226 lines
4.2 KiB
Bash
226 lines
4.2 KiB
Bash
#!/bin/bash
|
|
|
|
set -e
|
|
|
|
echo "========================================"
|
|
echo " SIMATICA - Docker Bootstrap"
|
|
echo "========================================"
|
|
|
|
export DEBIAN_FRONTEND=noninteractive
|
|
|
|
#
|
|
# Aggiornamenti iniziali
|
|
#
|
|
apt-get clean
|
|
apt-get update
|
|
apt-get dist-upgrade -y
|
|
apt-get autoremove -y
|
|
|
|
#
|
|
# Rimozione eventuali vecchie versioni Docker
|
|
#
|
|
for pkg in docker.io docker-doc docker-compose docker-compose-v2 podman-docker containerd runc; do
|
|
apt-get remove -y "$pkg" || true
|
|
done
|
|
|
|
#
|
|
# Pacchetti base
|
|
#
|
|
apt-get install -y \
|
|
ca-certificates \
|
|
curl \
|
|
gnupg \
|
|
lsb-release \
|
|
rsync \
|
|
parted \
|
|
software-properties-common
|
|
|
|
#
|
|
# Configurazione secondo disco
|
|
#
|
|
if [ -b /dev/sdb ]; then
|
|
|
|
echo "[INFO] Secondo disco rilevato: /dev/sdb"
|
|
|
|
#
|
|
# Se non esiste partizione, la crea
|
|
#
|
|
if ! blkid /dev/sdb1 >/dev/null 2>&1; then
|
|
|
|
echo "[INFO] Creo partizione su /dev/sdb"
|
|
|
|
parted -s /dev/sdb mklabel gpt
|
|
parted -s /dev/sdb mkpart primary ext4 0% 100%
|
|
|
|
sleep 2
|
|
|
|
mkfs.ext4 -F /dev/sdb1
|
|
fi
|
|
|
|
#
|
|
# Mount /mnt/docker
|
|
#
|
|
mkdir -p /mnt/docker
|
|
|
|
UUID=$(blkid -s UUID -o value /dev/sdb1)
|
|
|
|
if ! grep -q "$UUID" /etc/fstab; then
|
|
echo "UUID=$UUID /mnt/docker ext4 defaults,nofail 0 2" >> /etc/fstab
|
|
fi
|
|
|
|
mount -a
|
|
|
|
echo "[OK] Disco Docker montato"
|
|
|
|
else
|
|
|
|
echo "[WARNING] Nessun secondo disco trovato"
|
|
|
|
mkdir -p /mnt/docker
|
|
|
|
fi
|
|
|
|
#
|
|
# Installazione Docker ufficiale
|
|
#
|
|
install -m 0755 -d /etc/apt/keyrings
|
|
|
|
curl -fsSL https://download.docker.com/linux/ubuntu/gpg \
|
|
-o /etc/apt/keyrings/docker.asc
|
|
|
|
chmod a+r /etc/apt/keyrings/docker.asc
|
|
|
|
echo \
|
|
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] \
|
|
https://download.docker.com/linux/ubuntu \
|
|
$(. /etc/os-release && echo "${UBUNTU_CODENAME:-$VERSION_CODENAME}") stable" \
|
|
> /etc/apt/sources.list.d/docker.list
|
|
|
|
apt-get update
|
|
|
|
apt-get install -y \
|
|
docker-ce \
|
|
docker-ce-cli \
|
|
containerd.io \
|
|
docker-buildx-plugin \
|
|
docker-compose-plugin
|
|
|
|
#
|
|
# Stop servizi
|
|
#
|
|
systemctl stop docker.socket || true
|
|
systemctl stop docker || true
|
|
systemctl stop containerd || true
|
|
|
|
#
|
|
# Directory dedicate
|
|
#
|
|
mkdir -p /mnt/docker/docker
|
|
mkdir -p /mnt/docker/containerd
|
|
mkdir -p /mnt/docker/portainer
|
|
|
|
mkdir -p /etc/docker
|
|
mkdir -p /etc/containerd
|
|
|
|
#
|
|
# Migrazione eventuali dati esistenti
|
|
#
|
|
rsync -aHAXx /var/lib/docker/ /mnt/docker/docker/ 2>/dev/null || true
|
|
rsync -aHAXx /var/lib/containerd/ /mnt/docker/containerd/ 2>/dev/null || true
|
|
|
|
#
|
|
# Docker data-root
|
|
#
|
|
cat >/etc/docker/daemon.json <<EOF
|
|
{
|
|
"data-root": "/mnt/docker/docker",
|
|
"log-driver": "json-file",
|
|
"log-opts": {
|
|
"max-size": "50m",
|
|
"max-file": "3"
|
|
}
|
|
}
|
|
EOF
|
|
|
|
#
|
|
# Containerd config
|
|
#
|
|
containerd config default >/etc/containerd/config.toml
|
|
|
|
sed -i 's#^root = .*#root = "/mnt/docker/containerd"#' \
|
|
/etc/containerd/config.toml
|
|
|
|
sed -i 's#^state = .*#state = "/run/containerd"#' \
|
|
/etc/containerd/config.toml
|
|
|
|
#
|
|
# Symlink containerd
|
|
#
|
|
rm -rf /var/lib/containerd || true
|
|
|
|
ln -s /mnt/docker/containerd /var/lib/containerd
|
|
|
|
#
|
|
# Avvio servizi
|
|
#
|
|
systemctl daemon-reload
|
|
|
|
systemctl enable containerd
|
|
systemctl enable docker
|
|
|
|
systemctl start containerd
|
|
systemctl start docker
|
|
|
|
#
|
|
# Verifiche Docker
|
|
#
|
|
docker --version
|
|
docker compose version
|
|
|
|
docker run --rm hello-world
|
|
|
|
#
|
|
# Installazione Portainer
|
|
#
|
|
docker volume create portainer_data
|
|
|
|
docker run -d \
|
|
--name portainer \
|
|
--restart always \
|
|
-p 10443:9443 \
|
|
-p 8099:9000 \
|
|
-v /var/run/docker.sock:/var/run/docker.sock \
|
|
-v /mnt/docker/portainer:/data \
|
|
portainer/portainer-ce:latest
|
|
|
|
#
|
|
# Prerequisiti Wazuh / Elasticsearch
|
|
#
|
|
sysctl -w vm.max_map_count=262144
|
|
|
|
echo 'vm.max_map_count=262144' \
|
|
>/etc/sysctl.d/99-wazuh.conf
|
|
|
|
sysctl --system
|
|
|
|
#
|
|
# MOTD Simatica
|
|
#
|
|
cat >/etc/motd <<EOF
|
|
========================================
|
|
SIMATICA - Docker Server
|
|
========================================
|
|
Docker Root : /mnt/docker/docker
|
|
Portainer : https://$(hostname):10443
|
|
========================================
|
|
EOF
|
|
|
|
#
|
|
# Pulizia finale
|
|
#
|
|
apt-get autoremove -y
|
|
apt-get clean
|
|
|
|
echo "========================================"
|
|
echo " Bootstrap completato correttamente"
|
|
echo "========================================" |