Home Explore Help
Sign In
golang
/
netmaker
mirror of https://github.com/gravitl/netmaker
2
0
Fork 0
Files Issues 0 Wiki
Tree: 2edfa6f801
Branches Tags
netmaker
/
scripts
/
install-netmaker.sh

install-netmaker.sh 11 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289 
  1. #!/bin/bash
    2. 

  2. 

  3. set -e
    4. 

  4. 

  5. cat << "EOF"
    6. 

  6. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    7. 

  7. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    8. 

  8. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    9. 

  9.     ______     ______     ______     __   __   __     ______   __                        
    10. 

  10.    /\  ___\   /\  == \   /\  __ \   /\ \ / /  /\ \   /\__  _\ /\ \                       
    11. 

  11.    \ \ \__ \  \ \  __<   \ \  __ \  \ \ \'/   \ \ \  \/_/\ \/ \ \ \____                  
    12. 

  12.     \ \_____\  \ \_\ \_\  \ \_\ \_\  \ \__|    \ \_\    \ \_\  \ \_____\                 
    13. 

  13.      \/_____/   \/_/ /_/   \/_/\/_/   \/_/      \/_/     \/_/   \/_____/                 
    14. 

  14.                                                                                          
    15. 

  15.  __   __     ______     ______   __    __     ______     __  __     ______     ______    
    16. 

  16. /\ "-.\ \   /\  ___\   /\__  _\ /\ "-./  \   /\  __ \   /\ \/ /    /\  ___\   /\  == \   
    17. 

  17. \ \ \-.  \  \ \  __\   \/_/\ \/ \ \ \-./\ \  \ \  __ \  \ \  _"-.  \ \  __\   \ \  __<   
    18. 

  18.  \ \_\\"\_\  \ \_____\    \ \_\  \ \_\ \ \_\  \ \_\ \_\  \ \_\ \_\  \ \_____\  \ \_\ \_\ 
    19. 

  19.   \/_/ \/_/   \/_____/     \/_/   \/_/  \/_/   \/_/\/_/   \/_/\/_/   \/_____/   \/_/ /_/ 
    20. 

  20.                                                                                                                                                                                                  
    21. 

  21. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    22. 

  22. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    23. 

  23. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    24. 

  24. EOF
    25. 

  25. 

  26. NETMAKER_BASE_DOMAIN=nm.$(curl -s ifconfig.me | tr . -).nip.io
    27. 

  27. COREDNS_IP=$(ip route get 1 | sed -n 's/^.*src \([0-9.]*\) .*$/\1/p')
    28. 

  28. SERVER_PUBLIC_IP=$(curl -s ifconfig.me)
    29. 

  29. MASTER_KEY=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 30 ; echo '')
    30. 

  30. EMAIL="[email protected]"
    31. 

  31. 

  32. echo "Default Base Domain: $NETMAKER_BASE_DOMAIN"
    33. 

  33. echo "To Override, add a Wildcard (*.netmaker.example.com) DNS record pointing to $SERVER_PUBLIC_IP"
    34. 

  34. echo "Or, add three DNS records pointing to $SERVER_PUBLIC_IP for the following (Replacing 'netmaker.example.com' with the domain of your choice):"
    35. 

  35. echo "   dashboard.netmaker.example.com"
    36. 

  36. echo "         api.netmaker.example.com"
    37. 

  37. echo "-----------------------------------------------------"
    38. 

  38. read -p "Domain (Hit 'enter' to use $NETMAKER_BASE_DOMAIN): " domain
    39. 

  39. read -p "Contact Email: " email
    40. 

  40. 

  41. if [ -n "$domain" ]; then
    42. 

  42.   NETMAKER_BASE_DOMAIN=$domain
    43. 

  43. fi
    44. 

  44. if [ -n "$email" ]; then
    45. 

  45.   EMAIL=$email
    46. 

  46. fi
    47. 

  47. 

  48. while true; do
    49. 

  49.     read -p "Configure a default network automatically (y/n)? " yn
    50. 

  50.     case $yn in
    51. 

  51.         [Yy]* ) MESH_SETUP="true"; break;;
    52. 

  52.         [Nn]* ) MESH_SETUP="false"; break;;
    53. 

  53.         * ) echo "Please answer yes or no.";;
    54. 

  54.     esac
    55. 

  55. done
    56. 

  56. 

  57. while true; do
    58. 

  58.     read -p "Configure a VPN gateway automatically (y/n)? " yn
    59. 

