FlorianHeigl · February 23, 2025 01:51
diff --git a/i-am-so-angry.sh b/i-am-so-angry.sh
 #!/usr/bin/env bash
 # one-context hat hier bugs und bringt das netzwerk nie online

 set -u

 test_network(){
   #good case
   ip addr list dev eth0 |
               grep -qE "inet.*((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)" && return 100

   # try temporary bringup
   ifconfig eth0 up &&
   udhcpc -i eth0 &&
   return 101

   # on failure
   return 102
 }

 test_updates(){
  apk -q update
  apk version | grep -qvc Installed && return 100
  
  # run an update
  test_pkgs apk-tools-static &&
  apk.static upgrade -a -U &&
  return 101

  # on failure
  return 102
 }

 test_ssh_pwauth(){
    grep -qE 'PasswordAuthentication.*yes' /etc/ssh/sshd_config && return 100
    sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config &&
    service sshd restart || return 102
    return 100
 }




 test_pkgs(){
  for pkg in $1 ; do
      apk version "${pkg}" | grep -q "${pkg}" && continue
      # install the first missing package and jump back
      apk add "${pkg}" && return 101
      # on failure
      return 102
  done
  # all were installed
  return 100
 }

 reinstall_opennebula(){
    find /etc/one-context.d -type f -exec rm {} + 2>/dev/null
    # existiert nur in alten versionen
    find /etc/init.d/one-context* -type f -exec rm {} + 2>/dev/null
    apk del one-context
    apk add one-context  || return 102
    rc-update add vmcontext boot

    # need to reboot at that point
    sync; sleep 6; reboot
 }

 test_fail2ban() {
    #es soll registiert sein
    if ! rc-update | grep -q "fail2ban" ; then 
        rc-update add fail2ban || return 102
        return 101
    fi

    #es soll im runlevel default stehen
    if ! rc-update | grep -qE "fail2ban.*default" ; then
        rc-update del fail2ban boot 2>/dev/null
        rc-update del fail2ban sysinit 2>/dev/null
        rc-update add fail2ban default || return 102
        return 101
    fi
    
    #es soll laufen - wird aber spaeter automatisch gestartet (nach vmcontext)
    #if ! pgrep fail2ban ; then
    #    service fail2ban start || return 102
    #    return 101
    #fi
    

    return 100
 }
  
 test_opennebula()
 {
    #Test for bad things, 
    # 1. old versions were bad, this one is known good
    # 2. should only contain links
    # 3. should not hold the old scripts
    apk version one-context |  grep -q "one-context-0.9.0-r0"   || reinstall_opennebula
    [ "$( find /etc/one-context.d -type f | wc -l )" -eq 0 ]    || reinstall_opennebula
    [ "$( find /etc/init.d/one-context* -type f 2>/dev/null | wc -l )" -eq 0 ]  || reinstall_opennebula
    
    return 100
 }

 test_kbd(){
    [ -r /etc/conf.d/loadkmap ] || return 102
    if ! grep -q "keymap/de" /etc/conf.d/loadkmap ; then
        test_pkgs musl-locales
        test_pkgs musl-locales-lang
        setup-keymap de de
        return 101 
    fi
    return 100
 }

 test_cmk_agent(){

    _agent=/usr/local/bin/check_mk_agent
    _port=6556

    #es passt normalerweise wenn:
    # - port auf ist
    # - und script existiert
    netstat -na | grep -qE "tcp.*${_port}" && 
    [ -x ${_agent} ] &&
    return 100

    #ein paar dependencies wollen wir sehen
    test_pkgs bash
    test_pkgs busybox-extras
    test_pkgs busybox-extras-openrc
    test_pkgs ethtool
    test_pkgs procps

    #cmk agent vorhanden sonst download
    [ -r ${_agent} ] || wget -O ${_agent} https://raw.githubusercontent.com/Checkmk/checkmk/refs/heads/release/2.2.0p39/agents/check_mk_agent.linux &&
    for _dir in \
        /etc/check_mk /usr/local/lib/check_mk_agent/plugins  \
        /usr/local/lib/check_mk_agent/local /var/cache/check_mk ; do 
        [ -d ${_dir} ] || mkdir -p ${_dir} 
    done
    [ -x ${_agent} ] || chmod 700 ${_agent}

