Home Explore Help
Sign In
golang
/
netmaker
mirror of https://github.com/gravitl/netmaker
2
0
Fork 0
Files Issues 0 Wiki
Tree: 59685731c1
Branches Tags
netmaker
/
scripts
/
install-netmaker.sh

install-netmaker.sh 11 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293 
  1. #!/bin/bash
    2. 

  2. 

  3. set -e
    4. 

  4. 

  5. cat << "EOF"
    6. 

  6. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    7. 

  7. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    8. 

  8. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    9. 

  9.     ______     ______     ______     __   __   __     ______   __                        
    10. 

  10.    /\  ___\   /\  == \   /\  __ \   /\ \ / /  /\ \   /\__  _\ /\ \                       
    11. 

  11.    \ \ \__ \  \ \  __<   \ \  __ \  \ \ \'/   \ \ \  \/_/\ \/ \ \ \____                  
    12. 

  12.     \ \_____\  \ \_\ \_\  \ \_\ \_\  \ \__|    \ \_\    \ \_\  \ \_____\                 
    13. 

  13.      \/_____/   \/_/ /_/   \/_/\/_/   \/_/      \/_/     \/_/   \/_____/                 
    14. 

  14.                                                                                          
    15. 

  15.  __   __     ______     ______   __    __     ______     __  __     ______     ______    
    16. 

  16. /\ "-.\ \   /\  ___\   /\__  _\ /\ "-./  \   /\  __ \   /\ \/ /    /\  ___\   /\  == \   
    17. 

  17. \ \ \-.  \  \ \  __\   \/_/\ \/ \ \ \-./\ \  \ \  __ \  \ \  _"-.  \ \  __\   \ \  __<   
    18. 

  18.  \ \_\\"\_\  \ \_____\    \ \_\  \ \_\ \ \_\  \ \_\ \_\  \ \_\ \_\  \ \_____\  \ \_\ \_\ 
    19. 

  19.   \/_/ \/_/   \/_____/     \/_/   \/_/  \/_/   \/_/\/_/   \/_/\/_/   \/_____/   \/_/ /_/ 
    20. 

  20.                                                                                                                                                                                                  
    21. 

  21. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    22. 

  22. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    23. 

  23. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    24. 

  24. EOF
    25. 

  25. 

  26. NETMAKER_BASE_DOMAIN=nm.$(curl -s ifconfig.me | tr . -).nip.io
    27. 

  27. COREDNS_IP=$(ip route get 1 | sed -n 's/^.*src \([0-9.]*\) .*$/\1/p')
    28. 

  28. SERVER_PUBLIC_IP=$(curl -s ifconfig.me)
    29. 

  29. MASTER_KEY=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 30 ; echo '')
    30. 

  30. EMAIL="[email protected]"
    31. 

  31. 

  32. echo "Default Base Domain: $NETMAKER_BASE_DOMAIN"
    33. 

  33. echo "To Override, add a Wildcard (*.netmaker.example.com) DNS record pointing to $SERVER_PUBLIC_IP"
    34. 

  34. echo "Or, add three DNS records pointing to $SERVER_PUBLIC_IP for the following (Replacing 'netmaker.example.com' with the domain of your choice):"
    35. 

  35. echo "   dashboard.netmaker.example.com"
    36. 

  36. echo "         api.netmaker.example.com"
    37. 

  37. echo "        grpc.netmaker.example.com"
    38. 

  38. echo "-----------------------------------------------------"
    39. 

  39. read -p "Domain (Hit 'enter' to use $NETMAKER_BASE_DOMAIN): " domain
    40. 

  40. read -p "Contact Email: " email
    41. 

  41. 

  42. if [ -n "$domain" ]; then
    43. 

  43.   NETMAKER_BASE_DOMAIN=$domain
    44. 

  44. fi
    45. 

  45. if [ -n "$email" ]; then
    46. 

  46.   EMAIL=$email
    47. 

  47. fi
    48. 

  48. 

  49. while true; do
    50. 

  50.     read -p "Configure a default network automatically (y/n)? " yn
    51. 

  51.     case $yn in
    52. 

  52.         [Yy]* ) MESH_SETUP="true"; break;;
    53. 

  53.         [Nn]* ) MESH_SETUP="false"; break;;
    54. 

  54.         * ) echo "Please answer yes or no.";;
    55. 

  55.     esac
    56. 

  56. done
    57. 

  57. 

  58. while true; do
    59. 

  59.     read -p "Configure a VPN gateway automatically (y/n)? " yn
    60. 

