feat(post-install): moteur de profils + bootstrap + identité/réseau (tâche 2 SJ-8)
- templates custom/bootstrap-root + identity-network (sortie structurée parsable, sauvegardes, échec contrôlé, jamais de coupure réseau sans reconnexion) - postInstall: registre de manifestes (champs typés + defaults/defaultFrom), validateProfileValues + maskSecretValues + buildPostInstallResult (TDD), renderProfile/previewProfile (masquage secrets), runPostInstall (SSH) - execute: RunActionOpts.profileId/values + branche post_install (bloc postInstall) - action_requests: post_install accepté, payload profileId/values transmis à approve - routes: GET /profiles, POST .../preview (script masqué + validation), POST .../run (action_request si requiresConfirmation, sinon direct) Champs = formulaire (pas de question SSH interactive) ; secrets jamais sérialisés ; identity_network exige confirmation. tsc 0 · 101 tests · build OK · boot OK. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
@@ -0,0 +1,25 @@
|
||||
#!/bin/sh
|
||||
# Bootstrap première prépa (après DHCP / su -) : sudo + outils de base, ajout au groupe sudo.
|
||||
# Non interactif. Échec contrôlé. Aucun secret (operatorUser = champ de formulaire).
|
||||
export LC_ALL=C
|
||||
export DEBIAN_FRONTEND=noninteractive
|
||||
echo "===SU:CUSTOM_BOOTSTRAP==="
|
||||
apt-get update -qq 2>&1
|
||||
if apt-get install -y sudo resolvconf ca-certificates curl 2>&1; then
|
||||
for p in sudo resolvconf ca-certificates curl; do echo "PKG_INSTALLED=$p"; done
|
||||
CODE=0
|
||||
else
|
||||
echo "ERR=package_install_failed"
|
||||
CODE=1
|
||||
fi
|
||||
if usermod -aG sudo "{{operatorUser}}" 2>&1; then
|
||||
echo "GROUP_ADDED=sudo:{{operatorUser}}"
|
||||
else
|
||||
echo "ERR=sudo_setup_failed"
|
||||
fi
|
||||
if su - "{{operatorUser}}" -c 'sudo -n true' 2>/dev/null; then
|
||||
echo "SUDO_OK=1"
|
||||
else
|
||||
echo "SUDO_CHECK_PENDING=1"
|
||||
fi
|
||||
echo "===SU:EXIT=${CODE}==="
|
||||
@@ -0,0 +1,24 @@
|
||||
#!/bin/sh
|
||||
# Identité + réseau : hostname, domaine, IP statique. Sauvegarde avant modif.
|
||||
# Ne coupe jamais la connexion sans stratégie de reconnexion planifiée côté webapp.
|
||||
export LC_ALL=C
|
||||
echo "===SU:CUSTOM_IDENTITY==="
|
||||
cp -a /etc/hosts "/etc/hosts.su.bak.$(date +%s)" 2>/dev/null && echo "FILE_MODIFIED=/etc/hosts"
|
||||
cp -a /etc/network/interfaces "/etc/network/interfaces.su.bak.$(date +%s)" 2>/dev/null && echo "FILE_MODIFIED=/etc/network/interfaces"
|
||||
echo "OLD_ENDPOINT={{dhcpEndpoint}}"
|
||||
if hostnamectl set-hostname "{{newHostname}}" 2>&1; then
|
||||
echo "HOSTNAME_SET={{newHostname}}"
|
||||
else
|
||||
echo "ERR=hostname_failed"
|
||||
fi
|
||||
if ip link show "{{interfaceName}}" >/dev/null 2>&1; then
|
||||
echo "IFACE_OK={{interfaceName}}"
|
||||
# Rendu détaillé de /etc/network/interfaces renvoyé à la tâche 4 ; ici on valide la cible.
|
||||
echo "STATIC_TARGET={{staticAddress}} gw {{gateway}} dns {{dnsNameservers}}"
|
||||
else
|
||||
echo "ERR=interface_not_found"
|
||||
fi
|
||||
echo "NEW_ENDPOINT={{reconnectHost}}"
|
||||
echo "RECONNECT_REQUIRED=1"
|
||||
{{#rebootAfterInstall}}echo "REBOOT_REQUESTED=1"{{/rebootAfterInstall}}
|
||||
echo "===SU:EXIT=0==="
|
||||
Reference in New Issue
Block a user