Done refactoring

Brian Pontarelli · Brian Pontarelli · commit 33bea5235337 · 2016-05-03T17:11:17.000-06:00
diff --git a/.gitignore b/.gitignore
@@ -1,2 +1,3 @@
 .idea/workspace.xml
 output
+bundle
diff --git a/configure.sh b/configure.sh
@@ -76,4 +76,4 @@ chmod +x output/backup.sh
 chmod +x output/setup-server.sh
 
 sed "s/@APPLICATION_SERVER_IP@/${application_server_ip}/g" < template/ubuntu-16.04/iptables-database-server.cfg > output/iptables-database-server.cfg
-sed "s/@MONIT_EMAIL_SERVER@/${monit_smtp_host}/g;s/@MONIT_EMAIL_PORT@/${monit_smtp_port}/g;s/@MONIT_EMAIL_USERNAME@/${monit_smtp_username}/g;s/@MONIT_EMAIL_PASSWORD@/${monit_smtp_password}/g;s/@MONIT_EMAIL_ENCRYPTION@/${monit_smtp_encryption}/g" < template/ubuntu-16.04/monitrc > output/monitrc
+sed "s/@MONIT_EMAIL_SERVER@/${monit_smtp_host}/g;s/@MONIT_EMAIL_PORT@/${monit_smtp_port}/g;s/@MONIT_EMAIL_USERNAME@/${monit_smtp_username}/g;s/@MONIT_EMAIL_PASSWORD@/${monit_smtp_password}/g;s/@MONIT_EMAIL_ENCRYPTION@/${monit_smtp_encryption}/g;s/@MONIT_ALERT_EMAIL@/${monit_alert_email}/g" < template/ubuntu-16.04/monitrc > output/monitrc
diff --git a/setup-new-server.sh b/setup-new-server.sh
@@ -6,7 +6,7 @@ function bail {
 }
 
 if [[ ${#} != 4 && ${#} != 5 ]]; then
-  echo "Usage: setup-new-server.sh <root@host> <ssh-public-key-file> <iptable-config-file> <ordinary-username> [ordinary-user-password]"
+  echo "Usage: setup-new-server.sh <root@host> <local-ssh-public-key-file> <local-iptable-config-file> <ordinary-username> [ordinary-user-password]"
   echo ""
   echo "    for example: setup-new-server.sh root@192.168.1.1 ~/.ssh/id_rsa.pub output/iptables-application-server.cfg myuser password"
   echo ""
@@ -45,5 +45,18 @@ if ! [ -f ${iptable_cfg_file} ]; then
   bail "Invalid IPTables configuration file"
 fi
 
-scp output/* ${ssh_key_file} ${root_at_host}:/root
-ssh -t ${root_at_host} "/root/setup-server.sh ${ssh_key_file} ${iptable_cfg_file} '${ordinary_user}' '${ordinary_user_password}'"
+# Prepare the bundle to go to the server
+rm -rf bundle
+mkdir bundle
+cp output/* bundle
+cp ${iptable_cfg_file} bundle/iptables.cfg
+cp ${ssh_key_file} bundle/ssh-public-key
+rm bundle/iptables-*-server.cfg
+
+# Transfer the bundle and execute it
+scp bundle/* ${root_at_host}:/root
+echo "Setting up the server. This might take a few minutes. There will be a log file in /root/setup.log after this is complete in case anything failed."
+ssh -t ${root_at_host} "/root/setup-server.sh ssh-public-key iptables.cfg '${ordinary_user}' '${ordinary_user_password}' > /root/setup.log 2>&1"
+
+# Clean up
+rm -rf bundle
diff --git a/template/ubuntu-16.04/setup-server.sh b/template/ubuntu-16.04/setup-server.sh
@@ -25,30 +25,35 @@ if ! [ -f ${iptable_cfg_file} ]; then
   bail "Invalid IPTables configuration file"
 fi
 
-apt-get -qq -y install libpam-cracklib > /dev/null 2>&1
-apt-get -qq -y install libpam-google-authenticator > /dev/null 2>&1
-apt-get -qq -y install ntp > /dev/null 2>&1
+echo "############################################ Installing packages ############################################"
+apt-get -y install libpam-cracklib
+apt-get -y install libpam-google-authenticator
+apt-get -y install ntp
 debconf-set-selections <<< 'iptables-persistent iptables-persistent/autosave_v4 boolean true'
 debconf-set-selections <<< 'iptables-persistent iptables-persistent/autosave_v6 boolean true'
-apt-get -qq -y install iptables-persistent > /dev/null 2>&1
-apt-get -qq -y install monit > /dev/null 2>&1
-apt-get -qq -y install ruby > /dev/null 2>&1
+apt-get -y install iptables-persistent
+apt-get -y install monit
+apt-get -y install ruby
 
+echo "############################################ Creating ordinary user ############################################"
 ordinary_user_password_encrypted=$(mkpasswd -m sha-512 ${ordinary_user_password})
 useradd -m -G sudo -s /bin/bash -p "${ordinary_user_password_encrypted}" ${ordinary_user}
 mkdir -p /home/${ordinary_user}/.ssh
 cp ${ssh_key_file} /home/${ordinary_user}/.ssh/authorized_keys
 chown -R ${ordinary_user}:${ordinary_user} /home/${ordinary_user}/.ssh
 chmod 700 /home/${ordinary_user}/.ssh
 chmod 600 /home/${ordinary_user}/.ssh/authorized_keys
+usermod -p '*' root
 
 # Backup all the configuration files
+echo "############################################ Backing up files ############################################"
 cp /etc/ssh/sshd_config /etc/ssh/sshd_config.orig
 cp /etc/pam.d/sshd /etc/pam.d/sshd.orig
 cp /etc/iptables/rules.v4 /etc/iptables/rules.v4.orig
 cp /etc/monit/monitrc /etc/monit/monitrc.orig
 
-# SCP over all the files
+# Install configuration files
+echo "############################################ Installing configuration files ############################################"
 cp common-password /etc/pam.d/common-password
 cp ${iptable_cfg_file} /etc/iptables/rules.v4
 cp monit-ssh-logins.cfg /etc/monit/conf.d/ssh-logins
@@ -59,7 +64,7 @@ if [ -f monit-slack-pushover.rb ]; then
   cp monit-slack-pushover.rb /etc/monit/monit-slack-pushover.rb
 fi
 
+echo "############################################ Restarting the services ############################################"
 service ssh restart
 service netfilter-persistent reload
 service monit restart
-usermod -p '*' root

Original file line number	Diff line number	Diff line change
`@@ -1,2 +1,3 @@`
`1`	`1`	`.idea/workspace.xml`
`2`	`2`	`output`
	`3`	`+bundle`