From 7a72afc81d9b4b7f44e9208a7223d56ab469fcc8 Mon Sep 17 00:00:00 2001 From: Pierre-Olivier Mercier Date: Thu, 4 Feb 2021 09:42:10 +0100 Subject: [PATCH] tuto3: various fixes to help students --- pkg/debian-tuto2/Dockerfile | 3 +- pkg/debian-tuto3/Dockerfile | 3 +- pkg/tinydeb/Dockerfile | 3 +- pkg/wg/ask.sh | 2 +- token-validator/htdocs/js/adlin-main.js | 2 +- tuto3.yml | 62 ++++++++++++++++++++++++- 6 files changed, 68 insertions(+), 7 deletions(-) diff --git a/pkg/debian-tuto2/Dockerfile b/pkg/debian-tuto2/Dockerfile index 8a9c8f4..05e8705 100644 --- a/pkg/debian-tuto2/Dockerfile +++ b/pkg/debian-tuto2/Dockerfile @@ -19,7 +19,8 @@ RUN echo "deb http://deb.debian.org/debian buster-backports main" >> /etc/apt/so udev \ vim.tiny \ wireguard-tools \ - && rm -rf /var/lib/apt/lists/* + && rm -rf /var/lib/apt/lists/* \ + && rm -rf /etc/ssh/ssh_host_*_key* RUN rm -rf /etc/init.d/ && \ mkdir /overlay && \ diff --git a/pkg/debian-tuto3/Dockerfile b/pkg/debian-tuto3/Dockerfile index 8b53e3f..f4ca09a 100644 --- a/pkg/debian-tuto3/Dockerfile +++ b/pkg/debian-tuto3/Dockerfile @@ -19,6 +19,7 @@ RUN apt-get update && apt-get install --no-install-recommends -y \ tcpdump \ udev \ vim.tiny \ - && rm -rf /var/lib/apt/lists/* + && rm -rf /var/lib/apt/lists/* \ + && rm -rf /etc/ssh/ssh_host_*_key* COPY sshd_config /etc/ssh/sshd_config diff --git a/pkg/tinydeb/Dockerfile b/pkg/tinydeb/Dockerfile index 789a3c3..4a105c7 100644 --- a/pkg/tinydeb/Dockerfile +++ b/pkg/tinydeb/Dockerfile @@ -8,7 +8,8 @@ RUN apt-get update && apt-get install --no-install-recommends -y \ python-apt \ systemd-sysv \ vim.tiny \ - && rm -rf /var/lib/apt/lists/* + && rm -rf /var/lib/apt/lists/* \ + && rm -rf /etc/ssh/ssh_host_*_key* COPY gai.conf /etc/gai.conf COPY sshd_config /etc/ssh/sshd_config diff --git a/pkg/wg/ask.sh b/pkg/wg/ask.sh index 6f3da25..22411e8 100755 --- a/pkg/wg/ask.sh +++ b/pkg/wg/ask.sh @@ -12,7 +12,7 @@ cmdline() { [ -f "/var/lib/adlin/wireguard/adlin.token" ] && WGTOKEN=$(cat /var/lib/adlin/wireguard/adlin.token) [ -z "${WGTOKEN}" ] && WGTOKEN=$(cmdline adlin.token) [ -z "${WGTOKEN}" ] && { - echo -n "You didn't define your token to connect the network. Please copy it into /var/lib/adlin/wireguard/adlin.token and reboot." + echo "You didn't define your token to connect the network. Please run here `join-p0m` and then reboot." exit 1 } [ -f "/var/lib/adlin/wireguard/adlin.conf" ] && WGPRVKEY=$(sed 's/^.*PrivateKey *= *//p;d' /var/lib/adlin/wireguard/adlin.conf) diff --git a/token-validator/htdocs/js/adlin-main.js b/token-validator/htdocs/js/adlin-main.js index 7ead988..bdf72f9 100644 --- a/token-validator/htdocs/js/adlin-main.js +++ b/token-validator/htdocs/js/adlin-main.js @@ -86,7 +86,7 @@ angular.module("AdLinApp") }); }; $rootScope.checkLoginState(); - $interval($rootScope.checkLoginState, 20000); + $interval($rootScope.checkLoginState, 40000); $rootScope.disconnectCurrentUser = function() { $http({ diff --git a/tuto3.yml b/tuto3.yml index 93863f3..20198cb 100644 --- a/tuto3.yml +++ b/tuto3.yml @@ -207,7 +207,7 @@ services: hostname: miniflux capabilities: - all - command: ["/bin/sh", "-c", "sleep 5; /usr/bin/miniflux"] + command: ["/bin/sh", "-c", "sleep 10; /usr/bin/miniflux"] env: - DATABASE_URL=postgres://miniflux:adlin2021@db/miniflux?sslmode=disable - RUN_MIGRATIONS=1 @@ -248,6 +248,11 @@ files: 172.23.42.7 web mode: "0444" + - path: etc/sysctl.d/adlin.conf + contents: | + net.netfilter.nf_log_all_netns=1 + mode: "0444" + - path: usr/bin/ask.sh source: pkg/wg/ask.sh mode: "0755" @@ -297,10 +302,18 @@ files: GRANT ALL PRIVILEGES ON DATABASE matrix TO matrix; mode: "0444" + - path: /initdb/init-website.sql + contents: | + CREATE USER website WITH PASSWORD 'adlin2021'; + CREATE DATABASE website ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' TEMPLATE template0 OWNER website; + GRANT ALL PRIVILEGES ON DATABASE website TO website; + mode: "0444" + - path: etc/init.d/011-init-disk contents: | #!