efK97DVY

· 6 years ago · Sep 17, 2019, 09:20 PM
1#!/bin/bash
2
3echo "Run on ubuntu"
4echo "params: <machine identifier> <ssh key to login to machine with that also exists on DO>"
5echo "private params mush be set in the bash script"
6echo "note: ssh key are available after using "ssh-keygen" and adding to your DO account"
7
8set +x
9echo "--------------------------------------------------------------------------------------------------- PARAMS"
10set -x
11
12export differentiator=$1
13export SSH_PubKeyPath=$2
14export SSH_PATH=${SSH_PubKeyPath}
15# fill in these with your own details:
16# this is the username/password to login to created machine if not using ssh key
17export USERNAME= 
18export PASSWORD=
19# this is your digital ocean API access token that you get from DO
20export DO_API_TOKEN=
21
22
23set +x
24echo "--------------------------------------------------------------------------------------------------- Dependencies"
25set -x
26
27
28sudo apt-get install -y python3 python3-pip
29
30sudo pip3 install DynamicMachine
31
32set +x
33echo "--------------------------------------------------------------------------------------------------- Create New MACHINE"
34set -x
35
36set +x
37echo "--------------------------------------------------------------------------------------------------- Setup ENV"
38set -x
39
40cat > .dynamicMachine <<EOF
41{
42    "DigitalOcean" : {
43        "Access Token"       : "${DO_API_TOKEN}",
44        "location"           : "San Francisco",
45        "image"              : "Docker",
46        "size"               : "2gb",
47        "sshKey"             : "${SSH_PATH}"
48    },
49    "BaseHostName": "openVpnServer-${differentiator}"
50}
51EOF
52
53set +x
54echo "--------------------------------------------------------------------------------------------------- Create Digital Cloud Slave"
55set -x
56
57create_machine.py | tee cm.txt
58cat cm.txt
59export NEW_IP=`cat cm.txt | awk '{match( $0, /\(.*\)/ ) ; s = substr($0,RSTART, RLENGTH); gsub(/[()]/, "", s); print s}'`
60rm cm.txt
61sleep 10
62set +x
63echo "--------------------------------------------------------------------------------------------------- Configure Slave Phase1"
64set -x
65
66cat > .dynamicMachineConfig <<EOF
67{
68    "username" : "root",
69    "password" : "",
70    "commands" : [
71        {"useradd -m -s /bin/bash ${USERNAME}":{"assertResultEquals":"root@"}},
72        {"echo '${USERNAME}:${PASSWORD}' | chpasswd":{"assertResultEquals":"root@"}},
73        {"sudo usermod -aG docker ${USERNAME}":{"assertResultEquals":"root@"}},
74        {"sudo usermod -aG sudo ${USERNAME}":{"assertResultEquals":"root@"}},
75        {"rm -f /etc/nologin":{"assertResultEquals":"root@"}},
76        {"sed -i s/'session    required     pam_loginuid.so'/'#session    required     pam_loginuid.so'/g /etc/pam.d/sshd":{"assertResultEquals":"root@"}},
77        {"sed -i s/'PasswordAuthentication no'/'PasswordAuthentication yes'/g /etc/ssh/sshd_config":{"assertResultEquals":"root@"}},
78        {"systemctl reload ssh.service":{"assertResultEquals":"root@"}},
79        {"echo LANG='en_US.UTF-8' > /etc/default/locale":{"assertResultEquals":"root@"}},
80        {"docker pull busybox":{"assertResultEquals":"root@"}},
81        {"sleep 1 && echo pullBusybox":{"assertResultEquals":"pullBusybox"}},
82        {"docker pull kylemanna/openvpn":{"assertResultEquals":"root@"}},
83        {"sleep 1 && echo pullOpenvpn":{"assertResultEquals":"pullOpenvpn"}},
84        {"docker run --name OVPN_DATA -v /etc/openvpn busybox":{"assertResultEquals":"root@"}},
85        {"sleep 1 && echo runDataContainer":{"assertResultEquals":"runDataContainer"}},
86        {"docker run --volumes-from OVPN_DATA --rm kylemanna/openvpn ovpn_genconfig -u udp://${NEW_IP}:1194":{"assertResultEquals":"root@"}},
87        {"sleep 1 && echo runGenconfig":{"assertResultEquals":"runGenconfig"}},
88        {"docker run --volumes-from OVPN_DATA --rm -it kylemanna/openvpn ovpn_initpki":{"assertResultEquals":"Enter"}},
89        {"${PASSWORD}":{"assertResultEquals":"Re-Enter"}},
90        {"${PASSWORD}":{"assertResultEquals":"Common"}},
91        {"${NEW_IP}":{"assertResultEquals":[["Enter"],120000]}},
92        {"${PASSWORD}":{"assertResultEquals":"Enter"}},
93        {"${PASSWORD}":{"assertResultEquals":"root@"}},
94        {"echo 'runInitPki' ":{"assertResultEquals":"runInitPki"}}
95    ]
96}
97EOF
98
99rm -f ~/.ssh/known_hosts
100configure_machine.py --ip $NEW_IP --jsonFile .dynamicMachineConfig
101
102set +x
103echo "--------------------------------------------------------------------------------------------------- Configure Slave Phase2"
104set -x
105
106cat > .docker-openvpn-systemd <<EOF
107[Unit]
108Description=Docker container for OpenVPN server
109After=docker.service
110Requires=docker.service
111
112[Service]
113TimeoutStartSec=0
114Restart=always
115ExecStartPre=-/usr/bin/docker stop %n
116ExecStartPre=-/usr/bin/docker rm %n
117ExecStart=/usr/bin/docker run --volumes-from OVPN_DATA --rm --name %n -p 1194:1194/udp --cap-add=NET_ADMIN kylemanna/openvpn
118
119[Install]
120WantedBy=multi-user.target
121EOF
122
123rm -f ~/.ssh/known_hosts
124scp -o StrictHostKeyChecking=no .docker-openvpn-systemd root@${NEW_IP}:/lib/systemd/system/docker-openvpn.service
125
126cat > .dynamicMachineConfig2 <<EOF
127{
128    "username" : "root",
129    "password" : "",
130    "commands" : [
131        {"ls /lib/systemd/system/docker-openvpn.service":{"assertResultEquals":"root@"}},
132        {"systemctl daemon-reload":{"assertResultEquals":"root@"}},
133        {"systemctl start docker-openvpn.service":{"assertResultEquals":"root@"}},
134        {"docker ps":{"assertResultEquals":"ovpn_run"}}
135    ]
136}
137EOF
138
139rm -f ~/.ssh/known_hosts
140configure_machine.py --ip $NEW_IP --jsonFile .dynamicMachineConfig2
141
142echo "Created \"openVpnServer--${differentiator}\" at ${NEW_IP}"
143echo NEW_IP=${NEW_IP} > propsfile