Start updating for SRS 2022
This commit is contained in:
parent
54555dcca4
commit
8a3160da10
@ -76,7 +76,7 @@ files:
|
|||||||
|
|
||||||
[ "$2" = "root" ] &&
|
[ "$2" = "root" ] &&
|
||||||
echo -e "\\e[01mTip: vous souvenez-vous du mot de passe root ?\\e[0m" ||
|
echo -e "\\e[01mTip: vous souvenez-vous du mot de passe root ?\\e[0m" ||
|
||||||
echo -e "\\e[01mTip: cette machine n'est pas reliée au LDAP de l'école.\\e[0m"
|
echo -e "\\e[01mTip: cette machine n'est pas reliée à l'authentification de l'école.\\e[0m"
|
||||||
|
|
||||||
exec login $@
|
exec login $@
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
init:
|
init:
|
||||||
- busybox
|
- busybox
|
||||||
- nemunaire/adlin-login-app:6df63c5b8f2895efe4830b682072eb77d862936f
|
- nemunaire/adlin-login-app:4bf902928c4f20c1e40d12de8e7d4fb22772b876
|
||||||
|
|
||||||
files:
|
files:
|
||||||
- path: /etc/ssl/certs/DST_Root_CA_X3.pem
|
- path: /etc/ssl/certs/DST_Root_CA_X3.pem
|
||||||
|
36
server.yml
36
server.yml
@ -1,33 +1,33 @@
|
|||||||
kernel:
|
kernel:
|
||||||
image: linuxkit/kernel:5.4.19
|
image: linuxkit/kernel:5.4.39
|
||||||
# cmdline: "console=tty0 console=ttyS0"
|
# cmdline: "console=tty0 console=ttyS0"
|
||||||
# cmdline: "console=tty0 adlin.network=alt"
|
# cmdline: "console=tty0 adlin.network=alt"
|
||||||
cmdline: "console=tty0"
|
cmdline: "console=tty0"
|
||||||
|
|
||||||
init:
|
init:
|
||||||
- linuxkit/init:a4fcf333298f644dfac6adf680b83140927aa85e
|
- linuxkit/init:a68f9fa0c1d9dbfc9c23663749a0b7ac510cbe1c
|
||||||
- linuxkit/runc:69b4a35eaa22eba4990ee52cccc8f48f6c08ed03
|
- linuxkit/runc:v0.8
|
||||||
- linuxkit/containerd:09553963ed9da626c25cf8acdf6d62ec37645412
|
- linuxkit/containerd:1ae8f054e9fe792d1dbdb9a65f1b5e14491cb106
|
||||||
- linuxkit/ca-certificates:v0.7
|
- linuxkit/ca-certificates:v0.8
|
||||||
# - linuxkit/firmware:v0.7
|
# - linuxkit/firmware:v0.7
|
||||||
- linuxkit/getty:v0.7
|
- linuxkit/getty:v0.8
|
||||||
- nemunaire/monit:f57bcdfc02e2523c714d657a4abda61d191aa15c
|
- nemunaire/monit:efb921ff9d2e564dfa43880c608e87dce6ad22b1
|
||||||
# - nemunaire/iscsi-target:8872d1c5e0cefe3c36b60e873b8452aefb19d84d
|
# - nemunaire/iscsi-target:8872d1c5e0cefe3c36b60e873b8452aefb19d84d
|
||||||
|
|
||||||
onboot:
|
onboot:
|
||||||
- name: sysctl
|
- name: sysctl
|
||||||
image: linuxkit/sysctl:v0.7
|
image: linuxkit/sysctl:v0.8
|
||||||
binds:
|
binds:
|
||||||
- /etc/sysctl.d/:/etc/sysctl.d/:ro
|
- /etc/sysctl.d/:/etc/sysctl.d/:ro
|
||||||
|
|
||||||
# Mount first drive to enable some persistance
|
# Mount first drive to enable some persistance
|
||||||
- name: mount
|
- name: mount
|
||||||
image: linuxkit/mount:v0.7
|
image: linuxkit/mount:v0.8
|
||||||
command: ["/usr/bin/mountie", "-device", "/dev/sda", "/var/lib/adlin" ]
|
command: ["/usr/bin/mountie", "-device", "/dev/sda", "/var/lib/adlin" ]
|
||||||
|
|
||||||
