Merge pull request #3 from marcsello/dev

Merge new features from dev

README.md

@@ -8,6 +8,17 @@ Built using standard [Debian Live](https://www.debian.org/devel/debian-live/) to
 
 Essentially this is a simple live image, with a selection of administration tools preinstalled. This image can be used to rescue your system, debug hardware issues, or even install Debian with `debootstrap`, from a more friendly interface than Debian installer's rescue mode.
 
+With the included Live SSH Setup tool, Debian Admin CD can be used to bootstrap a managed node with [Ansible](https://www.ansible.com/)! Read more [here](tools.md).
+
+## Tools
+
+Originally, Debian Admin CD was just a basic Debian live CD with a lot of preinstalled packages. But as time went on, a few home-grown tools and scripts were added to make Debian Admin CD suitable for even more tasks!
+
+Tools currently included:
+ - **Live SSH setup** Preconfigure an SSH server even from the kernel commandline (Useful for PXE booting)
+
+
+Detailed description about the included tools/scripts can be found [here](tools.md).
 
 ## Building Debian Admin CD
 Building Debian Admin CD is easy as pie! 

config/hooks/normal/0600-download-openssh.hook.chroot

@@ -0,0 +1,15 @@
+#!/bin/bash
+
+# This command downloads the openssh-server and it's dependencies into the apt cache. So it can be installed boot time when required without internet access
+
+WORKDIR="/tmp/openssh-server-pkgs/"
+TARGETDIR="/var/cache/openssh-server-pkgs/"
+
+mkdir -p "${WORKDIR}/cache"
+apt --download-only --yes -o Dir::Cache="${WORKDIR}/cache" -o Dir::Cache::archives="archives/" install openssh-server
+
+
+mkdir -p "${TARGETDIR}"
+mv "${WORKDIR}/cache/archives/"*".deb" "${TARGETDIR}"
+
+rm -r "${WORKDIR}"

config/includes.chroot/lib/live/config/0500-setup-ssh

@@ -0,0 +1,43 @@
+#!/bin/bash
+
+## Part of the Debian AdminCD project
+
+for arg in $(cat /proc/cmdline); do
+	case "${arg}" in
+
+		withssh.pw=*)
+			SETUP_SSH="yes"
+			SSH_PW=${arg#*=}
+			;;
+
+		withssh.nopw)
+			SETUP_SSH="yes"
+			SSH_NOPW="yes"
+			;;
+
+		withssh.key=*)
+			SETUP_SSH="yes"
+			SSH_KEY=${arg#*=}
+			;;
+
+
+		withssh)
+			SETUP_SSH="yes"
+			;;
+
+
+	esac
+
+done
+
+
+if [[ -n "${SETUP_SSH}" ]]; then
+	cmdline="/usr/local/bin/setup-live-ssh-server -q -S"
+
+	[[ -n "${SSH_PW}"   ]] && cmdline="$cmdline -p ${SSH_PW}"
+	[[ -n "${SSH_NOPW}" ]] && cmdline="$cmdline -P"
+	[[ -n "${SSH_KEY}"  ]] && cmdline="$cmdline -k ${SSH_KEY}"
+
+	${cmdline}
+fi
+