  60.     case $yn in
    61. 

  61.         [Yy]* ) VPN_SETUP="true"; break;;
    62. 

  62.         [Nn]* ) VPN_SETUP="false"; break;;
    63. 

  63.         * ) echo "Please answer yes or no.";;
    64. 

  64.     esac
    65. 

  65. done
    66. 

  66. 

  67. if [ "${VPN_SETUP}" == "true" ]; then
    68. 

  68. while :; do
    69. 

  69.     read -ep '# of VPN clients to configure by default: ' num_clients
    70. 

  70.     [[ $num_clients =~ ^[[:digit:]]+$ ]] || continue
    71. 

  71.     (( ( (num_clients=(10#$num_clients)) <= 200 ) && num_clients >= 0 )) || continue
    72. 

  72.     break
    73. 

  73. done
    74. 

  74. fi
    75. 

  75. 

  76. if [ -n "$num_clients" ]; then
    77. 

  77.   NUM_CLIENTS=$num_clients
    78. 

  78. fi
    79. 

  79. 

  80. while true; do
    81. 

  81.     read -p "Override master key ($MASTER_KEY) (y/n)? " yn
    82. 

  82.     case $yn in
    83. 

  83.         [Yy]* ) override="true"; break;;
    84. 

  84.         [Nn]* ) override="false"; break;;
    85. 

  85.         * ) echo "Please answer yes or no.";;
    86. 

  86.     esac
    87. 

  87. done
    88. 

  88. 

  89. if [ "${override}" == "true" ]; then
    90. 

  90. while :; do
    91. 

  91.     read -ep 'New Master Key: ' key
    92. 

  92.     result="$(cracklib-check <<<"$key")"
    93. 

  93.     okay="$(awk -F': ' '{ print $2}' <<<"$result")"
    94. 

  94.     if [[ "$okay" == "OK" ]]
    95. 

  95.     then
    96. 

  96. 	MASTER_KEY=$key
    97. 

  97. 	break
    98. 

  98.     else
    99. 

  99. 	echo "Your password was rejected - $result"
    100. 

  100.         echo "Try again."
    101. 

  101.     fi
    102. 

  102. done
    103. 

  103. fi
    104. 

  104. 

  105. echo "-----------------------------------------------------------------"
    106. 

  106. echo "                SETUP ARGUMENTS"
    107. 

  107. echo "-----------------------------------------------------------------"
    108. 

  108. echo "        domain: $NETMAKER_BASE_DOMAIN"
    109. 

  109. echo "         email: $EMAIL"
    110. 

  110. echo "    coredns ip: $COREDNS_IP"
    111. 

  111. echo "     public ip: $SERVER_PUBLIC_IP"
    112. 

  112. echo "    master key: $MASTER_KEY"
    113. 

  113. echo "   setup mesh?: $MESH_SETUP"
    114. 

  114. echo "    setup vpn?: $VPN_SETUP"
    115. 

  115. if [ "${VPN_SETUP}" == "true" ]; then
    116. 

  116. echo "     # clients: $NUM_CLIENTS"
    117. 

  117. fi
    118. 

  118. 

  119. while true; do
    120. 

  120.     read -p "Does everything look right (y/n)? " yn
    121. 

  121.     case $yn in
    122. 

  122.         [Yy]* ) override="true"; break;;
    123. 

  123.         [Nn]* ) echo "exiting..."; exit;;
    124. 

  124.         * ) echo "Please answer yes or no.";;
    125. 

  125.     esac
    126. 

  126. done
    127. 

  127. 

  128. 

  129. echo "Beginning installation in 5 seconds..."
    130. 

  130. 

  131. sleep 5
    132. 

  132. 

  133. 

  134. echo "Setting Caddyfile..."
    135. 

  135. 

  136. sed -i "s/NETMAKER_BASE_DOMAIN/$NETMAKER_BASE_DOMAIN/g" /root/Caddyfile
    137. 

  137. sed -i "s/YOUR_EMAIL/$EMAIL/g" /root/Caddyfile
    138. 

  138. 

  139. echo "Setting Broker..."
    140. 

  140. sed -i "s/SERVER_PBLIC_IP/$SERVER_PUBLIC_IP/g" /root/mosquitto.conf
    141. 

  141. 

  142. echo "Setting docker-compose..."
    143. 

  143. 

  144. sed -i "s/NETMAKER_BASE_DOMAIN/$NETMAKER_BASE_DOMAIN/g" /root/docker-compose.yml
    145. 

  145. sed -i "s/SERVER_PUBLIC_IP/$SERVER_PUBLIC_IP/g" /root/docker-compose.yml
    146. 

  146. sed -i "s/COREDNS_IP/$COREDNS_IP/g" /root/docker-compose.yml
    147. 

  147. sed -i "s/REPLACE_MASTER_KEY/$MASTER_KEY/g" /root/docker-compose.yml
    148. 

  148. 

  149. echo "Starting containers..."
    150. 

  150. 

  151. docker-compose -f /root/docker-compose.yml up -d
    152. 

  152. 

  153. sleep 2
    154. 

  154. 

  155. setup_mesh() {
    156. 

  156. echo "Creating default network (10.101.0.0/16)..."
    157. 

  157. 

  158. curl -s -o /dev/null -d '{"addressrange":"10.101.0.0/16","netid":"default"}' -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' localhost:8081/api/networks
    159. 

  159. 

  160. sleep 2
    161. 

  161. 

  162. echo "Creating default key..."
    163. 

  163. 

  164. curlresponse=$(curl -s -d '{"uses":99999,"name":"defaultkey"}' -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' localhost:8081/api/networks/default/keys)
    165. 

  165. ACCESS_TOKEN=$(jq -r '.accessstring' <<< ${curlresponse})
    166. 

  166. 

  167. sleep 2
    168. 

  168. 

  169. echo "Configuring Netmaker server as ingress gateway..."
    170. 

  170. 

  171. curlresponse=$(curl -s -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' localhost:8081/api/nodes/default)
    172. 

  172. SERVER_ID=$(jq -r '.[0].macaddress' <<< ${curlresponse})
    173. 

  173. 

  174. curl -o /dev/null -s -X POST -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' localhost:8081/api/nodes/default/$SERVER_ID/createingress
    175. 

  175. 

  176. VPN_ACCESS_TOKEN=$ACCESS_TOKEN
    177. 

  177. 

  178. }
    179. 

  179. 

  180. mesh_connect_logs() {
    181. 

  181. sleep 5
    182. 

  182. echo "-----------------------------------------------------------------"
    183. 

  183. echo "-----------------------------------------------------------------"
    184. 

  184. echo "DEFAULT NETWORK CLIENT INSTALL INSTRUCTIONS:"
    185. 

  185. echo "-----------------------------------------------------------------"
    186. 

  186. echo "-----------------------------------------------------------------"
    187. 

  187. sleep 5
    188. 

  188. echo "For Linux and Mac clients, install with the following command:"
    189. 

  189. echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -"
    190. 

  190. echo "curl -sfL https://raw.githubusercontent.com/gravitl/netmaker/develop/scripts/netclient-install.sh | sudo KEY=$VPN_ACCESS_TOKEN sh -"
    191. 

  191. sleep 5
    192. 

  192. echo "-----------------------------------------------------------------"
    193. 

  193. echo "-----------------------------------------------------------------"
    194. 

  194. echo "For Windows clients, perform the following from powershell, as administrator:"
    195. 

  195. echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -"
    196. 

  196. echo "1. Make sure WireGuardNT is installed - https://download.wireguard.com/windows-client/wireguard-installer.exe"
    197. 

  197. echo "2. Download netclient.exe - wget https://github.com/gravitl/netmaker/releases/download/latest/netclient.exe"
    198. 

  198. echo "3. Install Netclient - powershell.exe .\\netclient.exe join -t $VPN_ACCESS_TOKEN"
    199. 

  199. echo "4. Whitelist C:\ProgramData\Netclient in Windows Defender"
    200. 

  200. sleep 5
    201. 

  201. echo "-----------------------------------------------------------------"
    202. 

  202. echo "-----------------------------------------------------------------"
    203. 

  203. echo "For Android and iOS clients, perform the following steps:"
    204. 

  204. echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -"
    205. 

  205. echo "1. Log into UI at dashboard.$NETMAKER_BASE_DOMAIN"
    206. 

  206. echo "2. Navigate to \"EXTERNAL CLIENTS\" tab"
    207. 

  207. echo "3. Select the gateway and create clients"
    208. 

  208. echo "4. Scan the QR Code from WireGuard app in iOS or Android"
    209. 

  209. echo "-----------------------------------------------------------------"
    210. 

  210. echo "-----------------------------------------------------------------"
    211. 

  211. sleep 5
    212. 

  212. }
    213. 

  213. 

  214. setup_vpn() {
    215. 

  215. echo "Creating vpn network (10.201.0.0/16)..."
    216. 

  216. 

  217. curl -s -o /dev/null -d '{"addressrange":"10.201.0.0/16","netid":"vpn","defaultextclientdns":"8.8.8.8"}' -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' localhost:8081/api/networks
    218. 

  218. 

  219. sleep 2
    220. 

  220. 

  221. echo "Configuring Netmaker server as vpn inlet..."
    222. 

  222. 

  223. curlresponse=$(curl -s -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' localhost:8081/api/nodes/vpn)
    224. 

  224. SERVER_ID=$(jq -r '.[0].macaddress' <<< ${curlresponse})
    225. 

  225. 

  226. curl -s -o /dev/null -X POST -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' localhost:8081/api/nodes/vpn/$SERVER_ID/createingress
    227. 

  227. 

  228. echo "Waiting 10 seconds for server to apply configuration..."
    229. 

  229. 

  230. sleep 10
    231. 

  231. 

  232. echo "Configuring Netmaker server VPN gateway..."
    233. 

  233. 

  234. [ -z "$GATEWAY_IFACE" ] && GATEWAY_IFACE=$(ip -4 route ls | grep default | grep -Po '(?<=dev )(\S+)' | grep -v default)
    235. 

  235. 

  236. curlresponse=$(curl -s -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' localhost:8081/api/nodes/vpn)
    237. 

  237. SERVER_ID=$(jq -r '.[0].macaddress' <<< ${curlresponse})
    238. 

  238. 

  239. EGRESS_JSON=$( jq -n \
    240. 

  240.                   --arg gw "$GATEWAY_IFACE" \
    241. 

  241.                   '{ranges: ["0.0.0.0/0"], interface: $gw}' )
    242. 

  242. 

  243. curl -s -o /dev/null -X POST -d "$EGRESS_JSON" -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' localhost:8081/api/nodes/vpn/$SERVER_ID/creategateway
    244. 

  244. 

  245. echo "Creating client configs..."
    246. 

  246. 

  247. for ((a=1; a <= $NUM_CLIENTS; a++))
    248. 

  248. do
    249. 

  249.         CLIENT_JSON=$( jq -n \
    250. 

  250.                   --arg clientid "vpnclient-$a" \
    251. 

  251.                   '{clientid: $clientid}' )
    252. 

  252. 

  253.         curl -s -o /dev/null -d "$CLIENT_JSON" -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' localhost:8081/api/extclients/vpn/$SERVER_ID
    254. 

  254. done
    255. 

  255. 

  256. }
    257. 

  257. 

  258. vpn_connect_logs() {
    259. 

  259. sleep 5
    260. 

  260. echo "-----------------------------------------------------------------"
    261. 

  261. echo "-----------------------------------------------------------------"
    262. 

  262. echo "VPN GATEWAY CLIENT INSTALL INSTRUCTIONS:"
    263. 

  263. echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -"
    264. 

  264. echo "1. log into dashboard.$NETMAKER_BASE_DOMAIN"
    265. 

  265. echo "2. Navigate to \"EXTERNAL CLIENTS\" tab"
    266. 

  266. echo "3. Download or scan a client config (vpnclient-x) to the appropriate device"
    267. 

  267. echo "4. Follow the steps for your system to configure WireGuard on the appropriate device"
    268. 

  268. echo "5. Create and delete clients as necessary. Changes to netmaker server settings require regenerating ext clients."
    269. 

  269. echo "-----------------------------------------------------------------"
    270. 

  270. echo "-----------------------------------------------------------------"
    271. 

  271. sleep 5
    272. 

  272. }
    273. 

  273. 

  274. if [ "${MESH_SETUP}" != "false" ]; then
    275. 

  275.         setup_mesh
    276. 

  276. fi
    277. 

  277. 

  278. if [ "${VPN_SETUP}" == "true" ]; then
    279. 

  279.         setup_vpn
    280. 

  280. fi
    281. 

  281. 

  282. if [ "${MESH_SETUP}" != "false" ]; then
    283. 

  283.         mesh_connect_logs
    284. 

  284. fi
    285. 

  285. 

  286. if [ "${VPN_SETUP}" == "true" ]; then
    287. 

  287.         vpn_connect_logs
    288. 

  288. fi
    289. 

  289. 

  290. echo "Netmaker setup is now complete. You are ready to begin using Netmaker."
    291. 

  291. echo "Visit dashboard.$NETMAKER_BASE_DOMAIN to log in"
    292. 

  292. 

  293. cp -f /etc/skel/.bashrc /root/.bashrc
    294.