# Network: interface for login-validator
|
# Network: interface for login-validator
|
||||||
- name: login-iface-setup
|
- name: login-iface-setup
|
||||||
image: linuxkit/ip:v0.7
|
image: linuxkit/ip:v0.8
|
||||||
command: ["/bin/sh", "-c", "ip a add 172.23.255.2/24 dev vethin-login; ip link set vethin-login up; ip route add default via 172.23.255.1;" ]
|
command: ["/bin/sh", "-c", "ip a add 172.23.255.2/24 dev vethin-login; ip link set vethin-login up; ip route add default via 172.23.255.1;" ]
|
||||||
net: new
|
net: new
|
||||||
runtime:
|
runtime:
|
||||||
@ -42,7 +42,7 @@ onboot:
|
|||||||
|
|
||||||
# wg-manager
|
# wg-manager
|
||||||
- name: wg-iface-setup
|
- name: wg-iface-setup
|
||||||
image: linuxkit/ip:v0.7
|
image: linuxkit/ip:v0.8
|
||||||
command: ["/bin/sh", "-c", "ip a add 172.17.0.15/16 dev vethin-wg; ip a add 10.224.32.251/24 dev vethin-wg; ip link set vethin-wg up; grep adlin.network=alt /proc/cmdline > /dev/null && ip route add default via 10.224.32.254 || ip route add default via 10.224.32.1; wg-quick up wg0; /sbin/iptables-restore < /etc/iptables/rules.v4;" ]
|
command: ["/bin/sh", "-c", "ip a add 172.17.0.15/16 dev vethin-wg; ip a add 10.224.32.251/24 dev vethin-wg; ip link set vethin-wg up; grep adlin.network=alt /proc/cmdline > /dev/null && ip route add default via 10.224.32.254 || ip route add default via 10.224.32.1; wg-quick up wg0; /sbin/iptables-restore < /etc/iptables/rules.v4;" ]
|
||||||
net: new
|
net: new
|
||||||
binds:
|
binds:
|
||||||
@ -60,7 +60,7 @@ onboot:
|
|||||||
|
|
||||||
# token-validator
|
# token-validator
|
||||||
- name: validator-iface-setup
|
- name: validator-iface-setup
|
||||||
image: linuxkit/ip:v0.7
|
image: linuxkit/ip:v0.8
|
||||||
command: ["/bin/sh", "-c", "ip a add 172.23.200.1/24 dev vethin-vldtr; ip link set vethin-vldtr up; ip route add default via 172.23.200.254;" ]
|
command: ["/bin/sh", "-c", "ip a add 172.23.200.1/24 dev vethin-vldtr; ip link set vethin-vldtr up; ip route add default via 172.23.200.254;" ]
|
||||||
net: new
|
net: new
|
||||||
runtime:
|
runtime:
|
||||||
@ -73,7 +73,7 @@ onboot:
|
|||||||
|
|
||||||
# domain name
|
# domain name
|
||||||
- name: ns-iface-setup
|
- name: ns-iface-setup
|
||||||
image: linuxkit/ip:v0.7
|
image: linuxkit/ip:v0.8
|
||||||
command: ["/bin/sh", "-c", "ip a add 172.23.200.2/24 dev vethin-ns; ip link set vethin-ns up; ip route add default via 172.23.200.254;" ]
|
command: ["/bin/sh", "-c", "ip a add 172.23.200.2/24 dev vethin-ns; ip link set vethin-ns up; ip route add default via 172.23.200.254;" ]
|
||||||
net: new
|
net: new
|
||||||
runtime:
|
runtime:
|
||||||
@ -86,7 +86,7 @@ onboot:
|
|||||||
|
|
||||||
# time server
|
# time server
|
||||||
- name: time-iface-setup
|
- name: time-iface-setup
|
||||||
image: linuxkit/ip:v0.7
|
image: linuxkit/ip:v0.8
|
||||||
