New workstations schema

2021-04-01 09:45:55 +02:00 · 2021-04-01 09:45:55 +02:00 · 2bb1da63d6
commit 2bb1da63d6
parent 3e3a0e9e37
1 changed files with 95 additions and 33 deletions
--- a/tuto3.yml
+++ b/tuto3.yml
@ -49,7 +49,6 @@ services:
    uts: new
    runtime:
      interfaces:
        - name: eth1
        - name: ethwks-dg1
      bindNS:
        net: /run/netns/wks-dg1
@ -66,6 +65,7 @@ services:
    uts: new
    runtime:
      interfaces:
        - name: eth1
        - name: ethwks-rh1
      bindNS:
        net: /run/netns/wks-rh1
@ -117,17 +117,17 @@ services:
      - /etc/wshadow:/etc/shadow
      - /var/lib/adlin/wks-dg1resolv.conf:/etc/resolv.conf
-  - name: sshd-wks-rh2
+  - name: sshd-wks-rh1
    image: linuxkit/sshd:v0.8
-    net: /run/netns/wks-rh2
+    net: /run/netns/wks-rh1
-    uts: /run/utsns/wks-rh2
+    uts: /run/utsns/wks-rh1
    pid: new
    ipc: new
    binds:
      - /etc/ssh/sshd_config:/etc/ssh/sshd_config
      - /etc/wpasswd:/etc/passwd
      - /etc/wshadow:/etc/shadow
-      - /var/lib/adlin/wks-rh2resolv.conf:/etc/resolv.conf
+      - /var/lib/adlin/wks-rh1resolv.conf:/etc/resolv.conf
  - name: mainrouter
    #image: nemunaire/adlin-tuto3:485bb9556ca3bc33e7fee16edd93c05f35eb1455
@ -279,17 +279,64 @@ services:
    binds:
      - /etc/dresolv.conf:/etc/resolv.conf
  # Workstation testers
  - name: minichecker-wks-rh2
    image: nemunaire/minichecker:a5d37bb2ebed6df0e586184582763eb0cf727b51
    net: /run/netns/wks-rh2
    pid: new
    ipc: new
    uts: /run/utsns/wks-rh2
    command: ["/bin/minichecker", "-check-interval", "50s", "-target", "https://adlin.nemunai.re"]
    binds:
      - /var/lib/adlin/wks-rh2resolv.conf:/etc/resolv.conf
      - /var/lib/adlin/wireguard/:/etc/wireguard/:ro
  - name: minichecker-wks-dg1
    image: nemunaire/minichecker:a5d37bb2ebed6df0e586184582763eb0cf727b51
    net: /run/netns/wks-dg1
    pid: new
    ipc: new
    uts: /run/utsns/wks-dg1
    command: ["/bin/minichecker", "-check-interval", "50s", "-target", "https://adlin.nemunai.re"]
    binds:
      - /etc/hosts-minichecker:/etc/hosts:ro
      - /var/lib/adlin/wks-dg1resolv.conf:/etc/resolv.conf
      - /var/lib/adlin/wireguard/:/etc/wireguard/:ro
  - name: minichecker-wks-cm1
    image: nemunaire/minichecker:a5d37bb2ebed6df0e586184582763eb0cf727b51
    net: /run/netns/wks-cm1
    pid: new
    ipc: new
    uts: /run/utsns/wks-cm1
    command: ["/bin/minichecker", "-check-interval", "50s", "-target", "https://adlin.nemunai.re"]
    binds:
      - /etc/hosts-minichecker:/etc/hosts:ro
      - /var/lib/adlin/wireguard/:/etc/wireguard/:ro
 files:
  - path: etc/hosts
    contents: |
-      127.0.0.1   localhost
+      127.0.0.1    localhost
-      ::1         localhost
+      ::1          localhost
-      172.23.42.2 ns
+      172.23.42.2  ns
-      172.23.42.3 ns-auth
+      172.23.42.3  ns-auth
-      172.23.42.4 db
+      172.23.42.4  db
-      172.23.42.5 matrix
+      172.23.42.5  matrix
-      172.23.42.6 news
+      172.23.42.6  news
-      172.23.42.7 web
+      172.23.42.7  web
      82.64.31.248 adlin.nemunai.re
    mode: "0444"
  - path: etc/hosts-minichecker
    contents: |
      127.0.0.1    localhost
      ::1          localhost
      172.23.42.2  ns
      172.23.42.3  ns-auth
      172.23.42.4  db
      172.23.42.5  matrix
      172.23.42.6  news
      172.23.42.7  web
      82.64.31.248 adlin.nemunai.re
    mode: "0444"
  - path: etc/sysctl.d/adlin.conf
@ -563,13 +610,6 @@ files:
          option gateway '2a01:e0a:2b:2252::1'
          option interface 'wg0'
      config interface 'wks'
          option ifname 'ethwks'
          option proto 'static'
          option netmask '255.255.255.0'
          option ipaddr '192.168.6.254'
          list ip6addr '${WKSIP}'
      EOF
      }
    mode: "0755"
@ -613,6 +653,11 @@ files:
      #cp /etc/services /containers/services/mainrouter/rootfs/etc/services
      mkdir /containers/services/mainrouter/rootfs/root/.ssh