/bin/sh mkdir -p /var/lib/adlin/ + rm -rf /var/lib/adlin/wks1resolv.conf /var/lib/adlin/wks2resolv.conf touch /var/lib/adlin/wks1resolv.conf /var/lib/adlin/wks2resolv.conf mode: "0755" @@ -464,7 +477,7 @@ files: echo cat /etc/issue.adlin echo - nsenter -n/run/netns/router ip -c a show dev wg0 2> /dev/null || echo "You didn't define your token to connect the network. Please run here `join-p0m` and then reboot." + nsenter -n/run/netns/router ip -c a show dev wg0 2> /dev/null || nsenter -n/run/netns/router /usr/bin/ask.sh nsenter -n/run/netns/router ip -c a show dev eth0 nsenter -n/run/netns/wks1 ip -c a show dev eth1 2> /dev/null || echo "Attachez une seconde carte ethernet à la VM pour pouvoir vous connecter à un poste de travail." exit 0 @@ -513,6 +526,51 @@ files: echo "Token saved. You need to reboot now." mode: "0755" + - path: /usr/sbin/diagnostic + contents: | + #!/bin/sh + ok() { [ $# -gt 1 ] && MSG=$2 || MSG="OK"; echo -e $1 "\033[0;32m${MSG}\033[0m"; } + ko() { [ $# -gt 1 ] && MSG=$2 || MSG="KO"; echo -e $1 "\033[0;41m${MSG}\033[0m"; } + + echo "TP3 VM diagnostic" + echo + echo -n "Disque dur monté : "; df /var/lib/adlin/ | grep ^/dev/sd > /dev/null && ok || ko + echo + echo -n "Token Maatma renseigné : "; [ -s "/var/lib/adlin/wireguard/adlin.token" ] && ok -n || ko -n + echo -n " - Tunnel monté : "; nsenter -n/run/netns/router /usr/bin/wg show wg0 > /dev/null 2> /dev/null && ok -n || ko -n + echo -n " - Tunnel établit : "; [ "$(nsenter -n/run/netns/router /usr/bin/wg show wg0 dump | tail -1 | cut -f 6 2> /dev/null)" != "0" ] && ok || ko + echo -n "Ping Gateway Maatma : "; nsenter -n/run/netns/router ping -w 2 -c 1 2a01:e0a:2b:2252::1 > /dev/null 2> /dev/null && ok -n || ko -n + echo -n " - Ping Internet IPv4 : "; nsenter -n/run/netns/router ping -w 2 -c 1 1.1.1.1 > /dev/null 2> /dev/null && ok || ko + echo + echo -n "États serveurs : "; + ctr -n services.linuxkit t ls | grep mainrouter | grep RUNNING > /dev/null && ok -n "Routeur" || ko -n "Routeur" + echo -n " " + pgrep unbound > /dev/null && ok -n "Résolveur" || ko -n "Résolveur" + echo -n " " + pgrep openrc > /dev/null && ok -n "NS autoritaire" || ko -n "NS autoritaire" + echo -n " " + pgrep postgres > /dev/null && ok -n "Database" || ko -n "Database" + echo -n " " + ctr -n services.linuxkit t ls | grep matrix | grep RUNNING > /dev/null && ok -n "Matrix" || ko -n "Matrix" + echo -n " " + pgrep miniflux > /dev/null && ok -n "Miniflux" || ko -n "Miniflux" + echo -n " " + ctr -n services.linuxkit t ls | grep web | grep RUNNING > /dev/null && ok -n "Vitrine" || ko -n "Vitrine" + echo + echo + echo -n "États Workstations : " + ctr -n services.linuxkit t ls | grep dhcpcd-wks1 | grep RUNNING > /dev/null && ok -n "WKS-1" || ko -n "WKS-1" + echo -n "(" + ctr -n services.linuxkit t ls | grep sshd-wks1 | grep RUNNING > /dev/null && ok -n "SSH" || ko -n "SSH" + echo -n ") " + ctr -n services.linuxkit t ls | grep dhcpcd-wks2 | grep RUNNING > /dev/null && ok -n "WKS-2" || ko -n "WKS-2" + echo -n "(" + ctr -n services.linuxkit t ls | grep sshd-wks2 | grep RUNNING > /dev/null && ok -n "SSH" || ko -n "SSH" + echo -n ") " + echo + echo + mode: "0755" + - path: etc/network/interfaces contents: | auto lo