command: ["/bin/sh", "-c", "ip a add 172.23.200.3/24 dev vethin-time; ip link set vethin-time up; ip route add default via 172.23.200.254;" ]
|
command: ["/bin/sh", "-c", "ip a add 172.23.200.3/24 dev vethin-time; ip link set vethin-time up; ip route add default via 172.23.200.254;" ]
|
||||||
net: new
|
net: new
|
||||||
runtime:
|
runtime:
|
||||||
@ -99,7 +99,7 @@ onboot:
|
|||||||
|
|
||||||
# mail server
|
# mail server
|
||||||
- name: mail-iface-setup
|
- name: mail-iface-setup
|
||||||
image: linuxkit/ip:v0.7
|
image: linuxkit/ip:v0.8
|
||||||
command: ["/bin/sh", "-c", "ip a add 172.23.200.4/24 dev vethin-mail; ip link set vethin-mail up; ip route add default via 172.23.200.254;" ]
|
command: ["/bin/sh", "-c", "ip a add 172.23.200.4/24 dev vethin-mail; ip link set vethin-mail up; ip route add default via 172.23.200.254;" ]
|
||||||
net: new
|
net: new
|
||||||
runtime:
|
runtime:
|
||||||
@ -116,9 +116,9 @@ onboot:
|
|||||||
|
|
||||||
services:
|
services:
|
||||||
- name: rngd
|
- name: rngd
|
||||||
image: linuxkit/rngd:v0.7
|
image: linuxkit/rngd:v0.8
|
||||||
- name: sshd
|
- name: sshd
|
||||||
image: linuxkit/sshd:v0.7
|
image: linuxkit/sshd:v0.8
|
||||||
|
|
||||||
- name: dhcpd
|
- name: dhcpd
|
||||||
image: joebiellik/dhcpd
|
image: joebiellik/dhcpd
|
||||||
@ -218,7 +218,7 @@ services:
|
|||||||
- /etc/unbound:/etc/unbound:ro
|
- /etc/unbound:/etc/unbound:ro
|
||||||
|
|
||||||
- name: time
|
- name: time
|
||||||
image: linuxkit/openntpd:v0.7
|
image: linuxkit/openntpd:v0.8
|
||||||
net: /run/netns/dmz-time
|
net: /run/netns/dmz-time
|
||||||
capabilities:
|
capabilities:
|
||||||
- CAP_NET_BIND_SERVICE
|
- CAP_NET_BIND_SERVICE
|
||||||
|
@ -2,9 +2,9 @@
|
|||||||
title: ADLIN
|
title: ADLIN
|
||||||
section: 6
|
section: 6
|
||||||
header: ADvanced LINux administration
|
header: ADvanced LINux administration
|
||||||
footer: EPITA SRS 2021
|
footer: EPITA SRS 2022
|
||||||
author: Écrit par Pierre-Olivier *nemunaire* Mercier <**nemunaire+adlin@nemunai.re**>
|
author: Écrit par Pierre-Olivier *nemunaire* Mercier <**nemunaire+adlin@nemunai.re**>
|
||||||
date: 2020-02-24
|
date: 2021-02-18
|
||||||
...
|
...
|
||||||
|
|
||||||
# NOM
|
# NOM
|
||||||
@ -200,13 +200,14 @@ aux prochains TP.
|
|||||||
|
|
||||||
# HISTORIQUE
|
# HISTORIQUE
|
||||||
|
|
||||||
|
2021 - Quatrième édition du cours à destination des SRS 2022.
|
||||||
|
|
||||||
2020 - Troisième édition du cours à destination des SRS 2021.
|
2020 - Troisième édition du cours à destination des SRS 2021.
|
||||||
|
|
||||||
2019 - Deuxième édition du cours à destination des SRS 2020.
|
2019 - Deuxième édition du cours à destination des SRS 2020.
|
||||||
|
|
||||||
2018 - Première édition du cours à destination des SRS 2019.
|
2018 - Première édition du cours à destination des SRS 2019.
|
||||||
|
|
||||||
|
|
||||||
# CONFORMITÉ
|
# CONFORMITÉ
|
||||||
|
|
||||||
Certifié non conforme.
|
Certifié non conforme.
