finish_ubuntu_auto_deployment_gui_nosnap_hypervisor_cluster

1. #!/bin/bash
2. export DEBIAN_FRONTEND=noninteractive
3.  
4. ############################################################################
5. ##########################written by echoslider#############################
6. ############################################################################
7. ### You can use it for automated Deployment of an encrypted Ubuntu 22.04 ###
8. ###                                                                      ###
9. ###                             EFI ONLY                                 ###
10. ###                                                                      ###
11. ### Preinstalled:                                                        ###
12. ###              -KVM/libvirt:    for run Virtual Machines, Virt-Manager ###
13. ###              -pacemaker/pcs:  for Clustering (Web GUI on Port 2224)  ###
14. ###              -Network Tools:  like ping,nslookup,dig,lsof,           ###
15. ###                               Wireless Client                        ###
16. ###              -Disk Tools:     like gdisk                             ###
17. ###              -ZFS:            for create storage pools. Encrypted,   ###
18. ###                               Compressed, SelfHealing, ...           ###
19. ###              -Desktop:        The smallest Desktop "blackbox".       ###
20. ###                               Start it with "startx" after login.    ###
21. ###                               User "serveradmin" have a custom Menu. ###
22. ###              -Software:       Firefox (no snap), w3m, Taskmanager    ###
23. ###                                                                      ###
24. ###  Language/Keyboard:           German                                 ###
25. ############################################################################
26. ############################################################################
27. ############################################################################
28.  
29.  
30.  
31. #Password for Encryption, "serveradmin" User
32. PASSWORD="p@ssw0rd"
33.  
34. #Password for "root" User
35. PASSWORDROOT="p@ssw0rd"
36.  
37.  
38.  
39. ############################################################################
40.  
41. setxkbmap de
42.  
43. apt-get update
44.  
45. apt-get install --yes debootstrap net-tools
46.  
47. #List all Disks and put it into an Array.
48. #You can choose on what DISK the System will be installed.
49. options=()
50.  
51. for OUTPUT in $(lsblk -dp | grep -o '^/dev[^ ]*'|grep -v "loop"|grep -v "sr")
52. do
53.     options+=("$OUTPUT")
54. done
55.  
56. options+=("Exit")
57.  
58. DISKA=`lsblk -dp | grep -o '^/dev[^ ]*'|grep -v "loop"|grep -v "sr"|head -n 1`
59.  
60. while :
61. do
62.   read -t20 -p "Automatic choose $DISKA in 20 Seconds (Y/N): "
63.   if [ $? -gt 128 ]; then
64.     DISK=$DISKA
65.     break
66.   fi
67.  
68.   case $REPLY in
69.   [yY]*)
70.     DISK=$DISKA
71.     break
72.     ;;
73.   [nN]*)
74.     NOAUTO="1"
75.     break
76.     ;;
77.   *) echo "Please enter Y or N"
78.      ;;
79.   esac
80. done
81.  
82. if [ "$NOAUTO" = "1" ]; then
83.  
84. select opt in "${options[@]}"
85. do
86.  
87.     case $opt in
88.         $opt)
89.            
90.             if [ ! -z "$opt" ]; then
91.         if [ "$opt" = "Exit" ]; then
92.             exit
93.         else
94.         DISK=$opt
95.         break
96.         fi 
97.             fi
98.                    
99.             ;;
100.         *)
101.     esac
102. done
103. fi
104.  
105.  
106. #List the default Network Interface
107. INTERFACE=`route | grep default | awk '{print $8}'`
108.  
109.  
110. #WIPE the DISK
111. blkdiscard -f $(echo $DISK)
112. sgdisk --zap-all $(echo $DISK)
113.  
114.  
115. #Calculate the Swap File Size.
116. #Depends on your current Memory.
117. typeset -i mema
118. typeset -i memb
119. typeset -i memc
120. mem=`cat /proc/meminfo|head -n 1|awk '{ print $2 }'`
121. mem0=`echo "$[(($mem * 1024/1024/1024/1024)+1)]"|bc`
122.  
123. mema=`echo "$[2*(($mem * 1024/1024/1024/1024)+1)]"|bc`
124. memb=$mem0
125. memc=`echo "$[0,5*(($mem * 1024/1024/1024/1024)+1)/10]"|bc`
126.  
127. if [ "$mem0" -lt "2" ]; then
128. memory="$mema"
129. fi
130.  
