teach/adlin
Archived
0
0
Fork 0
Code Issues 1 Pull Requests 4 Releases Activity

New workstations schema

Browse Source
This commit is contained in:
nemunaire 2021-04-01 09:45:55 +02:00
parent 3e3a0e9e37
commit 2bb1da63d6
1 changed files with 95 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

112
tuto3.yml
View File

@ -49,7 +49,6 @@ services:
uts: new uts: new
runtime: runtime:
interfaces: interfaces:
- name: eth1
- name: ethwks-dg1 - name: ethwks-dg1
bindNS: bindNS:
net: /run/netns/wks-dg1 net: /run/netns/wks-dg1
@ -66,6 +65,7 @@ services:
uts: new uts: new
runtime: runtime:
interfaces: interfaces:
- name: eth1
- name: ethwks-rh1 - name: ethwks-rh1
bindNS: bindNS:
net: /run/netns/wks-rh1 net: /run/netns/wks-rh1
@ -117,17 +117,17 @@ services:
- /etc/wshadow:/etc/shadow - /etc/wshadow:/etc/shadow
- /var/lib/adlin/wks-dg1resolv.conf:/etc/resolv.conf - /var/lib/adlin/wks-dg1resolv.conf:/etc/resolv.conf
- name: sshd-wks-rh2 - name: sshd-wks-rh1
image: linuxkit/sshd:v0.8 image: linuxkit/sshd:v0.8
net: /run/netns/wks-rh2 net: /run/netns/wks-rh1
uts: /run/utsns/wks-rh2 uts: /run/utsns/wks-rh1
pid: new pid: new
ipc: new ipc: new
binds: binds:
- /etc/ssh/sshd_config:/etc/ssh/sshd_config - /etc/ssh/sshd_config:/etc/ssh/sshd_config
- /etc/wpasswd:/etc/passwd - /etc/wpasswd:/etc/passwd
- /etc/wshadow:/etc/shadow - /etc/wshadow:/etc/shadow
- /var/lib/adlin/wks-rh2resolv.conf:/etc/resolv.conf - /var/lib/adlin/wks-rh1resolv.conf:/etc/resolv.conf
- name: mainrouter - name: mainrouter
#image: nemunaire/adlin-tuto3:485bb9556ca3bc33e7fee16edd93c05f35eb1455 #image: nemunaire/adlin-tuto3:485bb9556ca3bc33e7fee16edd93c05f35eb1455
@ -279,6 +279,39 @@ services:
binds: binds:
- /etc/dresolv.conf:/etc/resolv.conf - /etc/dresolv.conf:/etc/resolv.conf
# Workstation testers
- name: minichecker-wks-rh2
image: nemunaire/minichecker:a5d37bb2ebed6df0e586184582763eb0cf727b51
net: /run/netns/wks-rh2
pid: new
ipc: new
uts: /run/utsns/wks-rh2
command: ["/bin/minichecker", "-check-interval", "50s", "-target", "https://adlin.nemunai.re"]
binds:
- /var/lib/adlin/wks-rh2resolv.conf:/etc/resolv.conf
- /var/lib/adlin/wireguard/:/etc/wireguard/:ro
- name: minichecker-wks-dg1
image: nemunaire/minichecker:a5d37bb2ebed6df0e586184582763eb0cf727b51
net: /run/netns/wks-dg1
pid: new
ipc: new
uts: /run/utsns/wks-dg1
command: ["/bin/minichecker", "-check-interval", "50s", "-target", "https://adlin.nemunai.re"]
binds:
- /etc/hosts-minichecker:/etc/hosts:ro
- /var/lib/adlin/wks-dg1resolv.conf:/etc/resolv.conf
- /var/lib/adlin/wireguard/:/etc/wireguard/:ro
- name: minichecker-wks-cm1
image: nemunaire/minichecker:a5d37bb2ebed6df0e586184582763eb0cf727b51
net: /run/netns/wks-cm1
pid: new
ipc: new
uts: /run/utsns/wks-cm1
command: ["/bin/minichecker", "-check-interval", "50s", "-target", "https://adlin.nemunai.re"]
binds:
- /etc/hosts-minichecker:/etc/hosts:ro
- /var/lib/adlin/wireguard/:/etc/wireguard/:ro
files: files:
- path: etc/hosts - path: etc/hosts
contents: | contents: |
@ -290,6 +323,20 @@ files:
172.23.42.5 matrix 172.23.42.5 matrix
172.23.42.6 news 172.23.42.6 news
172.23.42.7 web 172.23.42.7 web
82.64.31.248 adlin.nemunai.re
mode: "0444"
- path: etc/hosts-minichecker
contents: |
127.0.0.1 localhost
::1 localhost
172.23.42.2 ns
172.23.42.3 ns-auth
172.23.42.4 db
172.23.42.5 matrix
172.23.42.6 news
172.23.42.7 web
82.64.31.248 adlin.nemunai.re
mode: "0444" mode: "0444"
- path: etc/sysctl.d/adlin.conf - path: etc/sysctl.d/adlin.conf
@ -563,13 +610,6 @@ files:
option gateway '2a01:e0a:2b:2252::1' option gateway '2a01:e0a:2b:2252::1'
option interface 'wg0' option interface 'wg0'
config interface 'wks'
option ifname 'ethwks'
option proto 'static'
option netmask '255.255.255.0'
option ipaddr '192.168.6.254'
list ip6addr '${WKSIP}'
EOF EOF
} }
mode: "0755" mode: "0755"
@ -613,6 +653,11 @@ files:
#cp /etc/services /containers/services/mainrouter/rootfs/etc/services #cp /etc/services /containers/services/mainrouter/rootfs/etc/services
mkdir /containers/services/mainrouter/rootfs/root/.ssh mkdir /containers/services/mainrouter/rootfs/root/.ssh
