173 lines
		
	
	
		
			7.2 KiB
		
	
	
	
		
			Bash
		
	
	
	
	
	
			
		
		
	
	
			173 lines
		
	
	
		
			7.2 KiB
		
	
	
	
		
			Bash
		
	
	
	
	
	
| #!/bin/bash
 | |
| 
 | |
| 
 | |
| echo "Welcome to the Rocky Linux to Koozali SME Server script. Are you sure you have at least one ethernet interface before proceeding ? Hit Ctrl+C if unsure, press 'enter' if you are OK to proceed."
 | |
| read testme
 | |
| 
 | |
| echo "disabling and removing SELinux"
 | |
| sed -i -e 's/rhgb quiet/selinux=0/g' /boot/grub2/grub.cfg
 | |
| sed -i -e 's/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config
 | |
| setenforce 0
 | |
| dnf remove selinux-policy-targeted setroubleshoot-server -y 1>/dev/null
 | |
| 
 | |
| echo "copy of current network config in root/rocky2sme-prenetwork"
 | |
| ip address > /root/rocky2sme-prenetwork ; ip route >>/root/rocky2sme-prenetwork
 | |
| 
 | |
| echo "##########################################################################"
 | |
| echo "setting dnf repo for SME Server"
 | |
| mkdir -p /tmp/repo.bak
 | |
| mv /etc/yum.repos.d/*.repo /tmp/repo.bak/
 | |
| cp /etc/yum.prosmerepos.d/* /etc/yum.repos.d/
 | |
| 
 | |
| echo "##########################################################################"
 | |
| echo "importing rpm gpg keys"
 | |
| #yum install wget -y 1>/dev/null
 | |
| for i in $( ls /usr/share/doc/smeserver-rocky2sme/keys ); do
 | |
| 	rpm --import /usr/share/doc/smeserver-rocky2sme/keys/$i
 | |
| done
 | |
| 
 | |
| echo "##########################################################################"
 | |
| echo "cleaning dnf cache"
 | |
| dnf --enablerepo=* clean all 1>/dev/null
 | |
| 
 | |
| echo "##########################################################################"
 | |
| echo "dnf upgrade to install last updates, this may take a while, output is hidden unless there is an error, be patient:"
 | |
| yum upgrade -y 1>/dev/null
 | |
| 
 | |
| # they might have come back with upgrade...
 | |
| rm /etc/yum.repos.d/Rocky*.repo -rf
 | |
| 
 | |
| echo "##########################################################################"
 | |
| echo "dnf set modules:"
 | |
| dnf module switch-to -y php:remi-8.4
 | |
| #dnf module switch-to -y imariadb:10.5
 | |
| dnf module disable mariadb
 | |
| dnf module switch-to -y python36:3.6
 | |
| dnf module enable -y redis:remi-7.2
 | |
| dnf module enable -y httpd:2.4
 | |
| dnf module enable -y perl:5.26
 | |
| dnf module enable -y perl-DBD-MySQL:4.046
 | |
| dnf module enable -y perl-DBD-SQLite:1.58
 | |
| dnf module enable -y perl-DBI:1.641
 | |
| dnf module enable -y perl-IO-Socket-SSL:2.066
 | |
| dnf module enable -y perl-libwww-perl:6.34
 | |
| dnf module enable -y squid:4
 | |
| dnf module enable -y container-tools:rhel8
 | |
| dnf module enable -y nginx:1.14
 | |
| dnf module enable -y freeradius:3.0
 | |
| 
 | |
| 
 | |
| echo "##########################################################################"
 | |
| echo "dnf install, installing SME Server ... this may take a while:"
 | |
| dnf install @smeserver -y
 | |
| 
 | |
| # check 
 | |
| if [[ -f /sbin/e-smith/console ]]; then
 | |
| 	echo "... all seems good untill now"
 | |
| else
 | |
| 	echo "... exiting something is missing, try again dnf --disablerepo=* --enablerepo=smeos install @smeserver -y"
 | |
| 	exit 1
 | |
| fi
 | |
| 
 | |
| echo "##########################################################################"
 | |
| echo "dnf upgrade"
 | |
| dnf upgrade -y 1>/dev/null
 | |
| 
 | |
| echo "##########################################################################"
 | |
| echo "starting runit, so we can run a few services"
 | |
| /usr/bin/systemctl restart runit.service 
 | |
| 
 | |
| echo "##########################################################################"
 | |
| echo "cleaning /var/service/"
 | |
| find /var/service/ -type f -iname control -exec rm {} \;
 | |
| 
 | |
| echo "##########################################################################"
 | |
| echo "starting syslog"
 | |
| /usr/bin/systemctl restart rsyslog
 | |
| 
 | |
| echo "##########################################################################"
 | |
| echo "running post-install event for SME..."
 | |
| echo "but before, we unlink the S10init-passwords action"
 | |
| unlink  /etc/e-smith/events/post-install/S10init-passwords
 | |
| /sbin/e-smith/signal-event post-install