config/includes.chroot/usr/local/bin/setup-live-ssh-server

@@ -0,0 +1,130 @@
+#!/bin/bash
+
+## Part of the Debian AdminCD project
+
+set -e
+
+function fail {
+	echo "$@"
+	exit 1
+}
+
+function print_help {
+        echo "Debian AdminCD SSH server setup script"
+	echo
+	echo "Params:"
+        echo "-q              Do not print connection details when the script finishes"
+	echo "-m              Do not append connection details to /etc/motd"
+	echo "-k URL          Download and install SSH public key from URL"
+	echo "-p PASSOWRD     Use PASSWORD instead of a generated one"
+	echo "-P              Do not configure root password (login only via key)"
+	echo "-S              Do not start/restart the systemd service (have to restart manually)"
+	echo "-h/--help       This help"
+	echo
+}
+
+while [ $# -ne 0 ]; do
+
+    arg="$1"
+    case "$arg" in
+        -q)
+            QUIET="yes"
+            ;;
+        -m)
+            NO_MOTD="yes"
+            ;;
+        -k)
+            SSH_KEY_URL="$2"
+            shift # shift out param as well
+            ;;
+        -h|--help)
+            print_help
+            exit 0
+            ;;
+        -p)
+            ROOT_PASSWD="$2"
+            shift
+            ;;
+        -P)
+            NO_PASSWD_CONFIG="yes"
+            ;;
+        -S)
+            NO_SYSTEMD="yes"
+            ;;
+        *)
+            print_help
+            fail "Unknown option: $arg"
+    esac
+    shift # pop an arg
+
+done
+
+
+
+# Check if ssh server already installed
+for f in /etc/ssh/sshd_config /lib/systemd/system/ssh.service /usr/sbin/sshd; do
+
+	test -f "$f" && fail "SSH Server seems to be already configured"
+
+done
+
+# prevent SSH server from starting just after install
+[[ -z "${NO_SYSTEMD}" ]] && touch /etc/ssh/sshd_not_to_be_run || true
+
+
+# For some reason "false" means "Yes, do allow root login please"...
+# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=745778
+# https://www.debian.org/releases/jessie/amd64/release-notes/ch-information.en.html#openssh
+[[ -z "${NO_PASSWD_CONFIG}" ]] && debconf-set-selections <<< 'd-i openssh-server/permit-root-login boolean false'
+
+# Install openssh server and it's dependencies
+dpkg -i /var/cache/openssh-server-pkgs/*.deb
+
+
+if [[ -z "${NO_PASSWD_CONFIG}" ]]; then
+	# generate and set root password
+
+	if [[ -z "${ROOT_PASSWD}" ]]; then
+		ROOT_PASSWD=$(pwgen -B 9 1)
+	fi
+
+	echo "root:${ROOT_PASSWD}" | chpasswd
+fi
+
+# Download SSH key if specified
+if [[ -n "${SSH_KEY_URL}" ]]; then
+
+	mkdir -p /root/.ssh
+	wget -O /root/.ssh/authorized_keys "${SSH_KEY_URL}"
+	chmod 400 /root/.ssh/authorized_keys
+
+fi
+
+
+# Update motd
+
+function print_connection_details {
+
+	echo -e "\033[1m[SSH server enabled!]\033[0m"
+
+	echo "User: root"
+	[[ -z "${NO_PASSWD_CONFIG}" ]] && echo "Password: ${ROOT_PASSWD}" || true
+	[[ -n "${SSH_KEY_URL}" ]] && echo "SSH key added from ${SSH_KEY_URL}" || true # otherwise the script would fail because set -e
+
+}
+
+
+if [[ -z "${NO_MOTD}" ]]; then
+	(echo; print_connection_details; echo) >> /etc/motd
+fi
+
+if [[ -z "${QUIET}" ]]; then
+	# Print the same info
+	print_connection_details
+fi
+
+if [[ -z "${NO_SYSTEMD}" ]]; then
+	# Start the ssh server
+	rm /etc/ssh/sshd_not_to_be_run
+	systemctl start ssh.service
+fi

config/package-lists/misc-tools.list.chroot

@@ -3,3 +3,5 @@ bzip2
 pbzip2
 gnupg
 file
+pwgen
+tree

tools.md

@@ -0,0 +1,44 @@
+# Debian Admin CD Tools
+Tools developed by the Debian Admin CD project
+
+## Setup Live SSH Server
+The Debian Admin CD includes a setup script that helps setting up an SSH server on the live system.
+
+The packages required to install a OpenSSH server are built into the live image, and are being installed during boot. 
+This ensure that the server can be installed without internet access. And it won't be there if it's not needed.
+
+### Setup the SSH server
+
+The Live SSH server can be set up in two ways: 
+ - Kernel cmdline parameters (Useful for PXE booting).
+ - Manually using the `setup-live-ssh-server` command after the system booted.
+
+
+#### Kernel cmdline parameters
+
+The following parameters can be provided to the kernel commandline to configure the SSH server:
+
+```
+withssh              Enable Live SSH server with default settings
+withssh.nopw         Do not configure root password (Same as -P)
+withssh.pw=PASSWORD  Use PASSWORD instead of a generated one (Same as -p)  
+withssh.key=URL      Download and install SSH public key from URL (Same as -k)
+```
+
+
+More than one parameters can be used at the same time.
+If none of the parameters above supplied, the ssh server won't be installed and configured during boot time.
+
+#### Command line parameters
+
+The follwoings are the output of the `setup-live-ssh-server --help` command:
+
+```
+-q              Do not print connection details when the script finishes
+-m              Do not append connection details to /etc/motd
+-k URL          Download and install SSH public key from URL
+-p PASSOWRD     Use PASSWORD instead of a generated one
+-P              Do not configure root password (login only via key)
+-S              Do not start/restart the systemd service (have to restart manually)
+-h/--help       This help
+```