  59.     case $yn in
    60. 

  60.         [Yy]* ) VPN_SETUP="true"; break;;
    61. 

  61.         [Nn]* ) VPN_SETUP="false"; break;;
    62. 

  62.         * ) echo "Please answer yes or no.";;
    63. 

  63.     esac
    64. 

  64. done
    65. 

  65. 

  66. if [ "${VPN_SETUP}" == "true" ]; then
    67. 

  67. while :; do
    68. 

  68.     read -ep '# of VPN clients to configure by default: ' num_clients
    69. 

  69.     [[ $num_clients =~ ^[[:digit:]]+$ ]] || continue
    70. 

  70.     (( ( (num_clients=(10#$num_clients)) <= 200 ) && num_clients >= 0 )) || continue
    71. 

  71.     break
    72. 

  72. done
    73. 

  73. fi
    74. 

  74. 

  75. if [ -n "$num_clients" ]; then
    76. 

  76.   NUM_CLIENTS=$num_clients
    77. 

  77. fi
    78. 

  78. 

  79. while true; do
    80. 

  80.     read -p "Override master key ($MASTER_KEY) (y/n)? " yn
    81. 

  81.     case $yn in
    82. 

  82.         [Yy]* ) override="true"; break;;
    83. 

  83.         [Nn]* ) override="false"; break;;
    84. 

  84.         * ) echo "Please answer yes or no.";;
    85. 

  85.     esac
    86. 

  86. done
    87. 

  87. 

  88. if [ "${override}" == "true" ]; then
    89. 

  89. while :; do
    90. 

  90.     read -ep 'New Master Key: ' key
    91. 

  91.     result="$(cracklib-check <<<"$key")"
    92. 

  92.     okay="$(awk -F': ' '{ print $2}' <<<"$result")"
    93. 

  93.     if [[ "$okay" == "OK" ]]
    94. 

  94.     then
    95. 

  95. 	MASTER_KEY=$key
    96. 

  96. 	break
    97. 

  97.     else
    98. 

  98. 	echo "Your password was rejected - $result"
    99. 

  99.         echo "Try again."
    100. 

  100.     fi
    101. 

  101. done
    102. 

  102. fi
    103. 

  103. 

  104. echo "-----------------------------------------------------------------"
    105. 

  105. echo "                SETUP ARGUMENTS"
    106. 

  106. echo "-----------------------------------------------------------------"
    107. 

  107. echo "        domain: $NETMAKER_BASE_DOMAIN"
    108. 

  108. echo "         email: $EMAIL"
    109. 

  109. echo "    coredns ip: $COREDNS_IP"
    110. 

  110. echo "     public ip: $SERVER_PUBLIC_IP"
    111. 

  111. echo "    master key: $MASTER_KEY"
    112. 

  112. echo "   setup mesh?: $MESH_SETUP"
    113. 

  113. echo "    setup vpn?: $VPN_SETUP"
    114. 

  114. if [ "${VPN_SETUP}" == "true" ]; then
    115. 

  115. echo "     # clients: $NUM_CLIENTS"
    116. 

  116. fi
    117. 

  117. 

  118. while true; do
    119. 

  119.     read -p "Does everything look right (y/n)? " yn
    120. 

  120.     case $yn in
    121. 

  121.         [Yy]* ) override="true"; break;;
    122. 

  122.         [Nn]* ) echo "exiting..."; exit;;
    123. 

  123.         * ) echo "Please answer yes or no.";;
    124. 

  124.     esac
    125. 

  125. done
    126. 

  126. 

  127. 

  128. echo "Beginning installation in 5 seconds..."
    129. 

  129. 

  130. sleep 5
    131. 

  131. 

  132. 

  133. echo "Setting Caddyfile..."
    134. 

  134. 

  135. sed -i "s/NETMAKER_BASE_DOMAIN/$NETMAKER_BASE_DOMAIN/g" /root/Caddyfile
    136. 

  136. sed -i "s/YOUR_EMAIL/$EMAIL/g" /root/Caddyfile
    137. 

  137. 

  138. echo "Setting docker-compose..."
    139. 

  139. 

  140. sed -i "s/NETMAKER_BASE_DOMAIN/$NETMAKER_BASE_DOMAIN/g" /root/docker-compose.yml
    141. 

  141. sed -i "s/SERVER_PUBLIC_IP/$SERVER_PUBLIC_IP/g" /root/docker-compose.yml
    142. 