|
||||||
|
59
tuto3.yml
59
tuto3.yml
@ -1,36 +1,36 @@
|
|||||||
kernel:
|
kernel:
|
||||||
image: linuxkit/kernel:4.19.104
|
image: linuxkit/kernel:4.19.113
|
||||||
cmdline: "console=ttyS0 root=/dev/sda1 root=/dev/sr0 adlin.token=LqCdJDfniA"
|
# cmdline: "console=ttyS0 root=/dev/sda1 root=/dev/sr0 adlin.token=LqCdJDfniA"
|
||||||
# cmdline: "console=tty0"
|
cmdline: "console=tty0"
|
||||||
|
|
||||||
init:
|
init:
|
||||||
- linuxkit/init:a4fcf333298f644dfac6adf680b83140927aa85e
|
- linuxkit/init:a68f9fa0c1d9dbfc9c23663749a0b7ac510cbe1c
|
||||||
- linuxkit/runc:69b4a35eaa22eba4990ee52cccc8f48f6c08ed03
|
- linuxkit/runc:v0.8
|
||||||
- linuxkit/containerd:09553963ed9da626c25cf8acdf6d62ec37645412
|
- linuxkit/containerd:1ae8f054e9fe792d1dbdb9a65f1b5e14491cb106
|
||||||
- linuxkit/ca-certificates:v0.7
|
- linuxkit/ca-certificates:v0.8
|
||||||
- linuxkit/getty:v0.7
|
- linuxkit/getty:v0.8
|
||||||
|
|
||||||
onboot:
|
onboot:
|
||||||
- name: format
|
- name: format
|
||||||
image: linuxkit/format:65b9e0a76d0b9fb8ac5c5f3bc8d3131109290f56
|
image: linuxkit/format:v0.8
|
||||||
command: ["/usr/bin/format", "/dev/sda"]
|
command: ["/usr/bin/format", "/dev/sda"]
|
||||||
|
|
||||||
- name: mount
|
- name: mount
|
||||||
image: linuxkit/mount:v0.7
|
image: linuxkit/mount:v0.8
|
||||||
command: ["/usr/bin/mountie", "/dev/sda1", "/var/lib/adlin"]
|
command: ["/usr/bin/mountie", "/dev/sda1", "/var/lib/adlin"]
|
||||||
|
|
||||||
- name: sysctl
|
- name: sysctl
|
||||||
image: linuxkit/sysctl:v0.7
|
image: linuxkit/sysctl:v0.8
|
||||||
binds:
|
binds:
|
||||||
- /etc/sysctl.d/:/etc/sysctl.d/:ro
|
- /etc/sysctl.d/:/etc/sysctl.d/:ro
|
||||||
|
|
||||||
- name: rngd1
|
- name: rngd1
|
||||||
image: linuxkit/rngd:02c555b50cd1887aa628836662d2eec54c0d7e81
|
image: linuxkit/rngd:v0.8
|
||||||
command: ["/sbin/rngd", "-1"]
|
command: ["/sbin/rngd", "-1"]
|
||||||
|
|
||||||
# Network: external
|
# Network: external
|
||||||
- name: dhcpcd
|
- name: dhcpcd
|
||||||
image: linuxkit/dhcpcd:v0.7
|
image: linuxkit/dhcpcd:v0.8
|
||||||
command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1", "eth0"]
|
command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1", "eth0"]
|
||||||
net: new
|
net: new
|
||||||
runtime:
|
runtime:
|
||||||
@ -41,7 +41,7 @@ onboot:
|
|||||||
|
|
||||||
services:
|
services:
|
||||||
- name: dhcpcd-wks1
|
- name: dhcpcd-wks1
|
||||||
image: linuxkit/dhcpcd:v0.7
|
image: linuxkit/dhcpcd:v0.8
|
||||||
hostname: wks1
|
hostname: wks1
|
||||||
net: new
|
net: new
|
||||||
pid: new
|
pid: new
|
||||||
@ -58,7 +58,7 @@ services:
|
|||||||
- /var/lib/adlin/wks1resolv.conf:/etc/resolv.conf
|
- /var/lib/adlin/wks1resolv.conf:/etc/resolv.conf
|
||||||
|
|
||||||
- name: dhcpcd-wks2
|
- name: dhcpcd-wks2
|
||||||
image: linuxkit/dhcpcd:v0.7
|
image: linuxkit/dhcpcd:v0.8
|
||||||
hostname: wks2
|
hostname: wks2
|
