Home Explore Help
Sign In
golang
/
netmaker
mirror of https://github.com/gravitl/netmaker
2
0
Fork 0
Files Issues 0 Wiki
Branch: refactor_v0.14.7_unnecessary_code
Branches Tags
netmaker
/
scripts
/
nm-quick-interactive.sh

nm-quick-interactive.sh 12 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302 
  1. #!/bin/bash
    2. 

  2. 

  3. set -e
    4. 

  4. 

  5. cat << "EOF"
    6. 

  6. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    7. 

  7. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    8. 

  8. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    9. 

  9.                                                                                          
    10. 

  10.  __   __     ______     ______   __    __     ______     __  __     ______     ______    
    11. 

  11. /\ "-.\ \   /\  ___\   /\__  _\ /\ "-./  \   /\  __ \   /\ \/ /    /\  ___\   /\  == \   
    12. 

  12. \ \ \-.  \  \ \  __\   \/_/\ \/ \ \ \-./\ \  \ \  __ \  \ \  _"-.  \ \  __\   \ \  __<   
    13. 

  13.  \ \_\\"\_\  \ \_____\    \ \_\  \ \_\ \ \_\  \ \_\ \_\  \ \_\ \_\  \ \_____\  \ \_\ \_\ 
    14. 

  14.   \/_/ \/_/   \/_____/     \/_/   \/_/  \/_/   \/_/\/_/   \/_/\/_/   \/_____/   \/_/ /_/ 
    15. 

  15.                                                                                                                                                                                                  
    16. 

  16. 

  17. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    18. 

  18. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    19. 

  19. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    20. 

  20. EOF
    21. 

  21. 

  22. NETMAKER_BASE_DOMAIN=nm.$(curl -s ifconfig.me | tr . -).nip.io
    23. 

  23. COREDNS_IP=$(ip route get 1 | sed -n 's/^.*src \([0-9.]*\) .*$/\1/p')
    24. 

  24. SERVER_PUBLIC_IP=$(curl -s ifconfig.me)
    25. 

  25. MASTER_KEY=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 30 ; echo '')
    26. 

  26. EMAIL="$(echo $RANDOM | md5sum  | head -c 16)@email.com"
    27. 

  27. 

  28. echo "Default Base Domain: $NETMAKER_BASE_DOMAIN"
    29. 

  29. echo "To Override, add a Wildcard (*.netmaker.example.com) DNS record pointing to $SERVER_PUBLIC_IP"
    30. 

  30. echo "Or, add three DNS records pointing to $SERVER_PUBLIC_IP for the following (Replacing 'netmaker.example.com' with the domain of your choice):"
    31. 

  31. echo "   dashboard.netmaker.example.com"
    32. 

  32. echo "         api.netmaker.example.com"
    33. 

  33. echo "        grpc.netmaker.example.com"
    34. 

  34. echo "-----------------------------------------------------"
    35. 

  35. read -p "Domain (Hit 'enter' to use $NETMAKER_BASE_DOMAIN): " domain
    36. 

  36. read -p "Email for LetsEncrypt (Hit 'enter' to use $EMAIL): " email
    37. 

  37. 

  38. if [ -n "$domain" ]; then
    39. 

  39.   NETMAKER_BASE_DOMAIN=$domain
    40. 

  40. fi
    41. 

  41. if [ -n "$email" ]; then
    42. 

  42.   EMAIL=$email
    43. 

  43. fi
    44. 

  44. 

  45. while true; do
    46. 

  46.     read -p 'Configure a default network automatically? [y/n]: ' yn
    47. 

  47.     case $yn in
    48. 

  48.         [Yy]* ) MESH_SETUP="true"; break;;
    49. 

  49.         [Nn]* ) MESH_SETUP="false"; break;;
    50. 

  50.         * ) echo "Please answer yes or no.";;
    51. 

  51.     esac
    52. 

  52. done
    53. 

  53. 

  54. while true; do
    55. 

  55.     read -p 'Configure a VPN gateway automatically? [y/n]: ' yn
    56. 

  56.     case $yn in
    57. 

  57.         [Yy]* ) VPN_SETUP="true"; break;;
    58. 

  58.         [Nn]* ) VPN_SETUP="false"; break;;
    59. 

  59.         * ) echo "Please answer yes or no.";;
    60. 

  60.     esac
    61. 

  61. done
    62. 

  62. 

  63. if [ "${VPN_SETUP}" == "true" ]; then
    64. 

  64. while :; do
    65. 

  65.     read -ep '# of VPN clients to configure by default: ' num_clients
    66. 

  66.     [[ $num_clients =~ ^[[:digit:]]+$ ]] || continue
    67. 

  67.     (( ( (num_clients=(10#$num_clients)) <= 200 ) && num_clients >= 0 )) || continue
    68. 

  68.     break
    69. 

  69. done
    70. 

  70. fi
    71. 

  71. 

  72. if [ -n "$num_clients" ]; then
    73. 

  73.   NUM_CLIENTS=$num_clients
    74. 

  74. fi
    75. 

  75. 

  76. echo "-----------------------------------------------------------------"
    77. 

  77. echo "                SETUP ARGUMENTS"
    78. 

  78. echo "-----------------------------------------------------------------"
    79. 

  79. echo "        domain: $NETMAKER_BASE_DOMAIN"
    80. 

  80. echo "         email: $EMAIL"
    81. 

  81. echo "     public ip: $SERVER_PUBLIC_IP"
    82. 

  82. echo "   setup mesh?: $MESH_SETUP"
    83. 

  83. echo "    setup vpn?: $VPN_SETUP"
    84. 

  84. if [ "${VPN_SETUP}" == "true" ]; then
    85. 

  85. echo "     # clients: $NUM_CLIENTS"
    86. 

  86. fi
    87. 

  87. 

  88. while true; do
    89. 

  89.     read -p 'Does everything look right? [y/n]: ' yn
    90. 

  90.     case $yn in
    91. 

  91.         [Yy]* ) override="true"; break;;
    92. 

  92.         [Nn]* ) echo "exiting..."; exit;;
    93. 

  93.         * ) echo "Please answer yes or no.";;
    94. 

  94.     esac
    95. 

  95. done
    96. 

  96. 

  97. 

  98. echo "Beginning installation in 5 seconds..."
    99. 

  99. 

  100. sleep 5
    101. 

  101. 

  102. if [ -f "/root/docker-compose.yml" ]; then
    103. 

  103.     echo "Using existing docker compose"
    104. 

  104. else 
    105. 

  105.     echo "Pulling docker compose"
    106. 

  106.     wget -q -O /root/docker-compose.yml https://raw.githubusercontent.com/gravitl/netmaker/master/compose/docker-compose.yml
    107. 

  107. fi
    108. 

  108. 

  109. 

  110. if [ -f "/root/mosquitto.conf" ]; then
    111. 

  111.     echo "Using existing mosquitto config"
    112. 

  112. else
    113. 

  113.     echo "Pulling mosquitto config"
    114. 

  114.     wget -q -O /root/mosquitto.conf https://raw.githubusercontent.com/gravitl/netmaker/master/docker/mosquitto.conf
    115. 

  115. fi
    116. 

  116. 

  117. 

  118. mkdir -p /etc/netmaker
    119. 

  119. 

  120. echo "Setting docker-compose..."
    121. 

  121. 

  122. sed -i "s/NETMAKER_BASE_DOMAIN/$NETMAKER_BASE_DOMAIN/g" /root/docker-compose.yml
    123. 

  123. sed -i "s/SERVER_PUBLIC_IP/$SERVER_PUBLIC_IP/g" /root/docker-compose.yml
    124. 

  124. sed -i "s/REPLACE_MASTER_KEY/$MASTER_KEY/g" /root/docker-compose.yml
    125. 

  125. sed -i "s/YOUR_EMAIL/$EMAIL/g" /root/docker-compose.yml
    126. 

  126. 

  127. echo "Starting containers..."
    128. 

  128. 

  129. docker-compose -f /root/docker-compose.yml up -d
    130. 

  130. 

  131. sleep 2
    132. 

  132. 

  133. test_connection() {
    134. 

  134. 

  135. echo "Testing Traefik setup (please be patient, this may take 1-2 minutes)"
    136. 

  136. for i in 1 2 3 4 5 6
    137. 

  137. do
    138. 

  138. curlresponse=$(curl -vIs https://api.${NETMAKER_BASE_DOMAIN} 2>&1)
    139. 

  139. 

  140. if [[ "$i" == 6 ]]; then
    141. 

  141.   echo "    Traefik is having an issue setting up certificates, please investigate (docker logs traefik)"
    142. 

  142.   echo "    Exiting..."
    143. 

  143.   exit 1
    144. 

  144. elif [[ "$curlresponse" == *"failed to verify the legitimacy of the server"* ]]; then
    145. 

  145.   echo "    Certificates not yet configured, retrying..."
    146. 

  146. 

  147. elif [[ "$curlresponse" == *"left intact"* ]]; then
    148. 

  148.   echo "    Certificates ok"
    149. 

  149.   break
    150. 

  150. else
    151. 

  151.   secs=$(($i*5+10))
    152. 

  152.   echo "    Issue establishing connection...retrying in $secs seconds..."       
    153. 

  153. fi
    154. 

  154. sleep $secs
    155. 

  155. done
    156. 

  156. }
    157. 

  157. 

  158. 

  159. setup_mesh() {( set -e
    160. 

  160. sleep 5
    161. 