131. if [ "$mem0" -ge "2" ] && [ "$mem0" -le 8 ]; then
132. memory="$memb"
133. fi
134.  
135. if [ "$mem0" -gt "8" ]; then
136. memory="$membc"
137. fi
138.  
139. memoryb=`echo "$[(($memory * 1024))]"|bc`
140.  
141.  
142. #Create 2 Disks. 1. for EFI. 2. for the encrypted Linux System
143. sgdisk -n1:0:+500M -c 1:"EFI System Partition" -t 1:ef00 $(echo $DISK)
144. sgdisk -n2:0:0 -c 2:"Linux /" -t 2:8300 $(echo $DISK)
145.  
146.  
147. #Prepare the Disks with LUKS and a Filesystem(ext4)
148. mkfs.vfat -F32 -n ESP $(echo $DISK)1
149. echo -n $PASSWORD | cryptsetup -c aes-xts-plain64 -s 512 -h sha512 luksFormat --label cryptlinux $(echo $DISK)2
150. echo -n $PASSWORD | cryptsetup open $(echo $DISK)2 cryptlinux
151. mkfs.ext4 -L linux /dev/mapper/cryptlinux
152.  
153.  
154. #Mount the encrypted Disk and create the EFI Directory
155. mount /dev/mapper/cryptlinux /mnt
156. mkdir -p /mnt/boot/efi
157. mount $(echo $DISK)1 /mnt/boot/efi
158.  
159.  
160. #Create the Swapfile and FIX the Permissions Bug
161. dd if=/dev/zero of=/mnt/swapfile bs=1M count=$memoryb
162. mkswap /mnt/swapfile
163. chmod 600 /mnt/swapfile
164. swapon /mnt/swapfile
165.  
166.  
167. #Install a very small Basic System. "base" is a Basic System. "minbase" is a smaller Basic System
168. debootstrap \
169. --arch=amd64 \
170. --variant=minbase \
171. jammy \
172. /mnt \
173. http://archive.ubuntu.com/ubuntu/
174.  
175.  
176. #Create the FSTAB File
177. echo UUID=$(blkid -s UUID -o value $(echo $DISK)1) \
178.     /boot/efi vfat defaults 0 0 >> /mnt/etc/fstab
179.  
180. echo UUID=$(blkid -s UUID -o value $(echo $DISK)2) \
181.     / ext4 errors=remount-ro 0       1 >> /mnt/etc/fstab
182.  
183.  
184. #That is important for unlocking the Disk on Boot
185. echo "cryptlinux UUID=$(blkid -s UUID -o value $(echo $DISK)2) none luks" >>/mnt/etc/crypttab
186.  
187.  
188. #Here you can Block Packages in APT
189. cat > /mnt/etc/apt/preferences.d/ignored-packages << EOF
190. #Package: grub-common grub2-common grub-pc grub-pc-bin grub-gfxpayload-lists
191. #Pin: release *
192. #Pin-Priority: -1
193.  
194. Package: snapd cloud-init landscape-common popularity-contest ubuntu-advantage-tools
195. Pin: release *
196. Pin-Priority: -1
197. EOF
198.  
199.  
200. #write the Sources File for APT
201. cat > /mnt/etc/apt/sources.list << EOF
202. deb http://archive.ubuntu.com/ubuntu/ jammy main restricted
203. deb http://security.ubuntu.com/ubuntu/ jammy-security main restricted
204. deb http://archive.ubuntu.com/ubuntu/ jammy-updates main restricted
205. deb http://archive.canonical.com/ubuntu jammy partner
206. deb http://de.archive.ubuntu.com/ubuntu/ jammy universe
207. deb http://de.archive.ubuntu.com/ubuntu/ jammy-updates universe
208. #deb http://de.archive.ubuntu.com/ubuntu/ jammy-backports main restricted universe multiverse
209. EOF
210.  
211.  
212. #Mount Ubuntu specific Disks
213. mount --bind /dev /mnt/dev
214. mount -t devpts /dev/pts /mnt/dev/pts
215. mount -t sysfs /sys /mnt/sys
216. mount -t proc /proc /mnt/proc
217. mount -t tmpfs tmpfs /mnt/tmp
218. cp /proc/mounts /mnt/etc/mtab
219.  
220.  
221. #Write a Stage 2 Install Script into the Debootstrap Directory /mnt
222. #You can chroot + direct run a Script.
