Merge pull request #20 from zentonic/patch-1

Update proxmox-zfs-postinstall.sh

README.md

@@ -9,4 +9,19 @@ Following settings are made:
 - Configure snapshot retention for `zfs-auto-snapshot` interactively
 - `zfs_arc_[min|max]` will be calculated by size sum of all zpools in 512 MB steps
 - Configure backup of `/etc` folder to new zfs dataset on `rpool/pveconf`
-- configure `vm.swappiness` interactively
+- Configure `vm.swappiness` interactively
+- Install checkmk Agent with optional encryption and registration
+- Added Support for Proxmox VE 7.0
+- Added Proxmox SDN features
+
+# Usage
+
+Just download and execute the script, all settings are made interactively.
+```
+wget https://github.com/bashclub/proxmox-zfs-postinstall/raw/main/proxmox-zfs-postinstall.sh
+bash ./proxmox-zfs-postinstall.sh
+```
+
+# Author
+### Thorsten Spille
+[<img src="https://storage.ko-fi.com/cdn/brandasset/kofi_s_tag_dark.png" rel="Support me on Ko-Fi">](https://ko-fi.com/thorakel)

install-cockpit-zfs-manager

@@ -0,0 +1,61 @@
+#!/bin/bash
+source /etc/os-release
+echo "deb http://deb.debian.org/debian $VERSION_CODENAME-backports main" > /etc/apt/sources.list.d/$VERSION_CODENAME-backports.list
+apt update
+cat << EOF > /etc/apt/preferences.d/90_cockpit
+Package: cockpit cockpit-*
+Pin: release n=$VERSION_CODENAME-backports
+Pin-Priority: 990
+EOF
+apt install --yes --no-install-recommends cockpit
+git clone https://github.com/optimans/cockpit-zfs-manager.git && cp -r cockpit-zfs-manager/zfs /usr/share/cockpit
+mkdir -p /etc/cockpit/zfs
+mkdir -p /etc/cockpit/zfs/shares
+mkdir -p /etc/cockpit/zfs/snapshots
+cat << EOF > /etc/cockpit/zfs/config.json 
+{
+  "#1": "COCKPIT ZFS MANAGER",
+  "#2": "WARNING: DO NOT EDIT, AUTO-GENERATED CONFIGURATION",
+  "cockpit": {
+    "manage": true
+  },
+  "disks": {
+    "base2": false
+  },
+  "loglevel": "2",
+  "samba": {
+    "manage": false,
+    "windowscompatibility": true
+  },
+  "updates": {
+    "check": true
+  },
+  "zfs": {
+    "filesystem": {
+      "cloneorigin": false,
+      "quotarestrict": true,
+      "readonlylockdown": false,
+      "snapshotactions": true
+    },
+    "snapshot": {
+      "filesystemlist": true
+    },
+    "status": {
+      "errorcolors": true,
+      "trimunsupported": false
+    },
+    "storagepool": {
+      "activetab": 1,
+      "boot": true,
+      "bootlockdown": true,
+      "count": true,
+      "refreshall": false,
+      "root": true
+    }
+  }
+}
+EOF
+cat << EOF > /etc/cockpit/zfs/shares.conf 
+# COCKPIT ZFS MANAGER
+# WARNING: DO NOT EDIT, AUTO-GENERATED CONFIGURATION
+EOF

install-docker-portainer

@@ -0,0 +1,38 @@
+#!/bin/bash
+
+# create zfs filesystems
+zfs create -o com.sun:auto-snapshot=false -o mountpoint=/var/lib/docker rpool/docker
+zfs create -o com.sun:auto-snapshot=true -o mountpoint=/portainer rpool/portainer
+
+# add docker repository
+curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
+echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
+
+# update package lists and install docker engine + docker-compose
+apt update
+DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq --no-install-recommends docker-ce docker-ce-cli containerd.io
+
+dc_version=$(wget -O - -q https://api.github.com/repos/docker/compose/releases/latest | grep -m1 "\"name\":" | cut -d'"' -f4)
+wget -O /usr/local/bin/docker-compose https://github.com/docker/compose/releases/download/${dc_version}/docker-compose-linux-x86_64
+chmod +x /usr/local/bin/docker-compose
+
+# install portainer
+cd /portainer
+mkdir data
+cat << EOF > /portainer/docker-compose.yml
+version: '3.2'
+
+services:
+
+  portainer:
+    image: portainer/portainer-ce
+    ports:
+      - "9443:9443"
+      - "8000:8000"
+    volumes:
+      - /portainer/data:/data
+      - /var/run/docker.sock:/var/run/docker.sock
+    restart: always
+EOF
+# start portainer
+docker-compose up -d

