Skip to content

Instantly share code, notes, and snippets.

@FlorianHeigl
Last active February 23, 2025 01:51
Show Gist options
  • Save FlorianHeigl/28f75ee94aa73c548e54f690f127f025 to your computer and use it in GitHub Desktop.
Save FlorianHeigl/28f75ee94aa73c548e54f690f127f025 to your computer and use it in GitHub Desktop.
opennebula startscript context fix state machine thing
#!/usr/bin/env bash
# one-context hat hier bugs und bringt das netzwerk nie online
set -u
test_network(){
#good case
ip addr list dev eth0 |
grep -qE "inet.*((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)" && return 100
# try temporary bringup
ifconfig eth0 up &&
udhcpc -i eth0 &&
return 101
# on failure
return 102
}
test_updates(){
apk -q update
apk version | grep -qvc Installed && return 100
# run an update
test_pkgs apk-tools-static &&
apk.static upgrade -a -U &&
return 101
# on failure
return 102
}
test_ssh_pwauth(){
grep -qE 'PasswordAuthentication.*yes' /etc/ssh/sshd_config && return 100
sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config &&
service sshd restart || return 102
return 100
}
test_pkgs(){
for pkg in $1 ; do
apk version "${pkg}" | grep -q "${pkg}" && continue
# install the first missing package and jump back
apk add "${pkg}" && return 101
# on failure
return 102
done
# all were installed
return 100
}
reinstall_opennebula(){
find /etc/one-context.d -type f -exec rm {} + 2>/dev/null
# existiert nur in alten versionen
find /etc/init.d/one-context* -type f -exec rm {} + 2>/dev/null
apk del one-context
apk add one-context || return 102
rc-update add vmcontext boot
# need to reboot at that point
sync; sleep 6; reboot
}
test_fail2ban() {
#es soll registiert sein
if ! rc-update | grep -q "fail2ban" ; then
rc-update add fail2ban || return 102
return 101
fi
#es soll im runlevel default stehen
if ! rc-update | grep -qE "fail2ban.*default" ; then
rc-update del fail2ban boot 2>/dev/null
rc-update del fail2ban sysinit 2>/dev/null
rc-update add fail2ban default || return 102
return 101
fi
#es soll laufen - wird aber spaeter automatisch gestartet (nach vmcontext)
#if ! pgrep fail2ban ; then
# service fail2ban start || return 102
# return 101
#fi
return 100
}
test_opennebula()
{
#Test for bad things,
# 1. old versions were bad, this one is known good
# 2. should only contain links
# 3. should not hold the old scripts
apk version one-context | grep -q "one-context-0.9.0-r0" || reinstall_opennebula
[ "$( find /etc/one-context.d -type f | wc -l )" -eq 0 ] || reinstall_opennebula
[ "$( find /etc/init.d/one-context* -type f 2>/dev/null | wc -l )" -eq 0 ] || reinstall_opennebula
return 100
}
test_kbd(){
[ -r /etc/conf.d/loadkmap ] || return 102
if ! grep -q "keymap/de" /etc/conf.d/loadkmap ; then
test_pkgs musl-locales
test_pkgs musl-locales-lang
setup-keymap de de
return 101
fi
return 100
}
test_cmk_agent(){
_agent=/usr/local/bin/check_mk_agent
_port=6556
#es passt normalerweise wenn:
# - port auf ist
# - und script existiert
netstat -na | grep -qE "tcp.*${_port}" &&
[ -x ${_agent} ] &&
return 100
#ein paar dependencies wollen wir sehen
test_pkgs bash
test_pkgs busybox-extras
test_pkgs busybox-extras-openrc
test_pkgs ethtool
test_pkgs procps
#cmk agent vorhanden sonst download
[ -r ${_agent} ] || wget -O ${_agent} https://raw.githubusercontent.com/Checkmk/checkmk/refs/heads/release/2.2.0p39/agents/check_mk_agent.linux &&
for _dir in \
/etc/check_mk /usr/local/lib/check_mk_agent/plugins \
/usr/local/lib/check_mk_agent/local /var/cache/check_mk ; do
[ -d ${_dir} ] || mkdir -p ${_dir}
done
[ -x ${_agent} ] || chmod 700 ${_agent}
#services ok?
grep -q -E '(check_mk|checkmk)' /etc/services ||
echo "checkmk-agent ${_port}/tcp #Checkmk monitoring agent" >> /etc/services
#inetd config ergaenzt
grep -q -E '(check_mk|checkmk)' /etc/inetd.conf ||
echo "checkmk-agent stream tcp nowait root ${_agent}" >> /etc/inetd.conf
# inetd enable
if ! rc-update | grep -qE "inetd" ; then
rc-update add inetd
# starten oder bei korrupter config abbrechen
service inetd restart || return 102
return 101
fi
}
decide(){
retry_count=4
#mache den test
${1} "${2:-}" ; RC=$?
case ${RC} in
#wenn er 102 ist, brich ab
102)
echo "fatal error in ${1}"
exit 1
;;
#wenn er 101 ist, mach ihn wieder
101)
while [ $retry_count -gt 0 ]; do
retry_count=$(( retry_count - 1 ))
# hier wurden die return codes nicht gelesen, reicht das so?
${1} "${2:-}" && break
done
# sollte das ein exit sein?
return 1
;;
#wenn er 100 ist, geh weiter
100)
return 0;;
esac
}
main(){
decide test_network
decide test_updates
decide test_ssh_pwauth
# hab einen bug mit $2 als liste
decide test_pkgs udev
decide test_pkgs sudo
decide test_opennebula
# hab einen bug mit $2 als liste
#decide test_pkgs "kbd fail2ban"
decide test_pkgs fail2ban
decide test_pkgs kbd
decide test_fail2ban
decide test_kbd
decide test_cmk_agent
}
main
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment