Home Explore Help
Sign In
golang
/
netmaker
mirror of https://github.com/gravitl/netmaker
2
0
Fork 0
Files Issues 0 Wiki
Tree: 36d6adacb4
Branches Tags
netmaker
/
scripts
/
install-netmaker.sh

install-netmaker.sh 11 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290 
  1. #!/bin/bash
    2. 

  2. 

  3. set -e
    4. 

  4. 

  5. cat << "EOF"
    6. 

  6. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    7. 

  7. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    8. 

  8. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    9. 

  9.     ______     ______     ______     __   __   __     ______   __                        
    10. 

  10.    /\  ___\   /\  == \   /\  __ \   /\ \ / /  /\ \   /\__  _\ /\ \                       
    11. 

  11.    \ \ \__ \  \ \  __<   \ \  __ \  \ \ \'/   \ \ \  \/_/\ \/ \ \ \____                  
    12. 

  12.     \ \_____\  \ \_\ \_\  \ \_\ \_\  \ \__|    \ \_\    \ \_\  \ \_____\                 
    13. 

  13.      \/_____/   \/_/ /_/   \/_/\/_/   \/_/      \/_/     \/_/   \/_____/                 
    14. 

  14.                                                                                          
    15. 

  15.  __   __     ______     ______   __    __     ______     __  __     ______     ______    
    16. 

  16. /\ "-.\ \   /\  ___\   /\__  _\ /\ "-./  \   /\  __ \   /\ \/ /    /\  ___\   /\  == \   
    17. 

  17. \ \ \-.  \  \ \  __\   \/_/\ \/ \ \ \-./\ \  \ \  __ \  \ \  _"-.  \ \  __\   \ \  __<   
    18. 

  18.  \ \_\\"\_\  \ \_____\    \ \_\  \ \_\ \ \_\  \ \_\ \_\  \ \_\ \_\  \ \_____\  \ \_\ \_\ 
    19. 

  19.   \/_/ \/_/   \/_____/     \/_/   \/_/  \/_/   \/_/\/_/   \/_/\/_/   \/_____/   \/_/ /_/ 
    20. 

  20.                                                                                                                                                                                                  
    21. 

  21. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    22. 

  22. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    23. 

  23. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    24. 

  24. EOF
    25. 

  25. 

  26. NETMAKER_BASE_DOMAIN=nm.$(curl -s ifconfig.me | tr . -).nip.io
    27. 

  27. COREDNS_IP=$(ip route get 1 | sed -n 's/^.*src \([0-9.]*\) .*$/\1/p')
    28. 

  28. SERVER_PUBLIC_IP=$(curl -s ifconfig.me)
    29. 

  29. MASTER_KEY=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 30 ; echo '')
    30. 

  30. EMAIL="[email protected]"
    31. 

  31. 

  32. echo "Default Base Domain: $NETMAKER_BASE_DOMAIN"
    33. 

  33. echo "To Override, add a Wildcard (*.netmaker.example.com) DNS record pointing to $SERVER_PUBLIC_IP"
    34. 

  34. echo "Or, add three DNS records pointing to $SERVER_PUBLIC_IP for the following (Replacing 'netmaker.example.com' with the domain of your choice):"
    35. 

  35. echo "   dashboard.netmaker.example.com"
    36. 

  36. echo "         api.netmaker.example.com"
    37. 

  37. echo "        grpc.netmaker.example.com"
    38. 

  38. echo "-----------------------------------------------------"
    39. 

  39. read -p "Domain (Hit 'enter' to use $NETMAKER_BASE_DOMAIN): " domain
    40. 

  40. read -p "Contact Email: " email
    41. 

  41. 

  42. if [ -n "$domain" ]; then
    43. 

  43.   NETMAKER_BASE_DOMAIN=$domain
    44. 

  44. fi
    45. 

  45. if [ -n "$email" ]; then
    46. 

  46.   EMAIL=$email
    47. 

  47. fi
    48. 

  48. 

  49. while true; do
    50. 

  50.     read -p "Configure a default network automatically (y/n)? " yn
    51. 

  51.     case $yn in
    52. 

  52.         [Yy]* ) MESH_SETUP="true"; break;;
    53. 

  53.         [Nn]* ) MESH_SETUP="false"; break;;
    54. 

  54.         * ) echo "Please answer yes or no.";;
    55. 

  55.     esac
    56. 

  56. done
    57. 

  57. 

  58. while true; do
    59. 

  59.     read -p "Configure a VPN gateway automatically (y/n)? " yn
    60. 

  60.     case $yn in
    61. 

  61.         [Yy]* ) VPN_SETUP="true"; break;;
    62. 

  62.         [Nn]* ) VPN_SETUP="false"; break;;
    63. 

  63.         * ) echo "Please answer yes or no.";;
    64. 

  64.     esac
    65. 

  65. done
    66. 

  66. 

  67. if [ "${VPN_SETUP}" == "true" ]; then
    68. 

  68. while :; do
    69. 

  69.     read -ep '# of VPN clients to configure by default: ' num_clients
    70. 

  70.     [[ $num_clients =~ ^[[:digit:]]+$ ]] || continue
    71. 

  71.     (( ( (num_clients=(10#$num_clients)) <= 200 ) && num_clients >= 0 )) || continue
    72. 

  72.     break
    73. 

  73. done
    74. 

  74. fi
    75. 

  75. 

  76. if [ -n "$num_clients" ]; then
    77. 

  77.   NUM_CLIENTS=$num_clients
    78. 

  78. fi
    79. 

  79. 

  80. while true; do
    81. 

  81.     read -p "Override master key ($MASTER_KEY) (y/n)? " yn
    82. 

  82.     case $yn in
    83. 

  83.         [Yy]* ) override="true"; break;;
    84. 

  84.         [Nn]* ) override="false"; break;;
    85. 

  85.         * ) echo "Please answer yes or no.";;
    86. 

  86.     esac
    87. 

  87. done
    88. 

  88. 

  89. if [ "${override}" == "true" ]; then
    90. 

  90. while :; do
    91. 

  91.     read -ep 'New Master Key: ' key
    92. 

  92.     result="$(cracklib-check <<<"$key")"
    93. 

  93.     okay="$(awk -F': ' '{ print $2}' <<<"$result")"
    94. 

  94.     if [[ "$okay" == "OK" ]]
    95. 

  95.     then
    96. 

  96. 	MASTER_KEY=$key
    97. 

  97. 	break
    98. 

  98.     else
    99. 

  99. 	echo "Your password was rejected - $result"
    100. 

  100.         echo "Try again."
    101. 

  101.     fi
    102. 

  102. done
    103. 

  103. fi
    104. 

  104. 

  105. echo "-----------------------------------------------------------------"
    106. 

  106. echo "                SETUP ARGUMENTS"
    107. 

  107. echo "-----------------------------------------------------------------"
    108. 

  108. echo "        domain: $NETMAKER_BASE_DOMAIN"
    109. 

  109. echo "         email: $EMAIL"
    110. 

  110. echo "    coredns ip: $COREDNS_IP"
    111. 

  111. echo "     public ip: $SERVER_PUBLIC_IP"
    112. 

  112. echo "    master key: $MASTER_KEY"
    113. 

  113. echo "   setup mesh?: $MESH_SETUP"
    114. 

  114. echo "    setup vpn?: $VPN_SETUP"
    115. 

  115. if [ "${VPN_SETUP}" == "true" ]; then
    116. 

  116. echo "     # clients: $NUM_CLIENTS"
    117. 

  117. fi
    118. 

  118. 

  119. while true; do
    120. 

  120.     read -p "Does everything look right (y/n)? " yn
    121. 

  121.     case $yn in
    122. 

  122.         [Yy]* ) override="true"; break;;
    123. 

  123.         [Nn]* ) echo "exiting..."; exit;;
    124. 

  124.         * ) echo "Please answer yes or no.";;
    125. 

  125.     esac
    126. 

  126. done
    127. 

  127. 

  128. 

  129. echo "Beginning installation in 5 seconds..."
    130. 

  130. 

  131. sleep 5
    132. 

  132. 

  133. 

  134. echo "Setting Caddyfile..."
    135. 

  135. 

  136. sed -i "s/NETMAKER_BASE_DOMAIN/$NETMAKER_BASE_DOMAIN/g" /root/Caddyfile
    137. 

  137. sed -i "s/YOUR_EMAIL/$EMAIL/g" /root/Caddyfile
    138. 

  138. 

  139. echo "Setting docker-compose..."
    140. 

  140. 

  141. sed -i "s/NETMAKER_BASE_DOMAIN/$NETMAKER_BASE_DOMAIN/g" /root/docker-compose.yml
    142. 

  142. sed -i "s/SERVER_PUBLIC_IP/$SERVER_PUBLIC_IP/g" /root/docker-compose.yml
    143. 