proxmox-zfs-postinstall.sh

@@ -3,7 +3,7 @@
 ###### CONFIG SECTION ######
 
 # Define basic tools to install
-TOOLS="sudo vim ifupdown2 net-tools dnsutils ethtool git curl unzip screen iftop lshw smartmontools nvme-cli lsscsi sysstat zfs-auto-snapshot htop mc rpl lsb-release"
+TOOLS="sudo vim ifupdown2 libpve-network-perl net-tools dnsutils ethtool git curl unzip screen tmux iftop lshw smartmontools nvme-cli lsscsi sysstat zfs-auto-snapshot htop mc rpl lsb-release"
 
 #### PVE CONF BACKUP CONFIGURATION ####
 
@@ -11,9 +11,11 @@ TOOLS="sudo vim ifupdown2 net-tools dnsutils ethtool git curl unzip screen iftop
 # IMPORTANT NOTE: Don't type in the leading /, this will be set where needed
 PVE_CONF_BACKUP_TARGET=rpool/pveconf
 
-# Define timer for your backup cronjob (default: every 15 minutes fron 3 through 59)
-PVE_CONF_BACKUP_CRON_TIMER="3/15 * * * *"
+# Define timer for your backup cronjob (default: every 15 minutes from 3 through 59)
+PVE_CONF_BACKUP_CRON_TIMER="3,18,33,48 * * * *"
 
+# Get Debian version info
+source /etc/os-release
 
 ###### SYSTEM INFO AND INTERACTIVE CONFIGURATION SECTION ######
 
@@ -78,18 +80,15 @@ echo -e "zfs_arc_max:\t\t\t$(($ZFS_ARC_MAX_MEGABYTES))\tMB\t\t= 1 GB RAM per 1 T
 echo ""
 RESULT=not_set
 while [ "$(echo $RESULT | awk '{print tolower($0)}')" != "y" ] && [ "$(echo $RESULT | awk '{print tolower($0)}')" != "n" ] && [ "$(echo $RESULT | awk '{print tolower($0)}')" != "" ]; do
-    echo "If you want to apply the values by script policy type 'y', type 'n' to adjust the values yourself [Y/n]?"
-    read
+    read -p "If you want to apply the values by script policy type 'y', type 'n' to adjust the values yourself [Y/n]? "
     RESULT=${REPLY}
 done
 if [[ "$(echo $RESULT | awk '{print tolower($0)}')" == "n" ]]; then
-    echo "Please type in the desired value in MB for 'zfs_arc_min' [$(($ZFS_ARC_MIN_MEGABYTES))]:"
-    read
+    read -p "Please type in the desired value in MB for 'zfs_arc_min' [$(($ZFS_ARC_MIN_MEGABYTES))]: "
     if [[ ${REPLY} -gt 0 ]]; then
         ZFS_ARC_MIN_MEGABYTES=$((${REPLY}))
     fi
-    echo "Please type in the desired value in MB for 'zfs_arc_max' [$(($ZFS_ARC_MAX_MEGABYTES))]:"
-    read
+    read -p "Please type in the desired value in MB for 'zfs_arc_max' [$(($ZFS_ARC_MAX_MEGABYTES))]: "
     if [[ ${REPLY} -gt 0 ]]; then
         ZFS_ARC_MAX_MEGABYTES=$((${REPLY}))
     fi
@@ -100,7 +99,7 @@ fi
 echo -e "######## CONFIGURE SWAPPINESS ########\n"
 SWAPPINESS=$(cat /proc/sys/vm/swappiness)
 echo "The current swappiness is configured to '$SWAPPINESS %' of free memory until using swap."
-read -p "If you want to change the swappiness, please type in the percentage as number (0 = diasbled):" user_input
+read -p "If you want to change the swappiness, please type in the percentage as number (0 = disabled):" user_input
 if echo "$user_input" | grep -qE '^[0-9]+$'; then
     echo "Changing swappiness from '$SWAPPINESS %' to '$user_input %'"
     SWAPPINESS=$user_input
@@ -137,18 +136,61 @@ for interval in "${!auto_snap_keep[@]}"; do
     fi
 done
 
+#### CHECKMK AGENT CONFIGURATION ####
+read -p "Do you want to install checkmk agent on this machine? [y/N] " install_checkmk
+if [[ "$install_checkmk" == "y" ]]; then
+    read -p "Please specify the base url to your checkmk server (e.g. https://check.zmb.rocks/bashclub): " cmk_agent_url
+    read -p "Enable agent encryption (requires setup of Agent Encryption on your checkmk instance). Do you want to activate agent encryption? [y/N] " cmk_encrypt
+    if [[ "$cmk_encrypt" == "y" ]]; then
+        read -p "Please enter the encryption passphrase: " cmk_enc_pass
+    fi
+    read -p "Register your machine on your checkmk server (requires preconfigured automation secret)? [y/N] " cmk_register
+    if [[ "$cmk_register" == "y" ]]; then
+        read -p "Please enter your automation secret: " cmk_secret
+        read -p "Please enter the folder where to store the host: " cmk_folder
+        cmk_site=$(echo $cmk_agent_url | cut -d'/' -f4)
+        read -p "Please enter the checkmk site name: [$cmk_site]" user_input
+        if [[ $(echo -n "$user_input") != "" ]]; then
+            cmk_site=$user_input
+        fi
+        echo "Please select which agent ip address to register:"
+        select ip in $(ip a | grep "inet " | cut -d ' ' -f6 | cut -d/ -f1); do
+            cmk_reg_ip=$ip
+            break
+        done
+    fi
+fi
+
+
 ###### INSTALLER SECTION ######
 
 # disable pve-enterprise repo and add pve-no-subscription repo
-if [[ "$(uname -r)" == *"-pve" ]]; then
+
+#Not tested, yet!
+read -p "Do you want to disable pve-enterprise repo and add pve-no-subscription repo (y/N)? " response
+
+if [ "${response,,}" == "y" ]; then
+    if [[ "$(uname -r)" == *"-pve" ]]; then
         echo "Deactivating pve-enterprise repository"
         mv /etc/apt/sources.list.d/pve-enterprise.list /etc/apt/sources.list.d/pve-enterprise.list.bak > /dev/null 2>&1
         echo "Activating pve-no-subscription repository"
-    echo "deb http://download.proxmox.com/debian/pve buster pve-no-subscription" > /etc/apt/sources.list.d/pve-no-subscription.list
+        q=$(cat /etc/apt/sources.list | grep "pve-no-subscription")
+        if [ $? -gt 0 ]; then
+            echo "deb http://download.proxmox.com/debian/pve $VERSION_CODENAME pve-no-subscription" >> /etc/apt/sources.list
+        fi
+        rm -f /etc/apt/sources.list.d/pve-no-subscription.list
+    fi
 fi
+
 echo "Getting latest package lists"
 apt update > /dev/null 2>&1
 
+# include interfaces.d to enable SDN features
+q=$(cat /etc/network/interfaces | grep "source /etc/network/interfaces.d/*")
+if [ $? -gt 0 ]; then
+    echo "source /etc/network/interfaces.d/*" >> /etc/network/interfaces
+fi
+
 # update system and install basic tools
 echo "Upgrading system to latest version - Depending on your version this could take a while..."
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq dist-upgrade > /dev/null 2>&1
@@ -181,7 +223,10 @@ zfs list $PVE_CONF_BACKUP_TARGET > /dev/null 2>&1
 if [ $? -ne 0 ]; then
     zfs create $PVE_CONF_BACKUP_TARGET
 fi
-echo "$PVE_CONF_BACKUP_CRON_TIMER root rsync -va --delete /etc /$PVE_CONF_BACKUP_TARGET > /$PVE_CONF_BACKUP_TARGET/pve-conf-backup.log" > /etc/cron.d/pve-conf-backup
+
+if [[ "$(df -h -t zfs | grep /$ | cut -d ' ' -f1)" == "rpool/ROOT/pve-1" ]] ; then
+  echo "$PVE_CONF_BACKUP_CRON_TIMER root rsync -va --delete /etc /$PVE_CONF_BACKUP_TARGET > /$PVE_CONF_BACKUP_TARGET/pve-conf-backup.log" > /etc/cron.d/pve-conf-backup
+fi
 
 ZFS_ARC_MIN_BYTES=$((ZFS_ARC_MIN_MEGABYTES * 1024 *1024))
 ZFS_ARC_MAX_BYTES=$((ZFS_ARC_MAX_MEGABYTES * 1024 *1024))
@@ -191,10 +236,76 @@ echo $ZFS_ARC_MIN_BYTES > /sys/module/zfs/parameters/zfs_arc_min
 echo $ZFS_ARC_MAX_BYTES > /sys/module/zfs/parameters/zfs_arc_max
 
 cat << EOF > /etc/modprobe.d/zfs.conf
+options zfs zfs_arc_max=$ZFS_ARC_MAX_BYTES
 options zfs zfs_arc_min=$ZFS_ARC_MIN_BYTES
-options zfs zfs_arc_min=$ZFS_ARC_MAX_BYTES
 EOF
 
+if [[ "$install_checkmk" == "y" ]]; then
+    echo "Installing checkmk agent..."
+    if [[ $( echo -n "$(openssl s_client -connect $(echo $cmk_agent_url | cut -d'/' -f3):443  <<< "Q" 2>/dev/null | grep "Verify return code" | cut -d ' ' -f4)" ) -gt 0 ]]; then
+        wget_opts="--no-check-certificate"
+        curl_opts="--insecure"
+    fi
+    wget -q -O /usr/local/bin/check_mk_agent $wget_opts $cmk_agent_url/check_mk/agents/check_mk_agent.linux
+    wget -q -O /usr/local/bin/mk-job $wget_opts $cmk_agent_url/check_mk/agents/mk-job
+    wget -q -O /usr/local/bin/check_mk_caching_agent  $wget_opts $cmk_agent_url/check_mk/agents/check_mk_caching_agent.linux
+    wget -q -O /usr/local/bin/waitmax  $wget_opts $cmk_agent_url/check_mk/agents/waitmax
+    chmod +x /usr/local/bin/check_mk_agent
+    chmod +x /usr/local/bin/mk-job
+    chmod +x /usr/local/bin/check_mk_caching_agent
+    chmod +x /usr/local/bin/waitmax
+    /usr/local/bin/check_mk_agent > /dev/null
+    wget -q -O /etc/systemd/system/check_mk.socket $wget_opts $cmk_agent_url/check_mk/agents/cfg_examples/systemd/check_mk.socket
+    cat << EOF > /etc/systemd/system/check_mk@.service
+# systemd service definition file
+[Unit]
+Description=Check_MK
+
+[Service]
+# "-" path prefix makes systemd record the exit code,
+# but the unit is not set to failed.
+ExecStart=-/usr/local/bin/check_mk_agent
+Type=forking
+
+User=root
+Group=root
+
+StandardInput=socket
+EOF
+
+    mkdir -p /etc/check_mk
+    if [[ "$cmk_encrypt" == "y" ]]; then
+        mkdir -p /etc/check_mk
+        cat << EOF > /etc/check_mk/encryption.cfg
+ENCRYPTED=yes
+PASSPHRASE='$cmk_enc_pass'
+EOF
+    chmod 600 /etc/check_mk/encryption.cfg
+    fi
+
+    mkdir -p /var/lib/check_mk_agent
+    mkdir -p /var/lib/check_mk_agent/spool
+    mkdir -p /var/lib/check_mk_agent/job
+    mkdir -p /usr/lib/check_mk_agent/local
+    mkdir -p /usr/lib/check_mk_agent/plugins
+    wget -q -O /usr/lib/check_mk_agent/plugins/smart $wget_opts $cmk_agent_url/check_mk/agents/plugins/smart
+    chmod +x /usr/lib/check_mk_agent/plugins/smart
+    wget -q -O /usr/lib/check_mk_agent/plugins/mk_inventory $wget_opts $cmk_agent_url/check_mk/agents/plugins/mk_inventory.linux
+    chmod +x /usr/lib/check_mk_agent/plugins/mk_inventory
+    wget -q -O /usr/lib/check_mk_agent/plugins/mk_apt $wget_opts $cmk_agent_url/check_mk/agents/plugins/mk_apt
+    chmod +x /usr/lib/check_mk_agent/plugins/mk_apt
+    #LocalDirectory: /usr/lib/check_mk_agent/local
+    systemctl daemon-reload
+    systemctl enable check_mk.socket
+    systemctl restart sockets.target
+
+    if [[ "$cmk_register" == "y" ]]; then
+        cmk_request="request={\"hostname\":\"$(echo -n $(hostname -f))\",\"folder\":\"$cmk_folder\",\"attributes\":{\"ipaddress\":\"$cmk_reg_ip\",\"site\":\"$cmk_site\",\"tag_agent\":\"cmk-agent\"},\"create_folders\":\"1\"}"
+        curl $curl_opts "$cmk_agent_url/check_mk/webapi.py?action=add_host&_secret=$cmk_secret&_username=automation" -d $cmk_request
+        curl $curl_opts "$cmk_agent_url/check_mk/webapi.py?action=activate_changes&_secret=$cmk_secret&_username=automation" -d "request={\"sites\":[\"$cmk_site\"],\"allow_foreign_changes\":\"0\"}"
+    fi
+fi
+
 echo "Updating initramfs - This will take some time..."
 update-initramfs -u -k all > /dev/null 2>&1