Highly Available and Scalable Information System
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

249 lines
7.0 KiB

  1. #!/bin/bash
  2. #EuryBOX configuration file
  3. #Script has to be run with sudo permissions
  4. #To be run from crontab:
  5. #/etc/sudoers ==> #Defaults requiretty
  6. #/etc/sudoers ==> #Defaults !visiblepw
  7. #crontab -e ==> * * * * * flock -n /var/run/eurybox_update.lock -c /eurybox-install-dir/sw/src/exploitation_center/core/update/eurybox_update >> /var/log/eurybox_update.log 2>&1
  8. ###################################
  9. ### SCRIPT EXECUTION PARAMETERS ###
  10. ###################################
  11. EURYBOX_CORPORATE="My Corporate"
  12. #Details level on script execution
  13. #Can be: debug, verbose, info, warning or error
  14. EURYBOX_LOG_LEVEL="info"
  15. #Max retry on failure before stopping execution
  16. EURYBOX_MAX_RETRY_ON_FAILURE="10"
  17. #Errors temporisation time between trials (in seconds)
  18. EURYBOX_ERROR_TEMPORISATION_TIME="5"
  19. #Network calls timeout (in seconds)
  20. EURYBOX_NETWORK_TIMEOUT="2"
  21. #Version
  22. EURYBOX_VERSION="1.0"
  23. #Folder used for temporary operations
  24. EURYBOX_TMP_FOLDER="/tmp/bkp"
  25. ##############################
  26. ### ENVIRONMENT PARAMETERS ###
  27. ##############################
  28. #DNS
  29. EURYBOX_DOMAIN="mydomain.mytld"
  30. #Host parameters
  31. #Distrib type = archlinux, centos5, centos6, centos7, debian6, debian7, debian8, fedora20, fedora21, fedora22, fedora23, gentoo, redhat5, redhat6, redhat7, ubuntu12, ubuntu14, ubuntu16
  32. #MAC type = none, selinux
  33. EURYBOX_DISTRIB_TYPE="centos7"
  34. EURYBOX_DISTRIB_MAC_TYPE="selinux"
  35. #Hypervisor parameters
  36. #Type = xen, qemu (with kvm)
  37. EURYBOX_HYPERVISOR=(
  38. [TYPE]="qemu"
  39. )
  40. #Services parameters
  41. #Disks are autodetected
  42. #Supported OS (for update): archlinux, centos5, centos6, centos7, debian6, debian7, debian8, fedora20, fedora21, fedora22, fedora23, gentoo, redhat5, redhat6, redhat7, ubuntu12, ubuntu14, ubuntu16
  43. declare -A EURYBOX_SERVICES
  44. EURYBOX_SERVICES=(
  45. [1,NAME]="gw001m"
  46. [1,HOST]="192.168.123.133"
  47. [1,PORT]="22"
  48. [1,USER]="root"
  49. [1,OS]="openbsd5"
  50. [1,DISK]=""
  51. [2,NAME]="srv001m"
  52. [2,HOST]="srv001m.$EURYBOX_DOMAIN"
  53. [2,PORT]="22"
  54. [2,USER]="root"
  55. [2,OS]="centos7"
  56. [2,DISK]="/isos_store/additionnaldisk1.iso /isos_store/additionnaldisk2.iso"
  57. )
  58. #Services number (linked to the number of parameters per service)
  59. #Should not have to be changed
  60. EURYBOX_SERVICES_NUMBER=`expr ${#EURYBOX_SERVICES[@]} / 6`
  61. #########################
  62. ### BACKUP PARAMETERS ###
  63. #########################
  64. declare -A EURYBOX_BACKUP_DESTINATION
  65. declare -A EURYBOX_BACKUP_TARGETS
  66. declare -A EURYBOX_BACKUP_ARCHIVE
  67. #Can be: vm_cold, vm_hot, full_cold, full_hot
  68. EURYBOX_BACKUP_TYPE="vm_cold"
  69. #Low disk space threshold (Kilo-Bytes)
  70. EURYBOX_BACKUP_LOW_WARNING_LEVEL="250000000"
  71. EURYBOX_BACKUP_LOW_CRITICAL_LEVEL="20000000"
  72. #Pre-Backup Commands
  73. #Post-Backup Commands
  74. #Backup targets (in addition to services attached disks and optionnal additionnal disks from config)
  75. EURYBOX_BACKUP_TARGETS=(
  76. # [0]="/var/log"
  77. # [1]="/etc"
  78. )
  79. #Backup archive
  80. #FORMAT= tar/tar.gz/tar.bz2
  81. #HASH= sha256/sha512
  82. #FEC= par2/zfec
  83. #FEC_FILE_NUM = 1/2/...
  84. #FEC_LEVEL = 0/1/.../99/100
  85. #FEC_FILE_NUM_MIN = 1/2/... (<= FEC_FILE_NUM)
  86. #ENC_ALGO= openssl continuous block encryption supported algo (aes-256-ctr/camellia-256-cbc/blowfish/...)
  87. EURYBOX_BACKUP_ARCHIVE=(
  88. [NAME]="nodeXX_archive"
  89. [OWNER]="root:root"
  90. [MASK]="400"
  91. [LABEL]="backup_u:object_r:backup_t:s0"
  92. [FORMAT]="tar.gz"
  93. [HASH]="sha512"
  94. [ENCRYPT]="true"
  95. [ENC_ALGO]="aes-256-ctr"
  96. [PASSFILE]="/secure_folder/passphrasefile"
  97. [FEC]="zfec"
  98. [FEC_FILE_NUM]="10"
  99. #FOR PAR2 ONLY
  100. [FEC_LEVEL]="25"
  101. #FOR ZFEC ONLY
  102. [FEC_FILE_NUM_MIN]="6"
  103. )
  104. #Backup destination
  105. #PROTOCOL= SSH/NFS/FTP/PART/LOCAL/ISCSI
  106. #Protocol options details
  107. #-SSH: ssh client/server configuration done at system level (.ssh local files) + local mount point provided by sshfs. Password authentication capability has been enforced as disabled by command options
  108. #-NFS: nfs client/server configuration + local mount point provided by kernel.
