOF
	auto br-dmz
	iface br-dmz inet manual
	bridge_ports none
	bridge_fd 0
	bridge_stp yes
	bridge_maxwait 0
	EOF
	ifup br-dmz
	cat > /etc/network/interfaces.d/br-red <<EOF
	auto br-red
	iface br-red inet dhcp
	bridge_ports eth0
	bridge_fd 0
	bridge_stp yes
	bridge_maxwait 0
	EOF
	ifup br-red
	cat > /etc/network/interfaces.d/br-server <<EOF
	auto br-server
	iface br-server inet manual
	bridge_ports eth1
	bridge_fd 0
	bridge_stp yes
	bridge_maxwait 0
	EOF
	ifup br-server
	comment_and_ask Starte das default netzwerk und markiere es zum automatischen Start nach dem booten:
	virsh net-start default
	virsh net-autostart default
	# See https://wiki.debian.org/BridgeNetworkConnections
	#ip -br addr list \| check_for_all_needed_bridges
	#brctl show
	comment_and_ask Erzeuge die firewall:
	virt-convert lmn7-opnsense-${RELEASE}.ova
	virsh shutdown lmn7-opnsense-${RELEASE}.ovf
	sleep 3
	virsh domrename lmn7-opnsense-${RELEASE}.ovf lmn7-opnsense
	SIZE=$( qemu-img info /var/lib/libvirt/images/lmn7-opnsense-${RELEASE}-disk001.raw \| awk '/^virtual size: /{print $4}'\|tr -d \( )
	lvcreate -L ${SIZE}b -n opnsense host-vg
	qemu-img convert -O raw /var/lib/libvirt/images/lmn7-opnsense-${RELEASE}-disk001.raw /dev/host-vg/opnsense
	rm /var/lib/libvirt/images/lmn7-opnsense-${RELEASE}-disk001.raw
	TEMPSCRIPT=`tempfile`
	TEMPFILE=`tempfile`
	cat > $TEMPSCRIPT <<EOF
	#!/bin/sh -e
	cat \$1 \|
	#<disk type='block' device='disk'>
	xmlstarlet ed -d '//domain/devices/disk[1]/@type' \|
	xmlstarlet ed -i '//domain/devices/disk[1]' -t attr -n type -v block \|
	#<source dev='/dev/host-vg/opnsense'/>
	xmlstarlet ed -d '//domain/devices/disk[1]/source/@file' \|
	xmlstarlet ed -i '//domain/devices/disk[1]/source' -t attr -n dev -v /dev/host-vg/opnsense \|
	#<target dev='vda' bus='virtio'/>
	xmlstarlet ed -d '//domain/devices/disk[1]/target/@dev' \|
	xmlstarlet ed -i '//domain/devices/disk[1]/target' -t attr -n dev -v vda \|
	xmlstarlet ed -d '//domain/devices/disk[1]/target/@bus' \|
	xmlstarlet ed -i '//domain/devices/disk[1]/target' -t attr -n bus -v virtio \|
	#<address .../> <-- löschen
	xmlstarlet ed -d '//domain/devices/disk[1]/address' \|
	#<interface type='bridge'>
	xmlstarlet ed -d '//domain/devices/interface[1]/@type' \|
	xmlstarlet ed -i '//domain/devices/interface[1]' -t attr -n type -v bridge \|
	#<source bridge='br-server'/>
	xmlstarlet ed -d '//domain/devices/interface[1]/source/@network' \|
	xmlstarlet ed -i '//domain/devices/interface[1]/source' -t attr -n bridge -v br-server \|
	#<interface type='bridge'>
	xmlstarlet ed -d '//domain/devices/interface[2]/@type' \|
	xmlstarlet ed -i '//domain/devices/interface[2]' -t attr -n type -v bridge \|
	#<source bridge='br-red'/>
	xmlstarlet ed -d '//domain/devices/interface[2]/source/@network' \|
	xmlstarlet ed -i '//domain/devices/interface[2]/source' -t attr -n bridge -v br-red \|
	#<interface type='bridge'>
	xmlstarlet ed -d '//domain/devices/interface[3]/@type' \|
	xmlstarlet ed -i '//domain/devices/interface[3]' -t attr -n type -v bridge \|
	#<source bridge='br-dmz'/>
	xmlstarlet ed -d '//domain/devices/interface[3]/source/@network' \|
	xmlstarlet ed -i '//domain/devices/interface[3]/source' -t attr -n bridge -v br-dmz \|
	cat > $TEMPFILE
	mv $TEMPFILE \$1
	EOF
	chmod +x $TEMPSCRIPT
	EDITOR=$TEMPSCRIPT virsh edit lmn7-opnsense
	rm $TEMPSCRIPT $TEMPFILE
	virsh autostart lmn7-opnsense
	virsh start lmn7-opnsense
	#virsh console lmn7-opnsense
	echo "Benutze Passwort 'Muster!' um den SSH-Public-Key auf die Firewall zu kopieren"