  161. echo "Creating netmaker network (10.101.0.0/16)"
    162. 

  162. 

  163. curl -s -o /dev/null -d '{"addressrange":"10.101.0.0/16","netid":"netmaker"}' -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api.${NETMAKER_BASE_DOMAIN}/api/networks
    164. 

  164. 

  165. sleep 5
    166. 

  166. 

  167. echo "Creating netmaker access key"
    168. 

  168. 

  169. curlresponse=$(curl -s -d '{"uses":99999,"name":"netmaker-key"}' -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api.${NETMAKER_BASE_DOMAIN}/api/networks/netmaker/keys)
    170. 

  170. ACCESS_TOKEN=$(jq -r '.accessstring' <<< ${curlresponse})
    171. 

  171. 

  172. sleep 5
    173. 

  173. 

  174. echo "Configuring netmaker server as ingress gateway"
    175. 

  175. 

  176. curlresponse=$(curl -s -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api.${NETMAKER_BASE_DOMAIN}/api/nodes/netmaker)
    177. 

  177. SERVER_ID=$(jq -r '.[0].id' <<< ${curlresponse})
    178. 

  178. 

  179. curl -o /dev/null -s -X POST -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api.${NETMAKER_BASE_DOMAIN}/api/nodes/netmaker/$SERVER_ID/createingress
    180. 

  180. 

  181. sleep 5
    182. 

  182. )}
    183. 

  183. 

  184. mesh_connect_logs() {
    185. 

  185. sleep 5
    186. 

  186. echo "-----------------------------------------------------------------"
    187. 

  187. echo "-----------------------------------------------------------------"
    188. 

  188. echo "DEFAULT NETWORK CLIENT INSTALL INSTRUCTIONS:"
    189. 

  189. echo "-----------------------------------------------------------------"
    190. 

  190. echo "-----------------------------------------------------------------"
    191. 

  191. sleep 5
    192. 

  192. echo "For Linux and Mac clients, install with the following command:"
    193. 

  193. echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -"
    194. 

  194. echo "curl -sfL https://raw.githubusercontent.com/gravitl/netmaker/develop/scripts/netclient-install.sh | sudo KEY=$VPN_ACCESS_TOKEN sh -"
    195. 

  195. sleep 5
    196. 

  196. echo "-----------------------------------------------------------------"
    197. 

  197. echo "-----------------------------------------------------------------"
    198. 

  198. echo "For Windows clients, perform the following from powershell, as administrator:"
    199. 

  199. echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -"
    200. 

  200. echo "1. Make sure WireGuardNT is installed - https://download.wireguard.com/windows-client/wireguard-installer.exe"
    201. 

  201. echo "2. Download netclient.exe - wget https://github.com/gravitl/netmaker/releases/download/latest/netclient.exe"
    202. 

  202. echo "3. Install Netclient - powershell.exe .\\netclient.exe join -t $VPN_ACCESS_TOKEN"
    203. 

  203. echo "4. Whitelist C:\ProgramData\Netclient in Windows Defender"
    204. 

  204. sleep 5
    205. 

  205. echo "-----------------------------------------------------------------"
    206. 

  206. echo "-----------------------------------------------------------------"
    207. 

  207. echo "For Android and iOS clients, perform the following steps:"
    208. 

  208. echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -"
    209. 

  209. echo "1. Log into UI at dashboard.$NETMAKER_BASE_DOMAIN"
    210. 

  210. echo "2. Navigate to \"EXTERNAL CLIENTS\" tab"
    211. 

  211. echo "3. Select the gateway and create clients"
    212. 

  212. echo "4. Scan the QR Code from WireGuard app in iOS or Android"
    213. 

  213. echo "-----------------------------------------------------------------"
    214. 

  214. echo "-----------------------------------------------------------------"
    215. 

  215. sleep 5
    216. 

  216. }
    217. 

  217. 

  218. setup_vpn() {( set -e
    219. 

  219. 

  220. echo "Creating vpn network (10.201.0.0/16)"
    221. 

  221. 

  222. sleep 5
    223. 

  223. curl -s -o /dev/null -d '{"addressrange":"10.201.0.0/16","netid":"vpn","defaultextclientdns":"8.8.8.8"}' -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api.${NETMAKER_BASE_DOMAIN}/api/networks
    224. 

  224. 

  225. sleep 5
    226. 

  226. 

  227. echo "Configuring netmaker server as vpn inlet..."
    228. 

  228. 

  229. curlresponse=$(curl -s -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api.${NETMAKER_BASE_DOMAIN}/api/nodes/vpn)
    230. 

  230. SERVER_ID=$(jq -r '.[0].id' <<< ${curlresponse})
    231. 

  231. 

  232. curl -s -o /dev/null -X POST -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api.${NETMAKER_BASE_DOMAIN}/api/nodes/vpn/$SERVER_ID/createingress
    233. 