  143. sed -i "s/COREDNS_IP/$COREDNS_IP/g" /root/docker-compose.yml
    144. 

  144. sed -i "s/REPLACE_MASTER_KEY/$MASTER_KEY/g" /root/docker-compose.yml
    145. 

  145. 

  146. echo "Starting containers..."
    147. 

  147. 

  148. docker-compose -f /root/docker-compose.yml up -d
    149. 

  149. 

  150. sleep 2
    151. 

  151. 

  152. setup_mesh() {
    153. 

  153. echo "Creating default network (10.101.0.0/16)..."
    154. 

  154. 

  155. curl -s -o /dev/null -d '{"addressrange":"10.101.0.0/16","netid":"default"}' -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' localhost:8081/api/networks
    156. 

  156. 

  157. sleep 2
    158. 

  158. 

  159. echo "Creating default key..."
    160. 

  160. 

  161. curlresponse=$(curl -s -d '{"uses":99999,"name":"defaultkey"}' -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' localhost:8081/api/networks/default/keys)
    162. 

  162. ACCESS_TOKEN=$(jq -r '.accessstring' <<< ${curlresponse})
    163. 

  163. 

  164. sleep 2
    165. 

  165. 

  166. echo "Configuring Netmaker server as ingress gateway..."
    167. 

  167. 

  168. curlresponse=$(curl -s -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' localhost:8081/api/nodes/default)
    169. 

  169. SERVER_ID=$(jq -r '.[0].macaddress' <<< ${curlresponse})
    170. 

  170. 

  171. curl -o /dev/null -s -X POST -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' localhost:8081/api/nodes/default/$SERVER_ID/createingress
    172. 

  172. 

  173. VPN_ACCESS_TOKEN=$ACCESS_TOKEN
    174. 

  174. 

  175. }
    176. 

  176. 

  177. mesh_connect_logs() {
    178. 

  178. sleep 5
    179. 

  179. echo "-----------------------------------------------------------------"
    180. 

  180. echo "-----------------------------------------------------------------"
    181. 

  181. echo "DEFAULT NETWORK CLIENT INSTALL INSTRUCTIONS:"
    182. 

  182. echo "-----------------------------------------------------------------"
    183. 

  183. echo "-----------------------------------------------------------------"
    184. 

  184. sleep 5
    185. 

  185. echo "For Linux and Mac clients, install with the following command:"
    186. 

  186. echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -"
    187. 

  187. echo "curl -sfL https://raw.githubusercontent.com/gravitl/netmaker/develop/scripts/netclient-install.sh | sudo KEY=$VPN_ACCESS_TOKEN sh -"
    188. 

  188. sleep 5
    189. 

  189. echo "-----------------------------------------------------------------"
    190. 

  190. echo "-----------------------------------------------------------------"
    191. 

  191. echo "For Windows clients, perform the following from powershell, as administrator:"
    192. 

  192. echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -"
    193. 

  193. echo "1. Make sure WireGuardNT is installed - https://download.wireguard.com/windows-client/wireguard-installer.exe"
    194. 

  194. echo "2. Download netclient.exe - wget https://github.com/gravitl/netmaker/releases/download/latest/netclient.exe"
    195. 

  195. echo "3. Install Netclient - powershell.exe .\\netclient.exe join -t $VPN_ACCESS_TOKEN"
    196. 

  196. echo "4. Whitelist C:\ProgramData\Netclient in Windows Defender"
    197. 

  197. sleep 5
    198. 

  198. echo "-----------------------------------------------------------------"
    199. 

  199. echo "-----------------------------------------------------------------"
    200. 

  200. echo "For Android and iOS clients, perform the following steps:"
    201. 

  201. echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -"
    202. 

  202. echo "1. Log into UI at dashboard.$NETMAKER_BASE_DOMAIN"
    203. 

  203. echo "2. Navigate to \"EXTERNAL CLIENTS\" tab"
    204. 

  204. echo "3. Select the gateway and create clients"
    205. 

  205. echo "4. Scan the QR Code from WireGuard app in iOS or Android"
    206. 

  206. echo "-----------------------------------------------------------------"
    207. 

  207. echo "-----------------------------------------------------------------"
    208. 

  208. sleep 5
    209. 

  209. }
    210. 

  210. 

  211. setup_vpn() {
    212. 

  212. echo "Creating vpn network (10.201.0.0/16)..."
    213. 

  213. 

