gravitl/netmaker
1
1
Fork 0
mirror of https://github.com/gravitl/netmaker.git synced 2024-09-20 15:26:04 +08:00
Code Issues Packages Projects Releases Wiki Activity

updated script

Browse source
This commit is contained in:
afeiszli 2022-11-04 14:25:01 -04:00
parent 7e5e621cec
commit 14ff21a3a8
1 changed files with 221 additions and 185 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

406
scripts/nm-quick-interactive.sh
View file

@ -1,7 +1,5 @@
#!/bin/bash #!/bin/bash
set -e
cat << "EOF" cat << "EOF"
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
@ -19,59 +17,209 @@ cat << "EOF"
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EOF EOF
wait_seconds() {(
for ((a=1; a <= $1; a++))
do
echo ". . ."
sleep 1
done
)}
confirm() {(
while true; do
read -p 'Does everything look right? [y/n]: ' yn
case $yn in
[Yy]* ) override="true"; break;;
[Nn]* ) echo "exiting..."; exit;;
* ) echo "Please answer yes or no.";;
esac
done
)}
if [ $(id -u) -ne 0 ]; then
echo "This script must be run as root"
exit 1
fi
echo "checking dependencies..."
OS=$(uname)
if [ -f /etc/debian_version ]; then
dependencies="wireguard wireguard-tools jq docker.io docker-compose"
update_cmd='apt update'
install_cmd='apt-get install -y'
elif [ -f /etc/alpine-release ]; then
dependencies="wireguard jq docker.io docker-compose"
update_cmd='apk update'
install_cmd='apk --update add'
elif [ -f /etc/centos-release ]; then
dependencies="wireguard jq docker.io docker-compose"
update_cmd='yum update'
install_cmd='yum install -y'
elif [ -f /etc/fedora-release ]; then
dependencies="wireguard jq docker.io docker-compose"
update_cmd='dnf update'
install_cmd='dnf install -y'
elif [ -f /etc/redhat-release ]; then
dependencies="wireguard jq docker.io docker-compose"
update_cmd='yum update'
install_cmd='yum install -y'
elif [ -f /etc/arch-release ]; then
dependecies="wireguard-tools jq docker.io docker-compose"
update_cmd='pacman -Sy'
install_cmd='pacman -S --noconfirm'
elif [ "${OS}" = "FreeBSD" ]; then
dependencies="wireguard wget jq docker.io docker-compose"
update_cmd='pkg update'
install_cmd='pkg install -y'
elif [ -f /etc/turris-version ]; then
dependencies="wireguard-tools bash jq docker.io docker-compose"
OS="TurrisOS"
update_cmd='opkg update'
install_cmd='opkg install'
elif [ -f /etc/openwrt_release ]; then
dependencies="wireguard-tools bash jq docker.io docker-compose"
OS="OpenWRT"
update_cmd='opkg update'
install_cmd='opkg install'
else
install_cmd=''
fi
if [ -z "${install_cmd}" ]; then
echo "OS unsupported for automatic dependency install"
exit 1
fi
set -- $dependencies
while [ -n "$1" ]; do
if [ "${OS}" = "FreeBSD" ]; then
is_installed=$(pkg check -d $1 | grep "Checking" | grep "done")
if [ "$is_installed" != "" ]; then
echo " " $1 is installed
else
echo " " $1 is not installed. Attempting install.
${install_cmd} $1
sleep 5
is_installed=$(pkg check -d $1 | grep "Checking" | grep "done")
if [ "$is_installed" != "" ]; then
echo " " $1 is installed
elif [ -x "$(command -v $1)" ]; then
echo " " $1 is installed
else
echo " " FAILED TO INSTALL $1
echo " " This may break functionality.
fi
fi
else
if [ "${OS}" = "OpenWRT" ] || [ "${OS}" = "TurrisOS" ]; then
is_installed=$(opkg list-installed $1 | grep $1)
else
is_installed=$(dpkg-query -W --showformat='${Status}\n' $1 | grep "install ok installed")
fi
if [ "${is_installed}" != "" ]; then
echo " " $1 is installed
else
echo " " $1 is not installed. Attempting install.