  109. #-ISCSI: TODO - iSCSI target/initiator configuration + local mount point provided by TBD
  110. #-FTP: ftp client/server authentication (user/password [UNSECURE] - TODO? certs/.netrc/other) + mount provided by curlftpfs.
  111. #-PART: local unmounted partition or raw device (as USB device, additional disks, ...) + local mount point provided by kernel. TODO: LUKS encrypted partition provided by kernel and cryptsetup tool
  112. #-LOCAL: local directory
  113. EURYBOX_BACKUP_DESTINATION=(
  114. [PROTOCOL]="LOCAL"
  115. [MOUNT]="/home/local_bkp"
  116. #FOR SSH AND FTP
  117. [USER]="root"
  118. #FOR SSH(22), FTP(21) AND NFS(2049)
  119. [PORT]="22"
  120. [HOST]="10.10.10.10"
  121. [PATH]="/mnt/backup/eurybox_archives"
  122. #FOR NFS ONLY
  123. [TYPE]="nfs4"
  124. #FOR PART ONLY
  125. [PART]="/dev/sde"
  126. #FOR FTP ONLY
  127. [PASSWORD]="MyStrongFTPPassword"
  128. )
  129. ##########################
  130. ### RESTORE PARAMETERS ###
  131. ##########################
  132. #Restore target configuration
  133. #Can be: interactive
  134. #interactive => prompt from shell for restore target
  135. EURYBOX_RESTORE_PARAMETERS_ACQUISITION="interactive"
  136. #Restore type
  137. #Can be: cloned_vm, cloned_full, full
  138. #cloned_vm => restore vm(s) from archive as is
  139. #cloned_full => restore hv as vm(s) from archive as is
  140. #full => restore hv as vm(s) and refresh configurations elements
  141. EURYBOX_RESTORE_TYPE="cloned_vm"
  142. #Restore mode
  143. #Can be: safe/fast
  144. #safe => verify archive to ensure recovery process security
  145. #fast => disable some verifications on archive to speedup recovery speed
  146. EURYBOX_RESTORE_MODE="safe"
  147. #########################
  148. ### UPDATE PARAMETERS ###
  149. #########################
  150. declare -A EURYBOX_UPDATE_LOCAL_REPOSITORIES
  151. #Activation of local repositories update
  152. #Can be: true/false
  153. EURYBOX_UPDATE_LOCAL_REPOSITORIES_ACTIVATED="true"
  154. #Local repositories storage path
  155. EURYBOX_UPDATE_LOCAL_REPOSITORIES_PATH="/home/local_repositories"
  156. #Target repositories
  157. #NB: URI scheme follow rsync conventions / read rsync man to get all details
  158. EURYBOX_UPDATE_LOCAL_REPOSITORIES=(
  159. [1,NAME]="centos7"
  160. [1,ARCH]="x86_64"
  161. [1,URI]="centos.mirrors.ovh.net::ftp.centos.org/7/"
  162. [2,NAME]="epel7"
  163. [2,ARCH]="x86_64"
  164. [2,URI]="epel.mirrors.ovh.net::fedora-epel/7/"
  165. [3,NAME]="openbsd59"
  166. [3,ARCH]="amd64"
  167. [3,URI]="ftp.fr.openbsd.org::OpenBSD/5.9/"
  168. [4,NAME]="gentoo"
  169. [4,ARCH]=""
  170. [4,URI]="rsync.gentoo.org::gentoo-portage/"
  171. [5,NAME]="archlinux"
  172. [5,ARCH]="x86_64"
  173. [5,URI]="fooo.biz::archlinux/"
  174. [6,NAME]="ubuntu"
  175. [6,ARCH]=""
  176. [6,URI]="archive.ubuntu.com::ubuntu/"
  177. [7,NAME]="fedora24"
  178. [7,ARCH]="x86_64"
  179. [7,URI]="fr2.rpmfind.net::linux/fedora/linux/releases/24/"
  180. [8,NAME]="debian"
  181. [8,ARCH]=""
  182. [8,URI]="ftp.fr.debian.org::debian/"
  183. )
  184. EURYBOX_UPDATE_LOCAL_REPOSITORIES_NUMBER=`expr ${#EURYBOX_UPDATE_LOCAL_REPOSITORIES[@]} / 3`
  185. ###############################
  186. ### EXEC COMMAND PARAMETERS ###
  187. ###############################
  188. declare -A EURYBOX_EXEC_COMMANDS
  189. #Command to be executed on all VM (OS type discrimination possible)
  190. EURYBOX_EXEC_COMMANDS=(
  191. [0,CMD]="hostname"
  192. [0,OS]="all"
  193. [1,CMD]="yum -y install wget"
  194. [1,OS]="centos7"
  195. [2,CMD]="ping -c 1 www.$EURYBOX_DOMAIN"
  196. [2,OS]="all"
  197. )
  198. EURYBOX_EXEC_COMMANDS_NUMBER=`expr ${#EURYBOX_EXEC_COMMANDS[@]} / 2`
  199. #TODO: ADD HOSTED SERVICE CONFIGURATION MANAGEMENT
  200. ## [1,SERV]="GATEWAY"
  201. ## [1,TYPE]="pf"
  202. ## [2,SERV]="DHCP"
  203. ## [2,TYPE]="dhcpd"