+mod
Signed-off-by: Nico Schottelius <nico@nico-notebook.schottelius.org>
This commit is contained in:
Nico Schottelius
parent
bc6217fa0f
commit
0875392098
|
|
@ -1,90 +1,107 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
|
if [ $# -ne 1 ]; then
|
||||||
|
echo "$0 ssh-keyfile"
|
||||||
|
echo " ssh-keyfile: ssh keys to add into the image"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
set -e
|
set -e
|
||||||
set -x
|
set -x
|
||||||
|
|
||||||
MAJOR_VERSION=3.11
|
SSH_KEYS=$1; shift
|
||||||
MINOR_VERSION=2
|
|
||||||
|
MAJOR_VERSION=3.12
|
||||||
|
MINOR_VERSION=0
|
||||||
IMAGE=alpine-minirootfs-$MAJOR_VERSION.$MINOR_VERSION-x86_64.tar.gz
|
IMAGE=alpine-minirootfs-$MAJOR_VERSION.$MINOR_VERSION-x86_64.tar.gz
|
||||||
SSH_KEYS=$(cat ~/.ssh/id_rsa.pub)
|
|
||||||
RESOLVCONF=/etc/resolv.conf
|
RESOLVCONF=/etc/resolv.conf
|
||||||
|
|
||||||
working_directory=$(pwd -P)
|
working_directory=$(pwd -P)
|
||||||
rootfs_tmpdir=$(mktemp -d)
|
rootfs_tmpdir=$(mktemp -d)
|
||||||
|
rootfs_tmpdir=alpine_${MAJOR_VERSION}-${MINOR_VERSION}-rootfs
|
||||||
|
|
||||||
|
mkdir -p ${rootfs_tmpdir}
|
||||||
|
|
||||||
rootfs_url="http://dl-cdn.alpinelinux.org/alpine/v$MAJOR_VERSION/releases/x86_64/$IMAGE"
|
rootfs_url="http://dl-cdn.alpinelinux.org/alpine/v$MAJOR_VERSION/releases/x86_64/$IMAGE"
|
||||||
|
|
||||||
run_root () {
|
run_root () {
|
||||||
chroot $rootfs_tmpdir /usr/bin/env \
|
sudo chroot $rootfs_tmpdir /usr/bin/env \
|
||||||
PATH=/bin:/sbin \
|
PATH=/bin:/sbin \
|
||||||
/bin/sh -c "$*"
|
/bin/sh -c "$*"
|
||||||
}
|
}
|
||||||
|
|
||||||
if [ "$(whoami)" != 'root' ]; then
|
wget -c "$rootfs_url" -O "$working_directory/$IMAGE"
|
||||||
echo "This script must be run as root." >&2
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Download, extract inital rootfs.
|
# keep right permissions, use sudo
|
||||||
curl "$rootfs_url" -o "$working_directory/$IMAGE"