  142. sed -i "s/COREDNS_IP/$COREDNS_IP/g" /root/docker-compose.yml
    143. 

  143. sed -i "s/REPLACE_MASTER_KEY/$MASTER_KEY/g" /root/docker-compose.yml
    144. 

  144. 

  145. echo "Starting containers..."
    146. 

  146. 

  147. docker-compose -f /root/docker-compose.yml up -d
    148. 

  148. 

  149. sleep 2
    150. 

  150. 

  151. setup_mesh() {
    152. 

  152. echo "Creating default network (10.101.0.0/16)..."
    153. 

  153. 

  154. curl -s -o /dev/null -d '{"addressrange":"10.101.0.0/16","netid":"default"}' -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' localhost:8081/api/networks
    155. 

  155. 

  156. sleep 2
    157. 

  157. 

  158. echo "Creating default key..."
    159. 

  159. 

  160. curlresponse=$(curl -s -d '{"uses":99999,"name":"defaultkey"}' -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' localhost:8081/api/networks/default/keys)
    161. 

  161. ACCESS_TOKEN=$(jq -r '.accessstring' <<< ${curlresponse})
    162. 

  162. 

  163. sleep 2
    164. 

  164. 

  165. echo "Configuring Netmaker server as ingress gateway..."
    166. 

  166. 

  167. curlresponse=$(curl -s -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' localhost:8081/api/nodes/default)
    168. 

  168. SERVER_ID=$(jq -r '.[0].macaddress' <<< ${curlresponse})
    169. 

  169. 

  170. curl -o /dev/null -s -X POST -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' localhost:8081/api/nodes/default/$SERVER_ID/createingress
    171. 

  171. 

  172. VPN_ACCESS_TOKEN=$ACCESS_TOKEN
    173. 

  173. 

  174. }
    175. 

  175. 

  176. mesh_connect_logs() {
    177. 

  177. sleep 5
    178. 

  178. echo "-----------------------------------------------------------------"
    179. 

  179. echo "-----------------------------------------------------------------"
    180. 

  180. echo "DEFAULT NETWORK CLIENT INSTALL INSTRUCTIONS:"
    181. 

  181. echo "-----------------------------------------------------------------"
    182. 

  182. echo "-----------------------------------------------------------------"
    183. 

  183. sleep 5
    184. 

  184. echo "For Linux and Mac clients, install with the following command:"
    185. 

  185. echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -"
    186. 

  186. echo "curl -sfL https://raw.githubusercontent.com/gravitl/netmaker/develop/scripts/netclient-install.sh | sudo KEY=$VPN_ACCESS_TOKEN sh -"
    187. 

  187. sleep 5
    188. 

  188. echo "-----------------------------------------------------------------"
    189. 

  189. echo "-----------------------------------------------------------------"
    190. 

  190. echo "For Windows clients, perform the following from powershell, as administrator:"
    191. 

  191. echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -"
    192. 

  192. echo "1. Make sure WireGuardNT is installed - https://download.wireguard.com/windows-client/wireguard-installer.exe"
    193. 

  193. echo "2. Download netclient.exe - wget https://github.com/gravitl/netmaker/releases/download/latest/netclient.exe"
    194. 

  194. echo "3. Install Netclient - powershell.exe .\\netclient.exe join -t $VPN_ACCESS_TOKEN"
    195. 

  195. echo "4. Whitelist C:\ProgramData\Netclient in Windows Defender"
    196. 

  196. sleep 5
    197. 

  197. echo "-----------------------------------------------------------------"
    198. 

  198. echo "-----------------------------------------------------------------"
    199. 

  199. echo "For Android and iOS clients, perform the following steps:"
    200. 

  200. echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -"
    201. 

  201. echo "1. Log into UI at dashboard.$NETMAKER_BASE_DOMAIN"
    202. 

  202. echo "2. Navigate to \"EXTERNAL CLIENTS\" tab"
    203. 

  203. echo "3. Select the gateway and create clients"
    204. 

  204. echo "4. Scan the QR Code from WireGuard app in iOS or Android"
    205. 

  205. echo "-----------------------------------------------------------------"
    206. 

  206. echo "-----------------------------------------------------------------"
    207. 

  207. sleep 5
    208. 

  208. }
    209. 

  209. 

  210. setup_vpn() {
    211. 

  211. echo "Creating vpn network (10.201.0.0/16)..."
    212. 

  212. 