	ssh-copy-id 10.0.0.254
	# Befehle innerhalb der VM: Netz Zuordnung!
	comment_and_ask Erzeuge den Linuxmuster-Server:
	virt-convert lmn7-server-${RELEASE}.ova
	virsh shutdown lmn7-server-${RELEASE}.ovf
	sleep 3
	virsh domrename lmn7-server-${RELEASE}.ovf lmn7-server
	SIZE=$( qemu-img info /var/lib/libvirt/images/lmn7-server-${RELEASE}-disk001.raw \| awk '/^virtual size: /{print $4}'\|tr -d \( )
	lvcreate -L ${SIZE}b -n serverroot host-vg
	qemu-img convert -O raw /var/lib/libvirt/images/lmn7-server-${RELEASE}-disk001.raw /dev/host-vg/serverroot
	rm /var/lib/libvirt/images/lmn7-server-${RELEASE}-disk001.raw
	SIZE=$( qemu-img info /var/lib/libvirt/images/lmn7-server-${RELEASE}-disk002.raw \| awk '/^virtual size: /{print $4}'\|tr -d \( )
	lvcreate -L ${SIZE}b -n serverdata host-vg
	qemu-img convert -O raw /var/lib/libvirt/images/lmn7-server-${RELEASE}-disk002.raw /dev/host-vg/serverdata
	rm /var/lib/libvirt/images/lmn7-server-${RELEASE}-disk002.raw
	TEMPSCRIPT=`tempfile`
	TEMPFILE=`tempfile`
	cat > $TEMPSCRIPT <<EOF
	#!/bin/sh -e
	cat \$1 \|
	#<disk type='block' device='disk'>
	xmlstarlet ed -d '//domain/devices/disk[1]/@type' \|
	xmlstarlet ed -i '//domain/devices/disk[1]' -t attr -n type -v block \|
	#<source dev='/dev/host-vg/serverroot'/>
	xmlstarlet ed -d '//domain/devices/disk[1]/source/@file' \|
	xmlstarlet ed -i '//domain/devices/disk[1]/source' -t attr -n dev -v /dev/host-vg/serverroot \|
	#<target dev='vda' bus='virtio'/>
	xmlstarlet ed -d '//domain/devices/disk[1]/target/@dev' \|
	xmlstarlet ed -i '//domain/devices/disk[1]/target' -t attr -n dev -v vda \|
	xmlstarlet ed -d '//domain/devices/disk[1]/target/@bus' \|
	xmlstarlet ed -i '//domain/devices/disk[1]/target' -t attr -n bus -v virtio \|
	#<address .../> <-- löschen
	xmlstarlet ed -d '//domain/devices/disk[1]/address' \|
	#<disk type='block' device='disk'>
	xmlstarlet ed -d '//domain/devices/disk[2]/@type' \|
	xmlstarlet ed -i '//domain/devices/disk[2]' -t attr -n type -v block \|
	#<source dev='/dev/host-vg/serverdata'/>
	xmlstarlet ed -d '//domain/devices/disk[2]/source/@file' \|
	xmlstarlet ed -i '//domain/devices/disk[2]/source' -t attr -n dev -v /dev/host-vg/serverdata \|
	#<target dev='vdb' bus='virtio'/>
	xmlstarlet ed -d '//domain/devices/disk[2]/target/@dev' \|
	xmlstarlet ed -i '//domain/devices/disk[2]/target' -t attr -n dev -v vdb \|
	xmlstarlet ed -d '//domain/devices/disk[2]/target/@bus' \|
	xmlstarlet ed -i '//domain/devices/disk[2]/target' -t attr -n bus -v virtio \|
	#<address .../> <-- löschen
	xmlstarlet ed -d '//domain/devices/disk[2]/address' \|
	#<interface type='bridge'>
	xmlstarlet ed -d '//domain/devices/interface[1]/@type' \|
	xmlstarlet ed -i '//domain/devices/interface[1]' -t attr -n type -v bridge \|
	#<source bridge='br-server'/>
	xmlstarlet ed -d '//domain/devices/interface[1]/source/@network' \|
	xmlstarlet ed -i '//domain/devices/interface[1]/source' -t attr -n bridge -v br-server \|
	cat > $TEMPFILE
	mv $TEMPFILE \$1
	EOF
	chmod +x $TEMPSCRIPT
	EDITOR=$TEMPSCRIPT virsh edit lmn7-server
	virsh autostart lmn7-server
	virsh start lmn7-server
	#virsh console lmn7-server
	echo "Benutze Passwort 'Muster!' um den SSH-Public-Key auf den Server zu kopieren"
	ssh-copy-id 10.0.0.1
	ssh 10.0.0.1 apt purge cloud-init unattended-upgrades
	ssh 10.0.0.1 linuxmuster-prepare -s -u -d schule.lan
	ssh 10.0.0.1 linuxmuster-client download -c bionic
	ssh 10.0.0.1 apt update
	ssh 10.0.0.1 apt -y dist-upgrade
	ssh 10.0.0.1 linuxmuster-setup --location=Steyerberg --schoolname="Freie Schule Mittelweser" --country=de --state=NI
	comment_and_ask Installation beended, nun müssen die VMs konfiguriert werden.