#!/bin/bash set -e # ansible.builtin.script: # chdir: /root # just in case one runs the script outside ansible cd /root/ [[ ! -x `which lsb_release` ]] && echo error: lsb_release executable not found && exit 1 [[ ! -x `which wget` ]] && echo error: wget executable not found && exit 1 [[ ! -x `which dpkg` ]] && echo error: dpkg executable not found && exit 1 # ok=1 changed=0 dpkg -s unscd >/dev/null 2>&1 && echo ok - unscd package is there - nothing to do && exit 0 if [[ ! -f /root/.ssh/authorized_keys.bkp-before-oslogin && -f /root/.ssh/authorized_keys ]]; then echo -n backup /root/.ssh/authorized_keys ... cp -a /root/.ssh/authorized_keys /root/.ssh/authorized_keys.bkp-before-oslogin && echo done fi # TODO take var.username into account instead of hard-coded adminroot if [[ -d /home/adminroot/ && ! -f /home/adminroot/.ssh/authorized_keys.bkp-before-oslogin ]]; then echo -n backup /home/adminroot/.ssh/authorized_keys ... cp -a /home/adminroot/.ssh/authorized_keys /home/adminroot/.ssh/authorized_keys.bkp-before-oslogin && echo done fi if [[ ! -d /etc/ssh.bkp-before-oslogin/ ]]; then cp -a /etc/ssh/ /etc/ssh.bkp-before-oslogin/ fi distro=`lsb_release -cs` # using same correspondance for unified agent as for Ansible itself # https://docs.ansible.com/ansible/latest/installation_guide/installation_distros.html#installing-ansible-on-debian # bookworm ==> jammy # bullseye ==> focal # buster ==> bionic # https://yandex.cloud/en/docs/compute/operations/vm-connect/enable-os-login if [[ $distro = bookworm ]]; then # no debian-12 as of Aug 2024 distro_path=debian-11 elif [[ $distro = jammy ]]; then distro_path=ubuntu-22.04 elif [[ $distro = bullseye ]]; then distro_path=debian-11 elif [[ $distro = focal ]]; then distro_path=ubuntu-20.04 else echo error: $distro - unknown linux distribution codename exit 1 fi echo -n download config_oslogin_$distro_path.sh for $distro ... wget -q "https://storage.yandexcloud.net/oslogin-configs/$distro_path/config_oslogin.sh" \ -O - > config_oslogin_$distro_path.sh && echo done echo -n tune the script to make it quiet ... sed -i ' s/ -y install / -y -q install /; s/ -y update / -y -q update /; ' config_oslogin_$distro_path.sh && echo done echo -n output oslogin config script to /var/log/config_oslogin.log ... chmod +x config_oslogin_$distro_path.sh ./config_oslogin_$distro_path.sh > /var/log/config_oslogin.log 2>&1 && echo done # eventually failed=1 echo -n checking for unscd package ... dpkg -s unscd >/dev/null 2>&1 && echo done || echo FAIL # ok=1 changed=1 echo changed - all done