  233. 

  234. echo "Waiting 10 seconds for server to apply configuration..."
    235. 

  235. 

  236. sleep 10
    237. 

  237. 

  238. 

  239. echo "Configuring netmaker server vpn gateway..."
    240. 

  240. 

  241. [ -z "$GATEWAY_IFACE" ] && GATEWAY_IFACE=$(ip -4 route ls | grep default | grep -Po '(?<=dev )(\S+)')
    242. 

  242. 

  243. echo "Gateway iface: $GATEWAY_IFACE"
    244. 

  244. 

  245. curlresponse=$(curl -s -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api.${NETMAKER_BASE_DOMAIN}/api/nodes/vpn)
    246. 

  246. SERVER_ID=$(jq -r '.[0].id' <<< ${curlresponse})
    247. 

  247. 

  248. EGRESS_JSON=$( jq -n \
    249. 

  249.                   --arg gw "$GATEWAY_IFACE" \
    250. 

  250.                   '{ranges: ["0.0.0.0/5","8.0.0.0/7","11.0.0.0/8","12.0.0.0/6","16.0.0.0/4","32.0.0.0/3","64.0.0.0/2","128.0.0.0/3","160.0.0.0/5","168.0.0.0/6","172.0.0.0/12","172.32.0.0/11","172.64.0.0/10","172.128.0.0/9","173.0.0.0/8","174.0.0.0/7","176.0.0.0/4","192.0.0.0/9","192.128.0.0/11","192.160.0.0/13","192.169.0.0/16","192.170.0.0/15","192.172.0.0/14","192.176.0.0/12","192.192.0.0/10","193.0.0.0/8","194.0.0.0/7","196.0.0.0/6","200.0.0.0/5","208.0.0.0/4"], interface: $gw}' )
    251. 

  251. 

  252. echo "Egress json: $EGRESS_JSON"
    253. 

  253. curl -s -o /dev/null -X POST -d "$EGRESS_JSON" -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api.${NETMAKER_BASE_DOMAIN}/api/nodes/vpn/$SERVER_ID/creategateway
    254. 

  254. 

  255. echo "Creating client configs..."
    256. 

  256. 

  257. for ((a=1; a <= $NUM_CLIENTS; a++))
    258. 

  258. do
    259. 

  259.         CLIENT_JSON=$( jq -n \
    260. 

  260.                   --arg clientid "vpnclient-$a" \
    261. 

  261.                   '{clientid: $clientid}' )
    262. 

  262. 

  263.         curl -s -o /dev/null -d "$CLIENT_JSON" -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api.${NETMAKER_BASE_DOMAIN}/api/extclients/vpn/$SERVER_ID
    264. 

  264. done
    265. 

  265. sleep 5
    266. 

  266. )}
    267. 

  267. 

  268. vpn_connect_logs() {
    269. 

  269. sleep 5
    270. 

  270. echo "-----------------------------------------------------------------"
    271. 

  271. echo "-----------------------------------------------------------------"
    272. 

  272. echo "VPN GATEWAY CLIENT INSTALL INSTRUCTIONS:"
    273. 

  273. echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -"
    274. 

  274. echo "1. log into dashboard.$NETMAKER_BASE_DOMAIN"
    275. 

  275. echo "2. Navigate to \"EXTERNAL CLIENTS\" tab"
    276. 

  276. echo "3. Download or scan a client config (vpnclient-x) to the appropriate device"
    277. 

  277. echo "4. Follow the steps for your system to configure WireGuard on the appropriate device"
    278. 

  278. echo "5. Create and delete clients as necessary. Changes to netmaker server settings require regenerating ext clients."
    279. 

  279. echo "-----------------------------------------------------------------"
    280. 

  280. echo "-----------------------------------------------------------------"
    281. 

  281. sleep 5
    282. 

  282. }
    283. 

  283. 

  284. set +e
    285. 

  285. test_connection
    286. 

  286. 

  287. if [ "${MESH_SETUP}" != "false" ]; then
    288. 

  288.         setup_mesh
    289. 

  289. fi
    290. 

  290. 

  291. if [ "${VPN_SETUP}" == "true" ]; then
    292. 

  292.         setup_vpn
    293. 

  293. fi
    294. 

  294. 

  295. echo "-----------------------------------------------------------------"
    296. 

  296. echo "-----------------------------------------------------------------"
    297. 

  297. echo "Netmaker setup is now complete. You are ready to begin using Netmaker."
    298. 

  298. echo "Visit dashboard.$NETMAKER_BASE_DOMAIN to log in"
    299. 

  299. echo "-----------------------------------------------------------------"
    300. 

  300. echo "-----------------------------------------------------------------"
    301. 

  301. 

  302. # cp -f /etc/skel/.bashrc /root/.bashrc
    303.