|
sudo tar xf $IMAGE -C $rootfs_tmpdir
|
||||||
tar xf $IMAGE -C $rootfs_tmpdir
|
|
||||||
|
|
||||||
# Add SSH keys
|
# Add SSH keys
|
||||||
run_root mkdir -p root/.ssh
|
run_root mkdir -p root/.ssh
|
||||||
echo $SSH_KEYS > $rootfs_tmpdir/root/.ssh/authorized_keys
|
sudo cp $SSH_KEYS $rootfs_tmpdir/root/.ssh/authorized_keys
|
||||||
|
run_root chown root:root root/.ssh/authorized_keys
|
||||||
run_root chmod 0600 root/.ssh/authorized_keys
|
run_root chmod 0600 root/.ssh/authorized_keys
|
||||||
run_root chmod 0700 root/.ssh
|
run_root chmod 0700 root/.ssh
|
||||||
|
|
||||||
# Import local resolv.conf.
|
# Import local resolv.conf.
|
||||||
cat "$RESOLVCONF" > $rootfs_tmpdir/etc/resolv.conf
|
sudo cp "$RESOLVCONF" $rootfs_tmpdir/etc/resolv.conf
|
||||||
|
|
||||||
# Make sure init is found by the kernel.
|
# Make sure init is found by the kernel.
|
||||||
run_root ln -s /sbin/init /init
|
#run_root ln -sf /sbin/init /init
|
||||||
|
|
||||||
|
|
||||||
|
# Layer atop base rootfs.
|
||||||
|
run_root apk update
|
||||||
|
run_root apk upgrade
|
||||||
|
run_root apk add openssh linux-lts openrc udev ndisc6
|
||||||
|
|
||||||
|
run_root rc-update add udev
|
||||||
|
run_root rc-update add udev-trigger
|
||||||
|
run_root rc-update add sshd
|
||||||
|
run_root rc-update add networking
|
||||||
|
run_root rc-update add hostname
|
||||||
|
run_root rc-update add rdnssd
|
||||||
|
|
||||||
|
# Generate iniramfs image
|
||||||
|
(cd $rootfs_tmpdir; sudo find . | sudo cpio -H newc -o | gzip -9 > "$working_directory/alpine-initramfs.gz")
|
||||||
|
cp "$rootfs_tmpdir/boot/vmlinuz-lts" "$working_directory/alpine-kernel"
|
||||||
|
|
||||||
|
|
||||||
# Servers have static addresses, disable the standard
|
# Servers have static addresses, disable the standard
|
||||||
# alpine setting of using tempaddr = 2
|
# alpine setting of using tempaddr = 2
|
||||||
cat > "$rootfs_tmpdir/etc/sysctl.d/99-ipv6.conf" <<EOF
|
sudo tee "$rootfs_tmpdir/etc/sysctl.d/99-ipv6.conf" <<EOF
|
||||||
net.ipv6.conf.default.use_tempaddr = 0
|
net.ipv6.conf.default.use_tempaddr = 0
|
||||||
net.ipv6.conf.all.use_tempaddr = 0
|
net.ipv6.conf.all.use_tempaddr = 0
|
||||||
|
|
||||||
net.ipv6.conf.all.accept_ra = 1
|
net.ipv6.conf.all.accept_ra = 1
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
cat > "$rootfs_tmpdir/etc/network/interfaces" <<EOF
|
sudo tee "$rootfs_tmpdir/etc/network/interfaces" <<EOF
|
||||||
auto lo
|
auto lo
|
||||||
iface lo inet loopback
|
iface lo inet loopback
|
||||||
|
|
||||||
auto eth0
|
auto eth0
|
||||||
iface eth0 inet6 manual
|
iface eth0 inet6 manual
|
||||||
pre-up ip link set eth0 up
|
pre-up ip link set eth0 up
|
||||||
|
post-up sleep 10
|
||||||
post-up ip addr show dev eth0 | grep inet6 >> /etc/issue
|
post-up ip addr show dev eth0 | grep inet6 >> /etc/issue
|
||||||
post-up echo post post up >> /etc/issue
|
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
cat > "$rootfs_tmpdir/etc/hostname" <<EOF
|
sudo tee "$rootfs_tmpdir/etc/hostname" <<EOF
|
||||||
alpine-unconfigured
|
alpine-unconfigured
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
echo ipv6 >> "$rootfs_tmpdir/etc/modules"
|
echo ipv6 | sudo tee -a "$rootfs_tmpdir/etc/modules"
|
||||||
|
|
||||||
|
|
||||||
|
# Upload to netboot server. - needs to be done outside sudo
|
||||||
|
echo "Use alpine-initramfs.gz alpine-kernel from $working_directory"!
|
||||||
|
|
||||||
|
exit 0
|
||||||
|
|
||||||
# Layer atop base rootfs.
|
|
||||||
run_root apk update
|
|
||||||
run_root apk upgrade
|
|
||||||
run_root apk add openssh linux-vanilla openrc udev
|
|
||||||
run_root rc-update add udev
|
|
||||||
run_root rc-update add udev-trigger
|
|
||||||
run_root rc-update add sshd
|
|
||||||
run_root rc-update add networking
|
|
||||||
run_root rc-update add hostname
|
|
||||||
|
|
||||||
# FIXME: add / install rdnssd / ndisc6 / start it on boot
|
# FIXME: add / install rdnssd / ndisc6 / start it on boot
|
||||||
# ndisc6 is only @testing
|
# ndisc6 is only @testing
|
||||||
|
|
||||||
# Generate iniramfs image
|
|
||||||
(cd $rootfs_tmpdir; find . | cpio -H newc -o | gzip -9 > "$working_directory/alpine-initramfs.gz")
|
|
||||||
cp "$rootfs_tmpdir/boot/vmlinuz-vanilla" "$working_directory/alpine-kernel"
|
|
||||||
|
|
||||||
# Cleanup.
|
# Cleanup.
|
||||||
#rm -r "$rootfs_tmpdir"
|
#rm -r "$rootfs_tmpdir"
|
||||||
|
|
||||||
# Upload to netboot server. - needs to be done outside sudo
|
|
||||||
echo "Use alpine-initramfs.gz alpine-kernel from $working_directory"!
|
|
||||||
|
|
|
||||||
|
|
@ -2,6 +2,8 @@
|
||||||
# Nico Schottelius, 2019-12-02
|
# Nico Schottelius, 2019-12-02
|
||||||
# Update mikrotik routers to the latest package
|
# Update mikrotik routers to the latest package
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
if [ $# -lt 2 ]; then
|
if [ $# -lt 2 ]; then
|
||||||
echo "$0 <version> <arch> router [router...]"
|
echo "$0 <version> <arch> router [router...]"
|
||||||
cat <<EOF
|
cat <<EOF
|
||||||
|
|
@ -31,11 +33,20 @@ unzip "${file}"
|
||||||
|
|
||||||
pkg_list="dhcp ipv6 lcd lte multicast ppp routing security system user-manager wireless"
|
pkg_list="dhcp ipv6 lcd lte multicast ppp routing security system user-manager wireless"
|
||||||
|
|
||||||
|
|
||||||
while [ $# -ge 1 ]; do
|
while [ $# -ge 1 ]; do
|
||||||
target=$1; shift
|
target=$1; shift
|
||||||
|
|
||||||
|
# Escape literal IPv6 addresses
|
||||||
|
if echo $target | grep ':'; then
|
||||||
|
target_scp="[$target]"
|
||||||
|
else
|
||||||
|
target_scp="$target"
|
||||||
|
fi
|
||||||
|
|
||||||
echo "Updating ${target}"
|
echo "Updating ${target}"
|
||||||
for pkg in $pkg_list; do
|
for pkg in $pkg_list; do
|
||||||
scp ${pkg}-${version}-${arch}.npk "admin@${target}:"
|
scp ${pkg}-${version}-${arch}.npk "admin@${target_scp}:"
|
||||||
done
|
done
|
||||||
ssh admin@${target} "/system reboot"
|
ssh admin@${target} "/system reboot"
|
||||||
done
|
done
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue