add nslcd for mail and coffee

1 year ago · f72c6665f9
parent 1eeb5bc10b
commit f72c6665f9
5 changed files with 65 additions and 53 deletions
--- a/.drone/auth1-setup.sh
+++ b/.drone/auth1-setup.sh
@ -64,6 +64,7 @@ cat <<EOF | kadmin.local
 addpol -minlength 4 default
 addprinc -pw krb5 sysadmin/admin
 addprinc -pw krb5 ctdalek
+addprinc -pw krb5 exec1
 addprinc -pw krb5 regular1
 addprinc -randkey host/auth1.csclub.internal
 addprinc -randkey ldap/auth1.csclub.internal
@ -82,14 +83,22 @@ EOF
 sed -E -i 's/^START=.*$/START=yes/' /etc/default/saslauthd
 sed -E -i 's/^MECHANISMS=.*$/MECHANISMS="kerberos5"/' /etc/default/saslauthd
 service saslauthd start
-killall slapd && sleep 0.5 && service slapd start
+while true; do
+    killall slapd
+    sleep 1
+    if service slapd start; then
+        break
+    fi
+done

-# sync with phosphoric-acid
 apt install -y netcat-openbsd
+# sync with phosphoric-acid
 nc -l 0.0.0.0 9000
 if [ -z "$CI" ]; then
-    # sync with mail
+    # sync with coffee
    nc -l 0.0.0.0 9001
+    # sync with mail
+    nc -l 0.0.0.0 9002
 fi

 sleep infinity
--- a/.drone/coffee-setup.sh
+++ b/.drone/coffee-setup.sh
@ -6,12 +6,14 @@ set -ex

 # set FQDN in /etc/hosts
 add_fqdn_to_hosts $(get_ip_addr $(hostname)) coffee
+add_fqdn_to_hosts $(get_ip_addr auth1) auth1

 export DEBIAN_FRONTEND=noninteractive
 apt update

 apt install --no-install-recommends -y default-mysql-server postgresql

+# MYSQL
 service mysql stop
 sed -E -i 's/^(bind-address[[:space:]]+= 127.0.0.1)$/#\1/' /etc/mysql/mariadb.conf.d/50-server.cnf
 service mysql start
@ -20,6 +22,7 @@ CREATE USER 'mysql' IDENTIFIED BY 'mysql';
 GRANT ALL PRIVILEGES ON *.* TO 'mysql' WITH GRANT OPTION;
 EOF

+# POSTGRESQL
 service postgresql stop
 POSTGRES_DIR=/etc/postgresql/11/main
 cat <<EOF > $POSTGRES_DIR/pg_hba.conf
@ -43,8 +46,10 @@ REVOKE ALL ON SCHEMA public FROM public;
 GRANT ALL ON SCHEMA public TO postgres;
 EOF" postgres

-# sync with phosphoric-acid
 apt install -y netcat-openbsd
+auth_setup coffee
+
+# sync with phosphoric-acid
 nc -l 0.0.0.0 9000

 sleep infinity
--- a/.drone/common.sh
+++ b/.drone/common.sh
@ -33,3 +33,45 @@ sync_with() {
    done
    test $synced = true
 }
+
+auth_setup() {
+    hostname=$1
+
+    # LDAP
+    apt install -y --no-install-recommends libnss-ldapd
+    service nslcd stop || true
+    cp .drone/ldap.conf /etc/ldap/ldap.conf
+    grep -Eq '^map group member uniqueMember$' /etc/nslcd.conf || \
+        echo 'map group member uniqueMember' >> /etc/nslcd.conf
+    sed -E -i 's/^uri .*$/uri ldap:\/\/auth1.csclub.internal/' /etc/nslcd.conf
+    sed -E -i 's/^base .*$/base dc=csclub,dc=internal/' /etc/nslcd.conf
+    cp .drone/nsswitch.conf /etc/nsswitch.conf
+
+    # KERBEROS
+    apt install -y krb5-user libpam-krb5 libsasl2-modules-gssapi-mit
+    cp .drone/krb5.conf /etc/krb5.conf
+
+    if [ $hostname = phosphoric-acid ]; then
+        sync_port=9000
+    elif [ $hostname = coffee ]; then
+        sync_port=9001
+    else
+        sync_port=9002
+    fi
+    sync_with auth1 $sync_port
+
+    rm -f /etc/krb5.keytab
+    cat <<EOF | kadmin -p sysadmin/admin -w krb5
+addprinc -randkey host/$hostname.csclub.internal
+ktadd host/$hostname.csclub.internal
+addprinc -randkey ceod/$hostname.csclub.internal
+ktadd ceod/$hostname.csclub.internal
+EOF
+    if [ $hostname = phosphoric-acid ]; then
+        cat <<EOF | kadmin -p sysadmin/admin -w krb5
+addprinc -randkey ceod/admin
+ktadd ceod/admin
+EOF
+    fi
+    service nslcd start
+}
--- a/.drone/mail-setup.sh
+++ b/.drone/mail-setup.sh
@ -12,23 +12,10 @@ add_fqdn_to_hosts $(get_ip_addr auth1) auth1
 python tests/MockMailmanServer.py &
 python tests/MockSMTPServer.py &

-# KERBEROS
 export DEBIAN_FRONTEND=noninteractive
 apt update
-apt install -y krb5-user netcat-openbsd
-cp .drone/krb5.conf /etc/krb5.conf
-
-# sync with auth1
-sync_with auth1 9001
-
-rm -f /etc/krb5.keytab
-cat <<EOF | kadmin -p sysadmin/admin
-krb5
-addprinc -randkey host/mail.csclub.internal
-ktadd host/mail.csclub.internal
-addprinc -randkey ceod/mail.csclub.internal
-ktadd ceod/mail.csclub.internal
-EOF
+apt install -y netcat-openbsd
+auth_setup mail

 # sync with phosphoric-acid
 nc -l 0.0.0.0 9000
--- a/.drone/phosphoric-acid-setup.sh
+++ b/.drone/phosphoric-acid-setup.sh
@ -15,41 +15,8 @@ fi

 export DEBIAN_FRONTEND=noninteractive
 apt update
-
-# LDAP
-apt install -y --no-install-recommends libnss-ldapd
-service nslcd stop || true
-cp .drone/ldap.conf /etc/ldap/ldap.conf
-grep -Eq '^map group member uniqueMember$' /etc/nslcd.conf || \
-     echo 'map group member uniqueMember' >> /etc/nslcd.conf
-sed -E -i 's/^uri .*$/uri ldap:\/\/auth1.csclub.internal/' /etc/nslcd.conf
-sed -E -i 's/^base .*$/base dc=csclub,dc=internal/' /etc/nslcd.conf
-cp .drone/nsswitch.conf /etc/nsswitch.conf
-
-# KERBEROS
-apt install -y krb5-user libpam-krb5 libsasl2-modules-gssapi-mit
-cp .drone/krb5.conf /etc/krb5.conf
-
 apt install -y netcat-openbsd
-
-sync_with auth1
-
-rm -f /etc/krb5.keytab
-cat <<EOF | kadmin -p sysadmin/admin
-krb5
-addprinc -randkey host/phosphoric-acid.csclub.internal
-ktadd host/phosphoric-acid.csclub.internal
-addprinc -randkey ceod/phosphoric-acid.csclub.internal
-ktadd ceod/phosphoric-acid.csclub.internal
-addprinc -randkey ceod/admin
-ktadd ceod/admin
-EOF
-service nslcd start
-
-sync_with coffee
-if [ -z "$CI" ]; then
-    sync_with mail
-fi
+auth_setup phosphoric-acid

 # initialize the skel directory
 shopt -s dotglob
@ -62,6 +29,8 @@ for user in ctdalek regular1 exec1; do
    chown $user:$user /users/$user
 done

+sync_with coffee
 if [ -z "$CI" ]; then
+    sync_with mail
    sleep infinity
 fi