 | |
| 
 | |
| echo "##########################################################################"
 | |
| echo "set admin password as set, to avoid locking you on reboot"
 | |
| #need syslog to work. so just in case
 | |
| #/etc/init.d/rsyslog restart
 | |
| /usr/bin/systemctl restart rsyslog
 | |
| /sbin/e-smith/db accounts setprop admin PasswordSet yes
 | |
| /sbin/e-smith/db configuration set PasswordSet yes
 | |
| /sbin/e-smith/db configuration setprop bootstrap-console Restore disabled
 | |
| 
 | |
| echo "... as we copy your current root password as admin password"
 | |
| # here copy root password to admin user !!!
 | |
| grep $USER /etc/shadow | cut -f 2 -d ':'>/tmp/encrypted
 | |
| usermod -p $(cat /tmp/encrypted) admin
 | |
| rm /tmp/encrypted -f
 | |
| echo "... if access to server manager fails with admin, log to cli as root and do :"
 | |
| echo "passwd admin"
 | |
| # to test, there is chances it is salted, alternatively
 | |
| # echo "Please give now the password for the created admin user :"
 | |
| # passwd admin
 | |
| 
 | |
| echo "##########################################################################"
 | |
| echo "Cleaning /service subfolders"
 | |
| find /var/service/ -type f -iname control -exec rm {} \;
 | |
| 
 | |
| echo "##########################################################################"
 | |
| echo "force quota check"
 | |
| touch /forcequotacheck
 | |
| 
 | |
| #restart rsyslogd service in case , as console needs it to run...
 | |
| echo "##########################################################################"
 | |
| echo "retarting syslog"
 | |
| /usr/bin/systemctl restart rsyslog.service
 | |
| 
 | |
| echo "##########################################################################"
 | |
| echo "now time to configure your server using the SME Server console"
 | |
| /usr/bin/perl -Mesmith::console -Mesmith::console::configure -e "esmith::console::configure->new->doit(esmith::console->new,esmith::ConfigDB->open)"
 | |
| 
 | |
| echo "##########################################################################"
 | |
| echo "set SSHD to accept root login with rsa key"
 | |
| /sbin/e-smith/db configuration setprop  sshd status enabled PermitRootLogin yes access public
 | |
| /sbin/e-smith/expand-template /etc/ssh/ssh_config
 | |
| /sbin/e-smith/expand-template /etc/ssh/sshd_config
 | |
| /usr/bin/systemctl restart sshd.service
 | |
| # a sshd reload does not regenerate the keys and failed
 | |
| # doing one after to do the rest (masq etc.)
 | |
| /sbin/e-smith/signal-event  remoteaccess-update
 | |
| 
 | |
| echo "##########################################################################"
 | |
| echo "Enable access to server-manager to the following IPs:"
 | |
| echo "Please type IP.IP.IP.IP/255.255.255.255,IP2.IP2.IP2.IP2/255.255.255.255  to allow access to the manager from the desired IP. Leave blank if you do want to have access to the manager from outside the lan. Fill with 0.0.0.0/0.0.0.0 if you live on the edge!"
 | |
| read validfrom
 | |
| if [ ! -z "$validfrom" ]; then
 | |
| 	/sbin/e-smith/db configuration setprop httpd-admin ValidFrom  $validfrom
 | |
| 	/sbin/e-smith/signal-event post-upgrade
 | |
| else
 | |
| 	echo "nothing to do"
 | |
| fi
 | |
| 
 | |
| 
 | |
| echo "##########################################################################"
 | |
| echo "Last cleaning:"
 | |
| # last tidying
 | |
| find /var/service/ -type f -iname control -exec rm {} \;
 | |
| 
 | |
| # just in case before reboot
 | |
| /sbin/e-smith/db configuration set PasswordSet yes
 | |
| /sbin/e-smith/db configuration setprop bootstrap-console Restore disabled
 | |
| 
 | |
| 
 | |
| echo "##########################################################################"
 | |
| echo "you just have to issue a '/sbin/e-smith/signal-event reboot'; or simply 'reboot' and enjoy your SME"
 | |
| echo "But before that, are you sure you have added a working SSH key to ~/.ssh/authorized_keys ?"
 | |
| echo "##########################################################################"
 | |
| 
 | |
| # some fixup to have a minimal working system 
 | |
| /usr/bin/systemctl restart network wan tinydns dnscache dnscache.forwarder dhcpd
 | |
| /usr/bin/systemctl restart httpd-e-smith smanager
 | |
| # fix radiusd not starting
 | |
| /sbin/e-smith/ignal-event smeserver-radiusd-update 
 |