add nslcd for mail and coffee

pull/19/head
Max Erenberg 1 year ago
parent 1eeb5bc10b
commit f72c6665f9
  1. 15
      .drone/auth1-setup.sh
  2. 7
      .drone/coffee-setup.sh
  3. 42
      .drone/common.sh
  4. 17
      .drone/mail-setup.sh
  5. 37
      .drone/phosphoric-acid-setup.sh

@ -64,6 +64,7 @@ cat <<EOF | kadmin.local
addpol -minlength 4 default
addprinc -pw krb5 sysadmin/admin
addprinc -pw krb5 ctdalek
addprinc -pw krb5 exec1
addprinc -pw krb5 regular1
addprinc -randkey host/auth1.csclub.internal
addprinc -randkey ldap/auth1.csclub.internal
@ -82,14 +83,22 @@ EOF
sed -E -i 's/^START=.*$/START=yes/' /etc/default/saslauthd
sed -E -i 's/^MECHANISMS=.*$/MECHANISMS="kerberos5"/' /etc/default/saslauthd
service saslauthd start
killall slapd && sleep 0.5 && service slapd start
while true; do
killall slapd
sleep 1
if service slapd start; then
break
fi
done
# sync with phosphoric-acid
apt install -y netcat-openbsd
# sync with phosphoric-acid
nc -l 0.0.0.0 9000
if [ -z "$CI" ]; then
# sync with mail
# sync with coffee
nc -l 0.0.0.0 9001
# sync with mail
nc -l 0.0.0.0 9002
fi
sleep infinity

@ -6,12 +6,14 @@ set -ex
# set FQDN in /etc/hosts
add_fqdn_to_hosts $(get_ip_addr $(hostname)) coffee
add_fqdn_to_hosts $(get_ip_addr auth1) auth1
export DEBIAN_FRONTEND=noninteractive
apt update
apt install --no-install-recommends -y default-mysql-server postgresql
# MYSQL
service mysql stop
sed -E -i 's/^(bind-address[[:space:]]+= 127.0.0.1)$/#\1/' /etc/mysql/mariadb.conf.d/50-server.cnf
service mysql start
@ -20,6 +22,7 @@ CREATE USER 'mysql' IDENTIFIED BY 'mysql';
GRANT ALL PRIVILEGES ON *.* TO 'mysql' WITH GRANT OPTION;
EOF
# POSTGRESQL
service postgresql stop
POSTGRES_DIR=/etc/postgresql/11/main
cat <<EOF > $POSTGRES_DIR/pg_hba.conf
@ -43,8 +46,10 @@ REVOKE ALL ON SCHEMA public FROM public;
GRANT ALL ON SCHEMA public TO postgres;
EOF" postgres
# sync with phosphoric-acid
apt install -y netcat-openbsd
auth_setup coffee
# sync with phosphoric-acid
nc -l 0.0.0.0 9000
sleep infinity

@ -33,3 +33,45 @@ sync_with() {
done
test $synced = true
}
auth_setup() {
hostname=$1
# LDAP
apt install -y --no-install-recommends libnss-ldapd
service nslcd stop || true
cp .drone/ldap.conf /etc/ldap/ldap.conf
grep -Eq '^map group member uniqueMember$' /etc/nslcd.conf || \
echo 'map group member uniqueMember' >> /etc/nslcd.conf
sed -E -i 's/^uri .*$/uri ldap:\/\/auth1.csclub.internal/' /etc/nslcd.conf
sed -E -i 's/^base .*$/base dc=csclub,dc=internal/' /etc/nslcd.conf
cp .drone/nsswitch.conf /etc/nsswitch.conf
# KERBEROS
apt install -y krb5-user libpam-krb5 libsasl2-modules-gssapi-mit
cp .drone/krb5.conf /etc/krb5.conf
if [ $hostname = phosphoric-acid ]; then
sync_port=9000
elif [ $hostname = coffee ]; then
sync_port=9001
else
sync_port=9002
fi
sync_with auth1 $sync_port
rm -f /etc/krb5.keytab
cat <<EOF | kadmin -p sysadmin/admin -w krb5
addprinc -randkey host/$hostname.csclub.internal
ktadd host/$hostname.csclub.internal
addprinc -randkey ceod/$hostname.csclub.internal
ktadd ceod/$hostname.csclub.internal
EOF
if [ $hostname = phosphoric-acid ]; then
cat <<EOF | kadmin -p sysadmin/admin -w krb5
addprinc -randkey ceod/admin
ktadd ceod/admin
EOF
fi
service nslcd start
}

@ -12,23 +12,10 @@ add_fqdn_to_hosts $(get_ip_addr auth1) auth1
python tests/MockMailmanServer.py &
python tests/MockSMTPServer.py &
# KERBEROS
export DEBIAN_FRONTEND=noninteractive
apt update
apt install -y krb5-user netcat-openbsd
cp .drone/krb5.conf /etc/krb5.conf
# sync with auth1
sync_with auth1 9001
rm -f /etc/krb5.keytab
cat <<EOF | kadmin -p sysadmin/admin
krb5
addprinc -randkey host/mail.csclub.internal
ktadd host/mail.csclub.internal
addprinc -randkey ceod/mail.csclub.internal
ktadd ceod/mail.csclub.internal
EOF
apt install -y netcat-openbsd
auth_setup mail
# sync with phosphoric-acid
nc -l 0.0.0.0 9000

@ -15,41 +15,8 @@ fi
export DEBIAN_FRONTEND=noninteractive
apt update
# LDAP
apt install -y --no-install-recommends libnss-ldapd
service nslcd stop || true
cp .drone/ldap.conf /etc/ldap/ldap.conf
grep -Eq '^map group member uniqueMember$' /etc/nslcd.conf || \
echo 'map group member uniqueMember' >> /etc/nslcd.conf
sed -E -i 's/^uri .*$/uri ldap:\/\/auth1.csclub.internal/' /etc/nslcd.conf
sed -E -i 's/^base .*$/base dc=csclub,dc=internal/' /etc/nslcd.conf
cp .drone/nsswitch.conf /etc/nsswitch.conf
# KERBEROS
apt install -y krb5-user libpam-krb5 libsasl2-modules-gssapi-mit
cp .drone/krb5.conf /etc/krb5.conf
apt install -y netcat-openbsd
sync_with auth1
rm -f /etc/krb5.keytab
cat <<EOF | kadmin -p sysadmin/admin
krb5
addprinc -randkey host/phosphoric-acid.csclub.internal
ktadd host/phosphoric-acid.csclub.internal
addprinc -randkey ceod/phosphoric-acid.csclub.internal
ktadd ceod/phosphoric-acid.csclub.internal
addprinc -randkey ceod/admin
ktadd ceod/admin
EOF
service nslcd start
sync_with coffee
if [ -z "$CI" ]; then
sync_with mail
fi
auth_setup phosphoric-acid
# initialize the skel directory
shopt -s dotglob
@ -62,6 +29,8 @@ for user in ctdalek regular1 exec1; do
chown $user:$user /users/$user
done
sync_with coffee
if [ -z "$CI" ]; then
sync_with mail
sleep infinity
fi

Loading…
Cancel
Save