${install_cmd} $1
sleep 5
if [ "${OS}" = "OpenWRT" ] || [ "${OS}" = "TurrisOS" ]; then
is_installed=$(opkg list-installed $1 | grep $1)
else
is_installed=$(dpkg-query -W --showformat='${Status}\n' $1 | grep "install ok installed")
fi
if [ "${is_installed}" != "" ]; then
echo " " $1 is installed
elif [ -x "$(command -v $1)" ]; then
echo " " $1 is installed
else
echo " " FAILED TO INSTALL $1
echo " " This may break functionality.
fi
fi
fi
shift
done
echo "-----------------------------------------------------"
echo "dependency check complete"
echo "-----------------------------------------------------"
wait_seconds 3
set -e
NETMAKER_BASE_DOMAIN=nm.$(curl -s ifconfig.me | tr . -).nip.io NETMAKER_BASE_DOMAIN=nm.$(curl -s ifconfig.me | tr . -).nip.io
COREDNS_IP=$(ip route get 1 | sed -n 's/^.*src \([0-9.]*\) .*$/\1/p') COREDNS_IP=$(ip route get 1 | sed -n 's/^.*src \([0-9.]*\) .*$/\1/p')
SERVER_PUBLIC_IP=$(curl -s ifconfig.me) SERVER_PUBLIC_IP=$(curl -s ifconfig.me)
MASTER_KEY=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 30 ; echo '') MASTER_KEY=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 30 ; echo '')
MQ_PASSWORD=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 30 ; echo '')
EMAIL="$(echo $RANDOM | md5sum | head -c 16)@email.com" EMAIL="$(echo $RANDOM | md5sum | head -c 16)@email.com"
DOMAIN_TYPE=""
echo "Default Base Domain: $NETMAKER_BASE_DOMAIN"
echo "To Override, add a Wildcard (*.netmaker.example.com) DNS record pointing to $SERVER_PUBLIC_IP"
echo "Or, add three DNS records pointing to $SERVER_PUBLIC_IP for the following (Replacing 'netmaker.example.com' with the domain of your choice):"
echo " dashboard.netmaker.example.com"
echo " api.netmaker.example.com"
echo " grpc.netmaker.example.com"
echo "-----------------------------------------------------" echo "-----------------------------------------------------"
read -p "Domain (Hit 'enter' to use $NETMAKER_BASE_DOMAIN): " domain echo "Would you like to use your own domain for netmaker, or an auto-generated domain?"
read -p "Email for LetsEncrypt (Hit 'enter' to use $EMAIL): " email echo "To use your own domain, add a Wildcard DNS record (e.x: *.netmaker.example.com) pointing to $SERVER_PUBLIC_IP"
echo "-----------------------------------------------------"
if [ -n "$domain" ]; then select domain_option in "Auto Generated ($NETMAKER_BASE_DOMAIN)" "Custom Domain (e.x: netmaker.example.com)"; do
NETMAKER_BASE_DOMAIN=$domain case $REPLY in
fi 1)
if [ -n "$email" ]; then echo "using $NETMAKER_BASE_DOMAIN for base domain"
EMAIL=$email DOMAIN_TYPE="auto"
fi break
;;
while true; do 2)
read -p 'Configure a default network automatically? [y/n]: ' yn read -p "Enter Custom Domain (make sure *.domain points to $SERVER_PUBLIC_IP first): " domain
case $yn in NETMAKER_BASE_DOMAIN=$domain
[Yy]* ) MESH_SETUP="true"; break;; echo "using $NETMAKER_BASE_DOMAIN"
[Nn]* ) MESH_SETUP="false"; break;; DOMAIN_TYPE="custom"
* ) echo "Please answer yes or no.";; break
esac ;;
*) echo "invalid option $REPLY";;
esac
done done
while true; do wait_seconds 2
read -p 'Configure a VPN gateway automatically? [y/n]: ' yn
case $yn in
[Yy]* ) VPN_SETUP="true"; break;;
[Nn]* ) VPN_SETUP="false"; break;;
* ) echo "Please answer yes or no.";;
esac
done
if [ "${VPN_SETUP}" == "true" ]; then echo "-----------------------------------------------------"
while :; do echo "The following subdomains will be used:"
read -ep '# of VPN clients to configure by default: ' num_clients echo " dashboard.$NETMAKER_BASE_DOMAIN"
[[ $num_clients =~ ^[[:digit:]]+$ ]] || continue echo " api.$NETMAKER_BASE_DOMAIN"
(( ( (num_clients=(10#$num_clients)) <= 200 ) && num_clients >= 0 )) || continue echo " broker.$NETMAKER_BASE_DOMAIN"
break echo " prometheus.$NETMAKER_BASE_DOMAIN"
done echo " netmaker-exporter.$NETMAKER_BASE_DOMAIN"
echo " grafana.$NETMAKER_BASE_DOMAIN"
echo "-----------------------------------------------------"
if [[ "$DOMAIN_TYPE" == "custom" ]]; then
echo "is DNS configured correctly with records pointing to $SERVER_PUBLIC_IP?"