    #services ok?
    grep -q -E '(check_mk|checkmk)' /etc/services ||
    echo "checkmk-agent        ${_port}/tcp   #Checkmk monitoring agent" >> /etc/services
    #inetd config ergaenzt
    grep -q -E '(check_mk|checkmk)' /etc/inetd.conf ||
      echo "checkmk-agent stream tcp  nowait root ${_agent}" >> /etc/inetd.conf

    # inetd enable
    if ! rc-update | grep -qE "inetd" ; then
        rc-update add inetd 
        # starten oder bei korrupter config abbrechen
        service inetd restart || return 102
        return 101
    fi
 }

 decide(){
    retry_count=4
    #mache den test
    ${1} "${2:-}" ; RC=$?
    case ${RC} in
      #wenn er 102 ist, brich ab
      102)
         echo "fatal error in ${1}"
         exit 1
      ;;
      #wenn er 101 ist, mach ihn wieder
      101) 
        while [ $retry_count -gt 0 ]; do
          retry_count=$(( retry_count - 1 ))
          # hier wurden die return codes nicht gelesen, reicht das so?
          ${1} "${2:-}" && break
        done
        # sollte das ein exit sein?
        return 1
        ;;
      #wenn er 100 ist, geh weiter
      100) 
        return 0;;
    esac
 }

 main(){
    decide test_network
    decide test_updates
    decide test_ssh_pwauth
    # hab einen bug mit $2 als liste
    decide test_pkgs udev
    decide test_pkgs sudo
    decide test_opennebula
    # hab einen bug mit $2 als liste
    #decide test_pkgs "kbd fail2ban"
    decide test_pkgs fail2ban
    decide test_pkgs kbd
    decide test_fail2ban
    decide test_kbd
    decide test_cmk_agent
 }

 main
	#!/usr/bin/env bash
	# one-context hat hier bugs und bringt das netzwerk nie online

	set -u

	test_network(){
	#good case
	ip addr list dev eth0 \|
	grep -qE "inet.*((25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\.){3}(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)" && return 100

	# try temporary bringup
	ifconfig eth0 up &&
	udhcpc -i eth0 &&
	return 101

	# on failure
	return 102
	}

	test_updates(){
	apk -q update
	apk version \| grep -qvc Installed && return 100

	# run an update
	test_pkgs apk-tools-static &&
	apk.static upgrade -a -U &&
	return 101

	# on failure
	return 102
	}

	test_ssh_pwauth(){
	grep -qE 'PasswordAuthentication.*yes' /etc/ssh/sshd_config && return 100
	sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config &&
	service sshd restart \|\| return 102
	return 100
	}




	test_pkgs(){
	for pkg in $1 ; do
	apk version "${pkg}" \| grep -q "${pkg}" && continue
	# install the first missing package and jump back
	apk add "${pkg}" && return 101
	# on failure
	return 102
	done
	# all were installed
	return 100
	}

	reinstall_opennebula(){
	find /etc/one-context.d -type f -exec rm {} + 2>/dev/null
	# existiert nur in alten versionen
	find /etc/init.d/one-context* -type f -exec rm {} + 2>/dev/null
	apk del one-context
	apk add one-context \|\| return 102
	rc-update add vmcontext boot

	# need to reboot at that point
	sync; sleep 6; reboot
	}

	test_fail2ban() {
	#es soll registiert sein
	if ! rc-update \| grep -q "fail2ban" ; then
	rc-update add fail2ban \|\| return 102
	return 101
	fi

	#es soll im runlevel default stehen
	if ! rc-update \| grep -qE "fail2ban.*default" ; then
	rc-update del fail2ban boot 2>/dev/null
	rc-update del fail2ban sysinit 2>/dev/null
	rc-update add fail2ban default \|\| return 102
	return 101
	fi

