EuryBOX/cfg/sw/eurybox.conf

#!/bin/bash
#EuryBOX configuration file

#Script has to be run with sudo permissions
#To be run from crontab:
#/etc/sudoers ==> #Defaults    requiretty
#/etc/sudoers ==> #Defaults   !visiblepw
#crontab -e ==> * * * * * flock -n /var/run/eurybox_update.lock -c /eurybox-install-dir/sw/src/exploitation_center/core/update/eurybox_update >> /var/log/eurybox_update.log 2>&1



###################################
### SCRIPT EXECUTION PARAMETERS ###
###################################

EURYBOX_CORPORATE="My Corporate"

#Details level on script execution
#Can be: debug, verbose, info, warning or error
EURYBOX_LOG_LEVEL="info"
#Max retry on failure before stopping execution
EURYBOX_MAX_RETRY_ON_FAILURE="10"
#Errors temporisation time between trials (in seconds)
EURYBOX_ERROR_TEMPORISATION_TIME="5"
#Network calls timeout (in seconds)
EURYBOX_NETWORK_TIMEOUT="2"
#Version
EURYBOX_VERSION="1.0"

#Folder used for temporary operations
EURYBOX_TMP_FOLDER="/tmp/bkp"



##############################
### ENVIRONMENT PARAMETERS ###
##############################

#DNS
EURYBOX_DOMAIN="mydomain.mytld"

#Host parameters
#Distrib type = archlinux, centos5, centos6, centos7, debian6, debian7, debian8, fedora20, fedora21, fedora22, fedora23, gentoo, redhat5, redhat6, redhat7, ubuntu12, ubuntu14, ubuntu16
#MAC type = none, selinux
EURYBOX_DISTRIB_TYPE="centos7"
EURYBOX_DISTRIB_MAC_TYPE="selinux"

#Hypervisor parameters
#Type = xen, qemu (with kvm)
EURYBOX_HYPERVISOR=(
  [TYPE]="qemu"
)

#Services parameters
#Disks are autodetected
#Supported OS (for update): archlinux, centos5, centos6, centos7, debian6, debian7, debian8, fedora20, fedora21, fedora22, fedora23, gentoo, redhat5, redhat6, redhat7, ubuntu12, ubuntu14, ubuntu16
declare -A EURYBOX_SERVICES
EURYBOX_SERVICES=(
  [1,NAME]="gw001m"
  [1,HOST]="192.168.123.133"
  [1,PORT]="22"
  [1,USER]="root"
  [1,OS]="openbsd5"
  [1,DISK]=""
  [2,NAME]="srv001m"
  [2,HOST]="srv001m.$EURYBOX_DOMAIN"
  [2,PORT]="22"
  [2,USER]="root"
  [2,OS]="centos7"
  [2,DISK]="/isos_store/additionnaldisk1.iso /isos_store/additionnaldisk2.iso"
)

#Services number (linked to the number of parameters per service)
#Should not have to be changed
EURYBOX_SERVICES_NUMBER=`expr ${#EURYBOX_SERVICES[@]} / 6`



#########################
### BACKUP PARAMETERS ###
#########################

declare -A EURYBOX_BACKUP_DESTINATION
declare -A EURYBOX_BACKUP_TARGETS
declare -A EURYBOX_BACKUP_ARCHIVE

#Can be: vm_cold, vm_hot, full_cold, full_hot
EURYBOX_BACKUP_TYPE="vm_cold"

#Low disk space threshold (Kilo-Bytes)
EURYBOX_BACKUP_LOW_WARNING_LEVEL="250000000"
EURYBOX_BACKUP_LOW_CRITICAL_LEVEL="20000000"

#Pre-Backup Commands

#Post-Backup Commands

#Backup targets (in addition to services attached disks and optionnal additionnal disks from config)
EURYBOX_BACKUP_TARGETS=(
#  [0]="/var/log"
#  [1]="/etc"
)

#Backup archive
#FORMAT= tar/tar.gz/tar.bz2
#HASH= sha256/sha512
#FEC= par2/zfec
#FEC_FILE_NUM = 1/2/...
#FEC_LEVEL = 0/1/.../99/100
#FEC_FILE_NUM_MIN = 1/2/... (<= FEC_FILE_NUM)
#ENC_ALGO= openssl continuous block encryption supported algo (aes-256-ctr/camellia-256-cbc/blowfish/...)
EURYBOX_BACKUP_ARCHIVE=(
  [NAME]="nodeXX_archive"
  [OWNER]="root:root"
  [MASK]="400"
  [LABEL]="backup_u:object_r:backup_t:s0"
  [FORMAT]="tar.gz"
  [HASH]="sha512"
  [ENCRYPT]="true"
  [ENC_ALGO]="aes-256-ctr"
  [PASSFILE]="/secure_folder/passphrasefile"
  [FEC]="zfec"
  [FEC_FILE_NUM]="10"
#FOR PAR2 ONLY
  [FEC_LEVEL]="25"
#FOR ZFEC ONLY
  [FEC_FILE_NUM_MIN]="6"
)