[ -f /var/lib/adlin/authorized_keys ] && cp /var/lib/adlin/authorized_keys /containers/services/mainrouter/rootfs/root/.ssh/authorized_keys [ -f /var/lib/adlin/authorized_keys ] && cp /var/lib/adlin/authorized_keys /containers/services/mainrouter/rootfs/root/.ssh/authorized_keys
for svc in sshd-wks-rh1 sshd-wks-dg1
do
mkdir -p /containers/services/${svc}/rootfs/root/.ssh
[ -f /var/lib/adlin/authorized_keys ] && cp /var/lib/adlin/authorized_keys /containers/services/${svc}/rootfs/root/.ssh/authorized_keys
done
for svc in matrix ns-auth ns-resolv web for svc in matrix ns-auth ns-resolv web
do do
@ -638,16 +683,18 @@ files:
source: pkg/debian-tuto3/issue source: pkg/debian-tuto3/issue
mode: "0444" mode: "0444"
- path: /etc/init.d/500-showip.sh - path: /etc/init.d/900-showip.sh
contents: | contents: |
#!/bin/sh #!/bin/sh
sleep 5
echo # Wait wg0
cat /etc/issue.adlin nsenter -n/run/netns/router -- ip a show dev wg0 2> /dev/null > /dev/null || sleep 1
echo nsenter -n/run/netns/router -- ip a show dev wg0 2> /dev/null > /dev/null || sleep 1
nsenter -n/run/netns/router -- ip -c a show dev wg0 2> /dev/null || nsenter -n/run/netns/router /usr/bin/ask.sh nsenter -n/run/netns/router -- ip a show dev wg0 2> /dev/null > /dev/null || sleep 1
nsenter -n/run/netns/router -- ip -c a show dev eth0 nsenter -n/run/netns/router -- ip a show dev wg0 2> /dev/null > /dev/null || sleep 1
nsenter -n/run/netns/wks1 -- ip -c a show dev eth1 2> /dev/null || echo "Attachez une seconde carte ethernet à la VM pour pouvoir vous connecter à un poste de travail." nsenter -n/run/netns/router -- ip a show dev wg0 2> /dev/null > /dev/null || sleep 1
/usr/bin/welcome
exit 0 exit 0
mode: "0555" mode: "0555"
@ -664,7 +711,12 @@ files:
- path: /usr/bin/welcome - path: /usr/bin/welcome
contents: | contents: |
#!/bin/sh #!/bin/sh
/etc/init.d/500-showip.sh echo
cat /etc/issue.adlin
echo
nsenter -n/run/netns/router -- ip -c a show dev wg0 2> /dev/null || nsenter -n/run/netns/router /usr/bin/ask.sh
nsenter -n/run/netns/router -- ip -c a show dev eth0
nsenter -n/run/netns/wks-rh1 -- ip -c a show dev eth1 2> /dev/null || echo "Attachez une seconde carte ethernet à la VM pour pouvoir vous connecter à un poste de travail."
mode: "0755" mode: "0755"
- path: /usr/sbin/sos-dhcp - path: /usr/sbin/sos-dhcp
@ -727,13 +779,23 @@ files:
echo echo
echo echo
echo -n "États Workstations : " echo -n "États Workstations : "
ctr -n services.linuxkit t ls | grep dhcpcd-wks1 | grep RUNNING > /dev/null && ok -n "WKS-1" || ko -n "WKS-1" ctr -n services.linuxkit t ls | grep dhcpcd-wks-dg1 | grep RUNNING > /dev/null && ok -n "WKS-DG1" || ko -n "WKS-DG1"
echo -n "(" echo -n "("
ctr -n services.linuxkit t ls | grep sshd-wks1 | grep RUNNING > /dev/null && ok -n "SSH" || ko -n "SSH" ctr -n services.linuxkit t ls | grep sshd-wks-dg1 | grep RUNNING > /dev/null && ok -n "SSH" || ko -n "SSH"
echo -n " "
ctr -n services.linuxkit t ls | grep minichecker-wks-dg1 | grep RUNNING > /dev/null && ok -n "CK" || ko -n "CK"
echo -n ") " echo -n ") "
ctr -n services.linuxkit t ls | grep dhcpcd-wks2 | grep RUNNING > /dev/null && ok -n "WKS-2" || ko -n "WKS-2" ctr -n services.linuxkit t ls | grep dhcpcd-wks-rh1 | grep RUNNING > /dev/null && ok -n "WKS-RH1" || ko -n "WKS-RH1"
echo -n "(" echo -n "("
ctr -n services.linuxkit t ls | grep sshd-wks2 | grep RUNNING > /dev/null && ok -n "SSH" || ko -n "SSH" ctr -n services.linuxkit t ls | grep sshd-wks-rh1 | grep RUNNING > /dev/null && ok -n "SSH" || ko -n "SSH"
echo -n ") "
ctr -n services.linuxkit t ls | grep dhcpcd-wks-rh2 | grep RUNNING > /dev/null && ok -n "WKS-RH2" || ko -n "WKS-RH2"
echo -n "("
ctr -n services.linuxkit t ls | grep minichecker-wks-rh2 | grep RUNNING > /dev/null && ok -n "CK" || ko -n "CK"
echo -n ") "
ctr -n services.linuxkit t ls | grep dhcpcd-wks-cm1 | grep RUNNING > /dev/null && ok -n "WKS-CM1" || ko -n "WKS-CM1"
echo -n "("
ctr -n services.linuxkit t ls | grep minichecker-wks-cm1 | grep RUNNING > /dev/null && ok -n "CK" || ko -n "CK"
echo -n ") " echo -n ") "
echo echo
echo echo