	#es soll laufen - wird aber spaeter automatisch gestartet (nach vmcontext)
	#if ! pgrep fail2ban ; then
	# service fail2ban start \|\| return 102
	# return 101
	#fi


	return 100
	}

	test_opennebula()
	{
	#Test for bad things,
	# 1. old versions were bad, this one is known good
	# 2. should only contain links
	# 3. should not hold the old scripts
	apk version one-context \| grep -q "one-context-0.9.0-r0" \|\| reinstall_opennebula
	[ "$( find /etc/one-context.d -type f \| wc -l )" -eq 0 ] \|\| reinstall_opennebula
	[ "$( find /etc/init.d/one-context* -type f 2>/dev/null \| wc -l )" -eq 0 ] \|\| reinstall_opennebula

	return 100
	}

	test_kbd(){
	[ -r /etc/conf.d/loadkmap ] \|\| return 102
	if ! grep -q "keymap/de" /etc/conf.d/loadkmap ; then
	test_pkgs musl-locales
	test_pkgs musl-locales-lang
	setup-keymap de de
	return 101
	fi
	return 100
	}

	test_cmk_agent(){

	_agent=/usr/local/bin/check_mk_agent
	_port=6556

	#es passt normalerweise wenn:
	# - port auf ist
	# - und script existiert
	netstat -na \| grep -qE "tcp.*${_port}" &&
	[ -x ${_agent} ] &&
	return 100

	#ein paar dependencies wollen wir sehen
	test_pkgs bash
	test_pkgs busybox-extras
	test_pkgs busybox-extras-openrc
	test_pkgs ethtool
	test_pkgs procps

	#cmk agent vorhanden sonst download
	[ -r ${_agent} ] \|\| wget -O ${_agent} https://raw.githubusercontent.com/Checkmk/checkmk/refs/heads/release/2.2.0p39/agents/check_mk_agent.linux &&
	for _dir in \
	/etc/check_mk /usr/local/lib/check_mk_agent/plugins \
	/usr/local/lib/check_mk_agent/local /var/cache/check_mk ; do
	[ -d ${_dir} ] \|\| mkdir -p ${_dir}
	done
	[ -x ${_agent} ] \|\| chmod 700 ${_agent}

	#services ok?
	grep -q -E '(check_mk\|checkmk)' /etc/services \|\|
	echo "checkmk-agent ${_port}/tcp #Checkmk monitoring agent" >> /etc/services
	#inetd config ergaenzt
	grep -q -E '(check_mk\|checkmk)' /etc/inetd.conf \|\|
	echo "checkmk-agent stream tcp nowait root ${_agent}" >> /etc/inetd.conf

	# inetd enable
	if ! rc-update \| grep -qE "inetd" ; then
	rc-update add inetd
	# starten oder bei korrupter config abbrechen
	service inetd restart \|\| return 102
	return 101
	fi
	}

	decide(){
	retry_count=4
	#mache den test
	${1} "${2:-}" ; RC=$?
	case ${RC} in
	#wenn er 102 ist, brich ab
	102)
	echo "fatal error in ${1}"
	exit 1
	;;
	#wenn er 101 ist, mach ihn wieder
	101)
	while [ $retry_count -gt 0 ]; do
	retry_count=$(( retry_count - 1 ))
	# hier wurden die return codes nicht gelesen, reicht das so?
	${1} "${2:-}" && break
	done
	# sollte das ein exit sein?
	return 1
	;;
	#wenn er 100 ist, geh weiter
	100)
	return 0;;
	esac
	}

	main(){
	decide test_network
	decide test_updates
	decide test_ssh_pwauth
	# hab einen bug mit $2 als liste
	decide test_pkgs udev
	decide test_pkgs sudo
	decide test_opennebula
	# hab einen bug mit $2 als liste
	#decide test_pkgs "kbd fail2ban"
	decide test_pkgs fail2ban
	decide test_pkgs kbd
	decide test_fail2ban
	decide test_kbd
	decide test_cmk_agent
	}

	main