#Backup destination
#PROTOCOL= SSH/NFS/FTP/PART/LOCAL/ISCSI
#Protocol options details
#-SSH: ssh client/server configuration done at system level (.ssh local files) + local mount point provided by sshfs. Password authentication capability has been enforced as disabled by command options
#-NFS: nfs client/server configuration + local mount point provided by kernel.
#-ISCSI: TODO - iSCSI target/initiator configuration + local mount point provided by TBD
#-FTP: ftp client/server authentication (user/password [UNSECURE] - TODO? certs/.netrc/other) + mount provided by curlftpfs.
#-PART: local unmounted partition or raw device (as USB device, additional disks, ...) + local mount point provided by kernel. TODO: LUKS encrypted partition provided by kernel and cryptsetup tool
#-LOCAL: local directory
EURYBOX_BACKUP_DESTINATION=(
  [PROTOCOL]="LOCAL"
  [MOUNT]="/home/local_bkp"
#FOR SSH AND FTP
  [USER]="root"
#FOR SSH(22), FTP(21) AND NFS(2049)
  [PORT]="22"
  [HOST]="10.10.10.10"
  [PATH]="/mnt/backup/eurybox_archives"
#FOR NFS ONLY
  [TYPE]="nfs4"
#FOR PART ONLY
  [PART]="/dev/sde"
#FOR FTP ONLY
  [PASSWORD]="MyStrongFTPPassword"
)



##########################
### RESTORE PARAMETERS ###
##########################

#Restore target configuration
#Can be: interactive
#interactive => prompt from shell for restore target
EURYBOX_RESTORE_PARAMETERS_ACQUISITION="interactive"

#Restore type
#Can be: cloned_vm, cloned_full, full
#cloned_vm => restore vm(s) from archive as is
#cloned_full => restore hv as vm(s) from archive as is
#full => restore hv as vm(s) and refresh configurations elements
EURYBOX_RESTORE_TYPE="cloned_vm"

#Restore mode
#Can be: safe/fast
#safe => verify archive to ensure recovery process security
#fast => disable some verifications on archive to speedup recovery speed
EURYBOX_RESTORE_MODE="safe"



#########################
### UPDATE PARAMETERS ###
#########################
declare -A EURYBOX_UPDATE_LOCAL_REPOSITORIES

#Activation of local repositories update
#Can be: true/false
EURYBOX_UPDATE_LOCAL_REPOSITORIES_ACTIVATED="true"

#Local repositories storage path
EURYBOX_UPDATE_LOCAL_REPOSITORIES_PATH="/home/local_repositories"

#Target repositories
#NB: URI scheme follow rsync conventions / read rsync man to get all details
EURYBOX_UPDATE_LOCAL_REPOSITORIES=(
  [1,NAME]="centos7"
  [1,ARCH]="x86_64"
  [1,URI]="centos.mirrors.ovh.net::ftp.centos.org/7/"
  [2,NAME]="epel7"
  [2,ARCH]="x86_64"
  [2,URI]="epel.mirrors.ovh.net::fedora-epel/7/"
  [3,NAME]="openbsd59"
  [3,ARCH]="amd64"
  [3,URI]="ftp.fr.openbsd.org::OpenBSD/5.9/"
  [4,NAME]="gentoo"
  [4,ARCH]=""
  [4,URI]="rsync.gentoo.org::gentoo-portage/"
  [5,NAME]="archlinux"
  [5,ARCH]="x86_64"
  [5,URI]="fooo.biz::archlinux/"
  [6,NAME]="ubuntu"
  [6,ARCH]=""
  [6,URI]="archive.ubuntu.com::ubuntu/"
  [7,NAME]="fedora24"
  [7,ARCH]="x86_64"
  [7,URI]="fr2.rpmfind.net::linux/fedora/linux/releases/24/"
  [8,NAME]="debian"
  [8,ARCH]=""
  [8,URI]="ftp.fr.debian.org::debian/"
)
EURYBOX_UPDATE_LOCAL_REPOSITORIES_NUMBER=`expr ${#EURYBOX_UPDATE_LOCAL_REPOSITORIES[@]} / 3`



###############################
### EXEC COMMAND PARAMETERS ###
###############################
declare -A EURYBOX_EXEC_COMMANDS

#Command to be executed on all VM (OS type discrimination possible)
EURYBOX_EXEC_COMMANDS=(
  [0,CMD]="hostname"
  [0,OS]="all"
  [1,CMD]="yum -y install wget"
  [1,OS]="centos7"
  [2,CMD]="ping -c 1 www.$EURYBOX_DOMAIN"
  [2,OS]="all"
)
EURYBOX_EXEC_COMMANDS_NUMBER=`expr ${#EURYBOX_EXEC_COMMANDS[@]} / 2`


#TODO: ADD HOSTED SERVICE CONFIGURATION MANAGEMENT
##  [1,SERV]="GATEWAY"
##  [1,TYPE]="pf"
##  [2,SERV]="DHCP"
##  [2,TYPE]="dhcpd"