  213. curl -s -o /dev/null -d '{"addressrange":"10.201.0.0/16","netid":"vpn","defaultextclientdns":"8.8.8.8"}' -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' localhost:8081/api/networks
    214. 

  214. 

  215. sleep 2
    216. 

  216. 

  217. echo "Configuring Netmaker server as vpn inlet..."
    218. 

  218. 

  219. curlresponse=$(curl -s -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' localhost:8081/api/nodes/vpn)
    220. 

  220. SERVER_ID=$(jq -r '.[0].macaddress' <<< ${curlresponse})
    221. 

  221. 

  222. curl -s -o /dev/null -X POST -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' localhost:8081/api/nodes/vpn/$SERVER_ID/createingress
    223. 

  223. 

  224. echo "Waiting 10 seconds for server to apply configuration..."
    225. 

  225. 

  226. sleep 10
    227. 

  227. 

  228. echo "Configuring Netmaker server VPN gateway..."
    229. 

  229. 

  230. [ -z "$GATEWAY_IFACE" ] && GATEWAY_IFACE=$(ip -4 route ls | grep default | grep -Po '(?<=dev )(\S+)' | grep -v default)
    231. 

  231. 

  232. curlresponse=$(curl -s -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' localhost:8081/api/nodes/vpn)
    233. 

  233. SERVER_ID=$(jq -r '.[0].macaddress' <<< ${curlresponse})
    234. 

  234. 

  235. EGRESS_JSON=$( jq -n \
    236. 

  236.                   --arg gw "$GATEWAY_IFACE" \
    237. 

  237.                   '{ranges: ["0.0.0.0/0"], interface: $gw}' )
    238. 

  238. 

  239. curl -s -o /dev/null -X POST -d "$EGRESS_JSON" -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' localhost:8081/api/nodes/vpn/$SERVER_ID/creategateway
    240. 

  240. 

  241. echo "Creating client configs..."
    242. 

  242. 

  243. for ((a=1; a <= $NUM_CLIENTS; a++))
    244. 

  244. do
    245. 

  245.         CLIENT_JSON=$( jq -n \
    246. 

  246.                   --arg clientid "vpnclient-$a" \
    247. 

  247.                   '{clientid: $clientid}' )
    248. 

  248. 

  249.         curl -s -o /dev/null -d "$CLIENT_JSON" -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' localhost:8081/api/extclients/vpn/$SERVER_ID
    250. 

  250. done
    251. 

  251. 

  252. }
    253. 

  253. 

  254. vpn_connect_logs() {
    255. 

  255. sleep 5
    256. 

  256. echo "-----------------------------------------------------------------"
    257. 

  257. echo "-----------------------------------------------------------------"
    258. 

  258. echo "VPN GATEWAY CLIENT INSTALL INSTRUCTIONS:"
    259. 

  259. echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -"
    260. 

  260. echo "1. log into dashboard.$NETMAKER_BASE_DOMAIN"
    261. 

  261. echo "2. Navigate to \"EXTERNAL CLIENTS\" tab"
    262. 

  262. echo "3. Download or scan a client config (vpnclient-x) to the appropriate device"
    263. 

  263. echo "4. Follow the steps for your system to configure WireGuard on the appropriate device"
    264. 

  264. echo "5. Create and delete clients as necessary. Changes to netmaker server settings require regenerating ext clients."
    265. 

  265. echo "-----------------------------------------------------------------"
    266. 

  266. echo "-----------------------------------------------------------------"
    267. 

  267. sleep 5
    268. 

  268. }
    269. 

  269. 

  270. if [ "${MESH_SETUP}" != "false" ]; then
    271. 

  271.         setup_mesh
    272. 

  272. fi
    273. 

  273. 

  274. if [ "${VPN_SETUP}" == "true" ]; then
    275. 

  275.         setup_vpn
    276. 

  276. fi
    277. 

  277. 

  278. if [ "${MESH_SETUP}" != "false" ]; then
    279. 

  279.         mesh_connect_logs
    280. 

  280. fi
    281. 

  281. 

  282. if [ "${VPN_SETUP}" == "true" ]; then
    283. 

  283.         vpn_connect_logs
    284. 

  284. fi
    285. 

  285. 

  286. echo "Netmaker setup is now complete. You are ready to begin using Netmaker."
    287. 

  287. echo "Visit dashboard.$NETMAKER_BASE_DOMAIN to log in"
    288. 

  288. 

  289. cp -f /etc/skel/.bashrc /root/.bashrc
    290.