||||||
net: new
|
net: new
|
||||||
pid: new
|
pid: new
|
||||||
@ -74,7 +74,7 @@ services:
|
|||||||
- /var/lib/adlin/wks2resolv.conf:/etc/resolv.conf
|
- /var/lib/adlin/wks2resolv.conf:/etc/resolv.conf
|
||||||
|
|
||||||
- name: sshd-wks1
|
- name: sshd-wks1
|
||||||
image: linuxkit/sshd:v0.7
|
image: linuxkit/sshd:v0.8
|
||||||
net: /run/netns/wks1
|
net: /run/netns/wks1
|
||||||
uts: /run/utsns/wks1
|
uts: /run/utsns/wks1
|
||||||
pid: new
|
pid: new
|
||||||
@ -86,7 +86,7 @@ services:
|
|||||||
- /var/lib/adlin/wks1resolv.conf:/etc/resolv.conf
|
- /var/lib/adlin/wks1resolv.conf:/etc/resolv.conf
|
||||||
|
|
||||||
- name: sshd-wks2
|
- name: sshd-wks2
|
||||||
image: linuxkit/sshd:v0.7
|
image: linuxkit/sshd:v0.8
|
||||||
net: /run/netns/wks2
|
net: /run/netns/wks2
|
||||||
uts: /run/utsns/wks2
|
uts: /run/utsns/wks2
|
||||||
pid: new
|
pid: new
|
||||||
@ -446,6 +446,31 @@ files:
|
|||||||
ip netns exec router wget -O - --header "X-ADLIN-time: $(stat -c %Y /boot)" https://adlin.nemunai.re/fix-vm | sh
|
ip netns exec router wget -O - --header "X-ADLIN-time: $(stat -c %Y /boot)" https://adlin.nemunai.re/fix-vm | sh
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
|
|
||||||
|
# - path: etc/init.d/021-correction
|
||||||
|
# contents: |
|
||||||
|
# #!/bin/sh
|
||||||
|
# PS=$(pgrep systemd | head -1)
|
||||||
|
# nsenter -t "${PS}" -a sysctl -w net.ipv4.ip_forward=1
|
||||||
|
# nsenter -t "${PS}" -a sysctl -w net.ipv6.conf.all.forwarding=1
|
||||||
|
# nsenter -t "${PS}" -a sysctl -w net.ipv4.conf.ethsrv.route_localnet=1
|
||||||
|
# nsenter -t "${PS}" -a iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
||||||
|
# nsenter -t "${PS}" -a iptables -t nat -A POSTROUTING -o ethsrv -m addrtype --src-type LOCAL -j MASQUERADE
|
||||||
|
# nsenter -t "${PS}" -a iptables -t nat -A PREROUTING -p tcp --dport 8052 -j DNAT --to 172.23.42.9
|
||||||
|
# nsenter -t "${PS}" -a iptables -t nat -A OUTPUT -o lo -p tcp -m tcp --dport 8052 -j DNAT --to-destination 172.23.42.9
|
||||||
|
# nsenter -t "${PS}" -a iptables -t nat -A PREROUTING -p tcp --dport 8080 -j DNAT --to 172.23.42.6
|
||||||
|
# nsenter -t "${PS}" -a iptables -t nat -A OUTPUT -o lo -p tcp -m tcp --dport 8080 -j DNAT --to-destination 172.23.42.6
|
||||||
|
# nsenter -t "${PS}" -a ip link set ethwks up
|
||||||
|
# cat <<EOF | nsenter -t "${PS}" -a tee /etc/udhcpd.conf
|
||||||
|
# start 192.168.6.50
|
||||||
|
# end 192.168.6.200
|
||||||
|
# interface ethwks
|
||||||
|
# opt dns 172.23.42.2
|
||||||
|
# option subnet 255.255.255.0
|
||||||
|
# opt router 192.168.6.254
|
||||||
|
# option lease 3600
|
||||||
|
# EOF
|
||||||
|
# mode: "0755"
|
||||||
|
|
||||||
- path: /etc/init.d/999-rw-passwd.sh
|
- path: /etc/init.d/999-rw-passwd.sh
|
||||||
contents: |
|
contents: |
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
Reference in New Issue
Block a user