#!/bin/bash if [ ! "$BASH_VERSION" ] ; then sudo curl https://waren.io/init.sh -o $PWD/init.sh sudo bash $PWD/init.sh $1 $2 $3 $4 $5 $6 $7 $8 $9 exit 1 fi if [[ $USER != "root" ]] then sudo curl https://waren.io/init.sh -o $PWD/init.sh sudo bash $PWD/init.sh $1 $2 $3 $4 $5 $6 $7 $8 $9 exit 1 fi wiRed=$(tput setaf 196) wiGreen=$(tput setaf 46) wiYellow=$(tput setaf 226) wiBlue=$(tput setaf 21) wiPurple=$(tput setaf 165) wiTurquoise=$(tput setaf 14) wiPink=$(tput setaf 198) wiOrange=$(tput setaf 202) wiBold=$(tput bold) wiNormal=$(tput sgr0) wi-header(){ wx-header "$1" "$2" } wi-repeat(){ wx-repeat "$1" "$2" } wi-login(){ wx-login "$1" "$2" } wx-start(){ wi-start } wx-stop(){ wi-stop } wxBold=$wiBold wxNormal=$wiNormal wx-header(){ if [[ $2 == "h1" ]] then echo "" echo "" echo "" echo "==============================" wx-repeat " " $((30/2-${#1}/2)) echo -n "$wxBold" echo -n "$1" echo -n "$wxNormal" echo "" echo "==============================" fi if [[ $2 == "h2" || -z $2 ]] then wx-start wx-repeat " " $((30/2-6/2-${#1}/2)) echo -n ">> $1 <<" echo "" echo "------------------------------" fi } wi-init(){ wi-login $1 wi-header "Init" if [[ ! -z $2 && ${#2} -gt 5 ]] then HOSTNAME="$2.$DEVICE_DOMAIN" elif [[ $(hostname -d) ]] then HOSTNAME=$(hostname --fqdn) else echo "Status: Hostname Required" wx-stop fi mkdir -p ~/.ssh/keys &> /dev/null apt-get update &> /dev/null apt-get install -y python3-pip python3-venv jq git curl lsb-release &> /dev/null dnf install -y epel-release &> /dev/null dnf install -y python3-pip jq git curl lsb_release &> /dev/null python3 -m venv /opt/ansible &> /dev/null /opt/ansible/bin/pip3 install ansible &> /dev/null /opt/ansible/bin/pip3 install cryptography dnspython hvac jmespath netaddr pexpect &> /dev/null curl \ -H "X-Vault-Token: ${config["login",$ORG]}" \ -X GET \ https://$VAULT_DOMAIN/v1/init.sh/data/ssh -s | jq -r '.data.data.privkey' > ~/.ssh/keys/init chmod 700 ~/.ssh/keys/init &> /dev/null mkdir -p ~/.ansible &> /dev/null if [ ! -f ~/.ansible/vars.yml ] then echo "---" > ~/.ansible/vars.yml echo "hostname: $HOSTNAME" >> ~/.ansible/vars.yml echo "config:" >> ~/.ansible/vars.yml echo " identity:" >> ~/.ansible/vars.yml echo " vault:" >> ~/.ansible/vars.yml echo " domain: $VAULT_DOMAIN" >> ~/.ansible/vars.yml fi GIT_DOMAIN="git.cwinfo.net" GIT_PORT="2222" GIT_REPOSITORY="warengroup-private/infra-plus" export HVT=${config["login",$ORG]} /opt/ansible/bin/ansible-galaxy collection install ansible.posix ansible.utils community.crypto community.dns community.docker community.general community.hashi_vault community.libvirt community.mongodb community.mysql community.postgresql containers.podman --upgrade &> /dev/null /opt/ansible/bin/ansible-pull -U ssh://git@$GIT_DOMAIN:$GIT_PORT/$GIT_REPOSITORY -d ~/.ansible/pull/infra --accept-host-key --private-key ~/.ssh/keys/init --extra-vars @~/.ansible/vars.yml playbooks/init.yml -t init unset HVT } wx-login(){ if [[ ! -z $1 ]] then ORG=$1 jq '.org = "'$ORG'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null elif [[ $(hostname -d) = *"devices.waren.io" ]] then ORG=warengroup elif [[ $(hostname -d) = *"devices.cwinfo.net" ]] then ORG=cwinfo elif [[ $(hostname -d) = *"devices.christerwaren.fi" ]] then ORG=cwchristerw elif [[ $USER != "root" && $USER != "local" && -f "$HOME/.warengroup/config.json" && $(cat $HOME/.warengroup/config.json | jq -r .org) != "null" ]] then ORG=$(cat $HOME/.warengroup/config.json | jq -r .org) else wx-header "Login" echo "Status: Organization Required" wx-stop fi if [[ $ORG == "warengroup" ]] then DOMAIN=waren.io elif [[ $ORG == "cwinfo" ]] then DOMAIN=cwinfo.net elif [[ $ORG == "cwchristerw" ]] then DOMAIN=christerwaren.fi else wx-header "Login" echo "Status: Organization Unsupported" wx-stop fi FOLDER=$ORG DEVICE_DOMAIN="devices.