      [ -f /var/lib/adlin/authorized_keys ] && cp /var/lib/adlin/authorized_keys /containers/services/mainrouter/rootfs/root/.ssh/authorized_keys
      for svc in sshd-wks-rh1 sshd-wks-dg1
      do
          mkdir -p /containers/services/${svc}/rootfs/root/.ssh
          [ -f /var/lib/adlin/authorized_keys ] && cp /var/lib/adlin/authorized_keys /containers/services/${svc}/rootfs/root/.ssh/authorized_keys
      done
      for svc in matrix ns-auth ns-resolv web
      do
@ -638,16 +683,18 @@ files:
    source: pkg/debian-tuto3/issue
    mode: "0444"
-  - path: /etc/init.d/500-showip.sh
+  - path: /etc/init.d/900-showip.sh
    contents: |
      #!/bin/sh
-      sleep 5
+
-      echo
+      # Wait wg0
-      cat /etc/issue.adlin
+      nsenter -n/run/netns/router -- ip a show dev wg0 2> /dev/null > /dev/null || sleep 1
-      echo
+      nsenter -n/run/netns/router -- ip a show dev wg0 2> /dev/null > /dev/null || sleep 1
-      nsenter -n/run/netns/router -- ip -c a show dev wg0 2> /dev/null || nsenter -n/run/netns/router /usr/bin/ask.sh
+      nsenter -n/run/netns/router -- ip a show dev wg0 2> /dev/null > /dev/null || sleep 1
-      nsenter -n/run/netns/router -- ip -c a show dev eth0
+      nsenter -n/run/netns/router -- ip a show dev wg0 2> /dev/null > /dev/null || sleep 1
-      nsenter -n/run/netns/wks1 -- ip -c a show dev eth1 2> /dev/null || echo "Attachez une seconde carte ethernet à la VM pour pouvoir vous connecter à un poste de travail."
+      nsenter -n/run/netns/router -- ip a show dev wg0 2> /dev/null > /dev/null || sleep 1
      /usr/bin/welcome
      exit 0
    mode: "0555"
@ -664,7 +711,12 @@ files:
  - path: /usr/bin/welcome
    contents: |
      #!/bin/sh
-      /etc/init.d/500-showip.sh
+      echo
      cat /etc/issue.adlin
      echo
      nsenter -n/run/netns/router -- ip -c a show dev wg0 2> /dev/null || nsenter -n/run/netns/router /usr/bin/ask.sh
      nsenter -n/run/netns/router -- ip -c a show dev eth0
      nsenter -n/run/netns/wks-rh1 -- ip -c a show dev eth1 2> /dev/null || echo "Attachez une seconde carte ethernet à la VM pour pouvoir vous connecter à un poste de travail."
    mode: "0755"
  - path: /usr/sbin/sos-dhcp
@ -727,13 +779,23 @@ files:
      echo
      echo
      echo -n "États Workstations : "
-      ctr -n services.linuxkit t ls | grep dhcpcd-wks1 | grep RUNNING > /dev/null && ok -n "WKS-1" || ko -n "WKS-1"
+      ctr -n services.linuxkit t ls | grep dhcpcd-wks-dg1 | grep RUNNING > /dev/null && ok -n "WKS-DG1" || ko -n "WKS-DG1"
      echo -n "("
-      ctr -n services.linuxkit t ls | grep sshd-wks1 | grep RUNNING > /dev/null && ok -n "SSH" || ko -n "SSH"
+      ctr -n services.linuxkit t ls | grep sshd-wks-dg1 | grep RUNNING > /dev/null && ok -n "SSH" || ko -n "SSH"
      echo -n " "
      ctr -n services.linuxkit t ls | grep minichecker-wks-dg1 | grep RUNNING > /dev/null && ok -n "CK" || ko -n "CK"
      echo -n ") "
-      ctr -n services.linuxkit t ls | grep dhcpcd-wks2 | grep RUNNING > /dev/null && ok -n "WKS-2" || ko -n "WKS-2"
+      ctr -n services.linuxkit t ls | grep dhcpcd-wks-rh1 | grep RUNNING > /dev/null && ok -n "WKS-RH1" || ko -n "WKS-RH1"
      echo -n "("
-      ctr -n services.linuxkit t ls | grep sshd-wks2 | grep RUNNING > /dev/null && ok -n "SSH" || ko -n "SSH"
+      ctr -n services.linuxkit t ls | grep sshd-wks-rh1 | grep RUNNING > /dev/null && ok -n "SSH" || ko -n "SSH"
      echo -n ") "
      ctr -n services.linuxkit t ls | grep dhcpcd-wks-rh2 | grep RUNNING > /dev/null && ok -n "WKS-RH2" || ko -n "WKS-RH2"
      echo -n "("
      ctr -n services.linuxkit t ls | grep minichecker-wks-rh2 | grep RUNNING > /dev/null && ok -n "CK" || ko -n "CK"
      echo -n ") "
      ctr -n services.linuxkit t ls | grep dhcpcd-wks-cm1 | grep RUNNING > /dev/null && ok -n "WKS-CM1" || ko -n "WKS-CM1"
      echo -n "("
      ctr -n services.linuxkit t ls | grep minichecker-wks-cm1 | grep RUNNING > /dev/null && ok -n "CK" || ko -n "CK"
      echo -n ") "
      echo
      echo