223. #If you just write the chroot command and after that write a command it will not be excecuted probably.
224. ############################################################################
225. cat > /mnt/root/install.sh << ENDFILE
226. #!/bin/bash
227. export DEBIAN_FRONTEND=noninteractive
228.  
229.  
230. #Set a random Hostname
231. #You can activate a different Nameserver
232. echo "SERVER-`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 9 | head -n 1`" > /etc/hostname
233. #echo "nameserver 8.8.8.8" >> /etc/resolv.conf
234.  
235.  
236. #Updating the System and add Mozilla PPA
237. apt-get update
238. apt-get -y install software-properties-common
239. add-apt-repository -y ppa:mozillateam/ppa
240. apt-get -y upgrade
241. apt-get -y dist-upgrade
242.  
243.  
244. #Install everything from Description
245. apt install -y --no-install-recommends \
246.    linux-{,image-,headers-}generic linux-firmware \
247.    initramfs-tools cryptsetup{,-initramfs} efibootmgr grub-efi \
248.    iputils-ping dnsutils lsof isc-dhcp-client dhcpcd5 \
249.    iproute2 net-tools netplan.io locales localepurge nano \
250.    dosfstools vim gdisk openssh-server mlocate zfsutils-linux\
251.    qemu-kvm libvirt-daemon-system libvirt-clients bridge-utils apt-utils pacemaker pcs \
252.    language-pack-de console-setup tzdata plymouth plymouth-themes \
253.    blackbox blackbox-themes xserver-xorg-core xserver-xorg xinit x11-xserver-utils lxterminal \
254.    dunst suckless-tools compton hsetroot xsettingsd lxappearance scrot \
255.    wireless-tools wpagui lxtask w3m firefox-esr firefox-esr-locale-de lxrandr xfe \
256.    virt-manager virt-viewer fence* nano heartbeat
257.  
258.  
259. #Change the Language and Keyboard Layout to "German"
260. cp /usr/share/zoneinfo/Europe/Berlin /etc/localtime
261. echo 'LANG="de_DE.UTF-8' >  /etc/default/locale
262. echo 'Europe/Berlin' > /etc/timezone
263. locale-gen de_DE.UTF-8
264. dpkg-reconfigure -f non-interactive tzdata
265.  
266. cat > /etc/default/keyboard << EOF
267. # KEYBOARD CONFIGURATION FILE
268.  
269. # Consult the keyboard(5) manual page.
270.  
271. XKBMODEL="pc105"
272. XKBLAYOUT="de"
273. XKBVARIANT="nodeadkeys"
274. XKBOPTIONS=""
275.  
276. BACKSPACE="guess"
277. EOF
278.  
279. dpkg-reconfigure -f non-interactive keyboard-configuration
280.  
281. cat > /etc/netplan/01-netcfg.yaml << EOF
282. network:
283.   version: 2
284.   ethernets:
285.     $INTERFACE:
286.       dhcp4: true
287. EOF
288.  
289.  
290. #Make the System bootable.
291. #Implement a small HOOK for upgrade the KERNEL after using APT
292. #If not add that maybe your System not boot after an Kernel Upgrade
293. bootctl install
294. cp --dereference /boot/{vmlinuz,initrd.img,efi/}
295.  
296. cat > /boot/copykernels << EOF
297. #!/usr/bin/env bash
298. # copy updated kernel and initrd to efi system partition
299.  
300. b=/boot
301. e=/boot/efi
302.  
303. # kernels: check versions
304. for kern in vmlinuz{,.old}; do
305.   if [[ $(file -Lb $b/$kern 2>/dev/null) != $(file -b $e/$kern 2>/dev/null) ]]; then
306.     cp -fv --preserve $b/$kern $e/$kern
307.   fi
308. done
309.  
310. # initrd: check creation time
311. for init in initrd.img{,.old}; do
312.   if [[ $b/$init -nt $e/$init ]]; then
313.     cp -fv --preserve=mode,ownership $b/$init $e/$init
314.   fi
315. done
316. EOF
317.  
318. cat > /etc/apt/apt.conf.d/99-copykernels << EOF
319. DPkg::Post-Invoke { "/boot/copykernels"; }
320. EOF
321.  