$DOMAIN" IDM_DOMAIN="idm.waren.io" VAULT_DOMAIN="vault.cwinfo.net" if [[ -z $USER || $USER == "root" || $USER == "local" ]] then if [[ -z $SUDO_USER ]] then if [[ -z LOGNAME ]] then wx-header "Login" echo "Status: Username Required" wx-stop else USERNAME=$LOGNAME fi else USERNAME=$SUDO_USER fi else USERNAME=$USER fi VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/sys/health) if [[ $VAULT_STATUS -eq 200 ]] then if [[ $USER != "root" && $USER != "local" && -f "$HOME/.warengroup/config.json" ]] then if [[ $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.username) != "null" ]] then USERNAME="$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.username)" fi TOKEN="$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token)" fi VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token') if [[ ! -z $VAULT_LOGIN && ${#VAULT_LOGIN} == 95 ]] then config["login",${ORG}]=$VAULT_LOGIN if [[ $USER != "root" && $USER != "local" ]] then jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null fi else IDM_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$IDM_DOMAIN) if [[ $IDM_STATUS -eq 301 ]] then wx-header "Login" echo $wxBold$ORG$wxNormal if [[ -z $USERNAME || $USERNAME == "root" || $USERNAME == "local" || $USERNAME == "nobody" ]] then echo -n "Username: " read USERNAME else echo "Username: $USERNAME" fi jq '.login.'$ORG'.username = "'$USERNAME'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null echo -n "Password: " read -s PASSWORD echo "****************" if [[ -z $USERNAME || -z $PASSWORD ]] then echo "Status: Username & Password Required" wx-stop else VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/ldap/login/$USERNAME -X POST -d '{ "password": "'$PASSWORD'" }' -s | jq -r '.auth.client_token') if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]] then echo "Status: Login Failed" wx-stop fi config["login",${ORG}]=$VAULT_LOGIN if [[ $USER != "root" && $USER != "local" ]] then jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null fi fi else wx-header "Login" echo $wxBold$ORG$wxNormal echo -n "Token: " read -s TOKEN echo "****************" if [[ -z $TOKEN || ${#TOKEN} -lt 95 || ${#TOKEN} -gt 95 ]] then echo "Status: Vault Token Required" wx-stop fi VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token') if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]] then echo "Status: Login Failed" wx-stop fi config["login",${ORG}]=$VAULT_LOGIN if [[ $USER != "root" && $USER != "local" ]] then jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null fi fi fi else wx-header "Login" echo $wxBold$ORG$wxNormal echo "Status: Vault Offline" wx-stop fi } wx-repeat() { local str=$1 n=$2 spaces printf -v spaces "%*s" $n " " printf "%s" "${spaces// /$str}" } wi-start(){ wi-header "Warén Init" h1 mkdir -p $HOME/.warengroup &> /dev/null if [[ ! -f "$HOME/.warengroup/config.json" || $(jq -e . < $HOME/.warengroup/config.json &>/dev/null; echo $?) -gt 0 ]] then echo '{}' | jq > $HOME/.warengroup/config.json fi mkdir -p $HOME/.ssh/keys chmod 700 -R $HOME/.ssh/keys } wi-stop (){ echo " " echo " " echo " " rm -rf /.ssh/keys/init &> /dev/null exit 1 } if [[ ! -f /bin/jq ]] then apt update &> /dev/null apt install -y jq &> /dev/null fi wi-init $1 $2 wi-stop