confirm
fi fi
if [ -n "$num_clients" ]; then wait_seconds 1
NUM_CLIENTS=$num_clients
fi echo "-----------------------------------------------------"
echo "Provide Details for EE installation:"
echo " 1. Log into https://dashboard.license.netmaker.io"
echo " 2. Copy License Key Value: https://dashboard.license.netmaker.io/license-keys"
echo " 3. Retrieve Account ID: https://dashboard.license.netmaker.io/user"
echo " 4. note email address"
echo "-----------------------------------------------------"
unset LICENSE_KEY
while [ -z "$LICENSE_KEY" ]; do
read -p "License Key: " LICENSE_KEY
done
unset ACCOUNT_ID
while [ -z ${ACCOUNT_ID} ]; do
read -p "Account ID: " ACCOUNT_ID
done
unset EMAIL
while [ -z ${EMAIL} ]; do
read -p "Email Address: " EMAIL
done
wait_seconds 2
echo "-----------------------------------------------------------------" echo "-----------------------------------------------------------------"
echo " SETUP ARGUMENTS" echo " SETUP ARGUMENTS"
@ -79,41 +227,24 @@ echo "-----------------------------------------------------------------"
echo " domain: $NETMAKER_BASE_DOMAIN" echo " domain: $NETMAKER_BASE_DOMAIN"
echo " email: $EMAIL" echo " email: $EMAIL"
echo " public ip: $SERVER_PUBLIC_IP" echo " public ip: $SERVER_PUBLIC_IP"
echo " setup mesh?: $MESH_SETUP" echo " license: $LICENSE_KEY"
echo " setup vpn?: $VPN_SETUP" echo " account id: $ACCOUNT_ID"
if [ "${VPN_SETUP}" == "true" ]; then
echo " # clients: $NUM_CLIENTS"
fi
while true; do echo "-----------------------------------------------------------------"
read -p 'Does everything look right? [y/n]: ' yn echo "Confirm Settings for Installation"
case $yn in echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -"
[Yy]* ) override="true"; break;;
[Nn]* ) echo "exiting..."; exit;; confirm
* ) echo "Please answer yes or no.";;
esac
done
echo "Beginning installation in 5 seconds..." echo "-----------------------------------------------------------------"
echo "Beginning installation..."
echo "-----------------------------------------------------------------"
sleep 5 wait_seconds 3
if [ -f "/root/docker-compose.yml" ]; then
echo "Using existing docker compose"
else
echo "Pulling docker compose"
wget -q -O /root/docker-compose.yml https://raw.githubusercontent.com/gravitl/netmaker/master/compose/docker-compose.yml
fi
if [ -f "/root/mosquitto.conf" ]; then
echo "Using existing mosquitto config"
else
echo "Pulling mosquitto config"
wget -q -O /root/mosquitto.conf https://raw.githubusercontent.com/gravitl/netmaker/master/docker/mosquitto.conf
fi
echo "Pulling config files..."
wget -O docker-compose.yml https://raw.githubusercontent.com/gravitl/netmaker/master/compose/docker-compose.ee.yml && wget -O /root/mosquitto.conf https://raw.githubusercontent.com/gravitl/netmaker/master/docker/mosquitto.conf && wget -q -O /root/wait.sh https://raw.githubusercontent.com/gravitl/netmaker/develop/docker/wait.sh && chmod +x wait.sh
mkdir -p /etc/netmaker mkdir -p /etc/netmaker
@ -123,6 +254,9 @@ sed -i "s/NETMAKER_BASE_DOMAIN/$NETMAKER_BASE_DOMAIN/g" /root/docker-compose.yml
sed -i "s/SERVER_PUBLIC_IP/$SERVER_PUBLIC_IP/g" /root/docker-compose.yml sed -i "s/SERVER_PUBLIC_IP/$SERVER_PUBLIC_IP/g" /root/docker-compose.yml
sed -i "s/REPLACE_MASTER_KEY/$MASTER_KEY/g" /root/docker-compose.yml sed -i "s/REPLACE_MASTER_KEY/$MASTER_KEY/g" /root/docker-compose.yml
sed -i "s/YOUR_EMAIL/$EMAIL/g" /root/docker-compose.yml sed -i "s/YOUR_EMAIL/$EMAIL/g" /root/docker-compose.yml
sed -i "s/REPLACE_MQ_ADMIN_PASSWORD/$MQ_PASSWORD/g" /root/docker-compose.yml
sed -i "s~YOUR_LICENSE_KEY~$LICENSE_KEY~g" /root/docker-compose.yml
sed -i "s/YOUR_ACCOUNT_ID/$ACCOUNT_ID/g" /root/docker-compose.yml
echo "Starting containers..." echo "Starting containers..."
@ -157,140 +291,42 @@ done
setup_mesh() {( set -e setup_mesh() {( set -e
sleep 5
wait_seconds 5
echo "Creating netmaker network (10.101.0.0/16)" echo "Creating netmaker network (10.101.0.0/16)"
curl -s -o /dev/null -d '{"addressrange":"10.101.0.0/16","netid":"netmaker"}' -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api.${NETMAKER_BASE_DOMAIN}/api/networks curl -s -o /dev/null -d '{"addressrange":"10.101.0.0/16","netid":"netmaker"}' -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api.${NETMAKER_BASE_DOMAIN}/api/networks
sleep 5 wait_seconds 5
echo "Creating netmaker access key" echo "Creating netmaker access key"
curlresponse=$(curl -s -d '{"uses":99999,"name":"netmaker-key"}' -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api.${NETMAKER_BASE_DOMAIN}/api/networks/netmaker/keys) curlresponse=$(curl -s -d '{"uses":99999,"name":"netmaker-key"}' -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api.${NETMAKER_BASE_DOMAIN}/api/networks/netmaker/keys)
ACCESS_TOKEN=$(jq -r '.accessstring' <<< ${curlresponse}) ACCESS_TOKEN=$(jq -r '.accessstring' <<< ${curlresponse})
sleep 5 wait_seconds 3
echo "Configuring netmaker server as ingress gateway" echo "Configuring netmaker server as ingress gateway"
curlresponse=$(curl -s -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api.${NETMAKER_BASE_DOMAIN}/api/nodes/netmaker)
SERVER_ID=$(jq -r '.[0].id' <<< ${curlresponse}) while [ -z "$SERVER_ID" ]; do
echo "waiting for server node to become available"
wait_seconds 2
curlresponse=$(curl -s -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api.${NETMAKER_BASE_DOMAIN}/api/nodes/netmaker)
SERVER_ID=$(jq -r '.[0].id' <<< ${curlresponse})
done
curl -o /dev/null -s -X POST -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api.${NETMAKER_BASE_DOMAIN}/api/nodes/netmaker/$SERVER_ID/createingress curl -o /dev/null -s -X POST -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api.${NETMAKER_BASE_DOMAIN}/api/nodes/netmaker/$SERVER_ID/createingress
sleep 5
)} )}
mesh_connect_logs() {
sleep 5
echo "-----------------------------------------------------------------"
echo "-----------------------------------------------------------------"
echo "DEFAULT NETWORK CLIENT INSTALL INSTRUCTIONS:"
echo "-----------------------------------------------------------------"
echo "-----------------------------------------------------------------"
sleep 5
echo "For Linux and Mac clients, install with the following command:"
echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -"
echo "curl -sfL https://raw.githubusercontent.com/gravitl/netmaker/develop/scripts/netclient-install.sh | sudo KEY=$VPN_ACCESS_TOKEN sh -"
sleep 5
echo "-----------------------------------------------------------------"
echo "-----------------------------------------------------------------"
echo "For Windows clients, perform the following from powershell, as administrator:"
echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -"
echo "1. Make sure WireGuardNT is installed - https://download.wireguard.com/windows-client/wireguard-installer.exe"
echo "2. Download netclient.exe - wget https://github.com/gravitl/netmaker/releases/download/latest/netclient.exe"
echo "3. Install Netclient - powershell.exe .\\netclient.exe join -t $VPN_ACCESS_TOKEN"
echo "4. Whitelist C:\ProgramData\Netclient in Windows Defender"
sleep 5
echo "-----------------------------------------------------------------"
echo "-----------------------------------------------------------------"
echo "For Android and iOS clients, perform the following steps:"
echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -"
echo "1. Log into UI at dashboard.$NETMAKER_BASE_DOMAIN"
echo "2. Navigate to \"EXTERNAL CLIENTS\" tab"
echo "3. Select the gateway and create clients"
echo "4. Scan the QR Code from WireGuard app in iOS or Android"
echo "-----------------------------------------------------------------"
echo "-----------------------------------------------------------------"
sleep 5
}
setup_vpn() {( set -e
echo "Creating vpn network (10.201.0.0/16)"
sleep 5
curl -s -o /dev/null -d '{"addressrange":"10.201.0.0/16","netid":"vpn","defaultextclientdns":"8.8.8.8"}' -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api.${NETMAKER_BASE_DOMAIN}/api/networks
sleep 5
echo "Configuring netmaker server as vpn inlet..."
curlresponse=$(curl -s -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api.${NETMAKER_BASE_DOMAIN}/api/nodes/vpn)
SERVER_ID=$(jq -r '.[0].id' <<< ${curlresponse})
curl -s -o /dev/null -X POST -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api.${NETMAKER_BASE_DOMAIN}/api/nodes/vpn/$SERVER_ID/createingress
echo "Waiting 10 seconds for server to apply configuration..."
sleep 10
echo "Configuring netmaker server vpn gateway..."
[ -z "$GATEWAY_IFACE" ] && GATEWAY_IFACE=$(ip -4 route ls | grep default | grep -Po '(?<=dev )(\S+)')
echo "Gateway iface: $GATEWAY_IFACE"
curlresponse=$(curl -s -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api.${NETMAKER_BASE_DOMAIN}/api/nodes/vpn)
SERVER_ID=$(jq -r '.[0].id' <<< ${curlresponse})
EGRESS_JSON=$( jq -n \
--arg gw "$GATEWAY_IFACE" \
'{ranges: ["0.0.0.0/0","::/0"], interface: $gw}' )
echo "Egress json: $EGRESS_JSON"
curl -s -o /dev/null -X POST -d "$EGRESS_JSON" -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api.${NETMAKER_BASE_DOMAIN}/api/nodes/vpn/$SERVER_ID/creategateway
echo "Creating client configs..."
for ((a=1; a <= $NUM_CLIENTS; a++))
do
CLIENT_JSON=$( jq -n \
--arg clientid "vpnclient-$a" \
'{clientid: $clientid}' )
curl -s -o /dev/null -d "$CLIENT_JSON" -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api.${NETMAKER_BASE_DOMAIN}/api/extclients/vpn/$SERVER_ID
done
sleep 5
)}
vpn_connect_logs() {
sleep 5
echo "-----------------------------------------------------------------"
echo "-----------------------------------------------------------------"
echo "VPN GATEWAY CLIENT INSTALL INSTRUCTIONS:"
echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -"
echo "1. log into dashboard.$NETMAKER_BASE_DOMAIN"
echo "2. Navigate to \"EXTERNAL CLIENTS\" tab"
echo "3. Download or scan a client config (vpnclient-x) to the appropriate device"
echo "4. Follow the steps for your system to configure WireGuard on the appropriate device"
echo "5. Create and delete clients as necessary. Changes to netmaker server settings require regenerating ext clients."
echo "-----------------------------------------------------------------"
echo "-----------------------------------------------------------------"
sleep 5
}
set +e set +e
test_connection test_connection
if [ "${MESH_SETUP}" != "false" ]; then wait_seconds 3
setup_mesh
fi
if [ "${VPN_SETUP}" == "true" ]; then setup_mesh
setup_vpn
fi
echo "-----------------------------------------------------------------" echo "-----------------------------------------------------------------"
echo "-----------------------------------------------------------------" echo "-----------------------------------------------------------------"