322. cat > /boot/efi/loader/entries/ubuntu.conf << EOF
323. title   Ubuntu
324. linux   /vmlinuz
325. initrd  /initrd.img
326. options splash root=/dev/mapper/cryptlinux
327. EOF
328.  
329. cp /usr/share/systemd/tmp.mount /etc/systemd/system/
330. #systemctl enable tmp.mount
331.  
332.  
333. #Set root Password, add some Groups, add "serveradmin" User, Set Password for "serveradmin"
334. echo 'root:'$PASSWORDROOT''|chpasswd
335.  
336. addgroup --system lpadmin
337. addgroup --system lxd
338. addgroup --system sambashare
339.  
340. chown root:adm /usr/sbin/halt
341. chown root:adm /usr/sbin/reboot
342.  
343. adduser serveradmin --disabled-password --gecos ""
344.  
345. cp -a /etc/skel/. /home/serveradmin
346. usermod -a -G adm,cdrom,dip,lpadmin,lxd,plugdev,sambashare,kvm,libvirt serveradmin
347.  
348. echo 'serveradmin:'$PASSWORD''|chpasswd
349.  
350.  
351. #Create blackbox Style and Menu
352. cat <<'EOF' > /home/serveradmin/.blackboxrc
353. session.styleFile: /usr/share/blackbox/styles/Gray
354. session.menuFile: /home/serveradmin/.blackbox/menu
355. session.screen0.slit.placement: CenterRight
356. session.screen0.slit.direction: Vertical
357. session.screen0.slit.onTop: False
358. session.screen0.slit.autoHide: False
359. session.screen0.toolbar.onTop: False
360. session.screen0.toolbar.autoHide: False
361. session.screen0.toolbar.placement: BottomCenter
362. session.screen0.toolbar.widthPercent: 66
363. session.screen0.enableToolbar: True
364. session.screen0.workspaces: 1
365. session.screen0.workspaceNames: Workspace 1
366. session.screen0.strftimeFormat: %I:%M %p
367. session.windowSnapThreshold: 0
368. session.autoRaiseDelay: 400
369. session.placementIgnoresShaded: True
370. session.focusLastWindow: True
371. session.opaqueMove: True
372. session.changeWorkspaceWithMouseWheel: True
373. session.imageDither: OrderedDither
374. session.windowPlacement: RowSmartPlacement
375. session.shadeWindowWithMouseWheel: True
376. session.opaqueResize: True
377. session.toolbarActionsWithMouseWheel: True
378. session.rowPlacementDirection: LeftToRight
379. session.maximumColors: 0
380. session.disableBindingsWithScrollLock: False
381. session.fullMaximization: False
382. session.colPlacementDirection: TopToBottom
383. session.doubleClickInterval: 250
384. session.edgeSnapThreshold: 0
385. session.focusNewWindows: True
386. session.focusModel: ClickToFocus
387. EOF
388.  
389. mkdir /home/serveradmin/.blackbox
390.  
391. cat <<'EOF' > /home/serveradmin/.blackbox/menu
392. [begin] ()
393.   [exec] (Virt-Manager) {virt-manager}
394.   [exec] (Remote-Viewer) {remote-viewer}
395.   [exec] (Browser) {firefox-esr}
396.   [exec] (Filemanager) {xfe}
397.   [exec] (Terminal) {lxterminal}
398.   [exec] (Taskmanager) {lxtask}
399.   [nop] ()
400.   [exec] (Screen Resolution) {lxrandr}
401.   [submenu] (System)
402.   [exec] (Neustarten) {systemctl reboot}
403.   [exec] (Beenden) {systemctl poweroff}
404.   [exit] (Exit)
405.   [end]
406. [end]
407. EOF
408.  
409. chown -R serveradmin:serveradmin /home/serveradmin
410. chmod -R ug+rwx,o-rwx /home/serveradmin
411.  
412. #enable cluster tools
413. systemctl enable pacemaker
414. systemctl enable corosync
415. systemctl enable pcsd
416. systemctl enable heartbeat
417.  
418. #grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=ubuntu --recheck --debug
419. #update-grub
420.  
421.  
422. rm /root/install.sh
423.  
424. exit
425. ENDFILE
426. ############################################################################
427.  
428. #Make Install Script as an Executable
429. chmod +x /mnt/root/install.sh
430.  
431. #chroot in /mnt and run install Script
432. chroot /mnt bash -c /root/install.sh
433.  
434. echo "please reboot..."
435. exit