  214. curl -s -o /dev/null -d '{"addressrange":"10.201.0.0/16","netid":"vpn","defaultextclientdns":"8.8.8.8"}' -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' localhost:8081/api/networks
    215. 

  215. 

  216. sleep 2
    217. 

  217. 

  218. echo "Configuring Netmaker server as vpn inlet..."
    219. 

  219. 

  220. curlresponse=$(curl -s -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' localhost:8081/api/nodes/vpn)
    221. 

  221. SERVER_ID=$(jq -r '.[0].macaddress' <<< ${curlresponse})
    222. 

  222. 

  223. curl -s -o /dev/null -X POST -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' localhost:8081/api/nodes/vpn/$SERVER_ID/createingress
    224. 

  224. 

  225. echo "Waiting 10 seconds for server to apply configuration..."
    226. 

  226. 

  227. sleep 10
    228. 

  228. 

  229. echo "Configuring Netmaker server VPN gateway..."
    230. 

  230. 

  231. [ -z "$GATEWAY_IFACE" ] && GATEWAY_IFACE=$(ip -4 route ls | grep default | grep -Po '(?<=dev )(\S+)' | grep -v default)
    232. 

  232. 

  233. curlresponse=$(curl -s -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' localhost:8081/api/nodes/vpn)
    234. 

  234. SERVER_ID=$(jq -r '.[0].macaddress' <<< ${curlresponse})
    235. 

  235. 

  236. EGRESS_JSON=$( jq -n \
    237. 

  237.                   --arg gw "$GATEWAY_IFACE" \
    238. 

  238.                   '{ranges: ["0.0.0.0/0"], interface: $gw}' )
    239. 

  239. 

  240. curl -s -o /dev/null -X POST -d "$EGRESS_JSON" -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' localhost:8081/api/nodes/vpn/$SERVER_ID/creategateway
    241. 

  241. 

  242. echo "Creating client configs..."
    243. 

  243. 

  244. for ((a=1; a <= $NUM_CLIENTS; a++))
    245. 

  245. do
    246. 

  246.         CLIENT_JSON=$( jq -n \
    247. 

  247.                   --arg clientid "vpnclient-$a" \
    248. 

  248.                   '{clientid: $clientid}' )
    249. 

  249. 

  250.         curl -s -o /dev/null -d "$CLIENT_JSON" -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' localhost:8081/api/extclients/vpn/$SERVER_ID
    251. 

  251. done
    252. 

  252. 

  253. }
    254. 

  254. 

  255. vpn_connect_logs() {
    256. 

  256. sleep 5
    257. 

  257. echo "-----------------------------------------------------------------"
    258. 

  258. echo "-----------------------------------------------------------------"
    259. 

  259. echo "VPN GATEWAY CLIENT INSTALL INSTRUCTIONS:"
    260. 

  260. echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -"
    261. 

  261. echo "1. log into dashboard.$NETMAKER_BASE_DOMAIN"
    262. 

  262. echo "2. Navigate to \"EXTERNAL CLIENTS\" tab"
    263. 

  263. echo "3. Download or scan a client config (vpnclient-x) to the appropriate device"
    264. 

  264. echo "4. Follow the steps for your system to configure WireGuard on the appropriate device"
    265. 

  265. echo "5. Create and delete clients as necessary. Changes to netmaker server settings require regenerating ext clients."
    266. 

  266. echo "-----------------------------------------------------------------"
    267. 

  267. echo "-----------------------------------------------------------------"
    268. 

  268. sleep 5
    269. 

  269. }
    270. 

  270. 

  271. if [ "${MESH_SETUP}" != "false" ]; then
    272. 

  272.         setup_mesh
    273. 

  273. fi
    274. 

  274. 

  275. if [ "${VPN_SETUP}" == "true" ]; then
    276. 

  276.         setup_vpn
    277. 

  277. fi
    278. 

  278. 

  279. if [ "${MESH_SETUP}" != "false" ]; then
    280. 

  280.         mesh_connect_logs
    281. 

  281. fi
    282. 

  282. 

  283. if [ "${VPN_SETUP}" == "true" ]; then
    284. 

  284.         vpn_connect_logs
    285. 

  285. fi
    286. 

  286. 

  287. echo "Netmaker setup is now complete. You are ready to begin using Netmaker."
    288. 

  288. echo "Visit dashboard.$NETMAKER_BASE_DOMAIN to log in"
    289. 

  289. 

  290. cp -f /etc/skel/.bashrc /root/.bashrc
    291.