add nslcd for mail and coffee
continuous-integration/drone/pr Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
This commit is contained in:
parent
1eeb5bc10b
commit
f72c6665f9
|
@ -64,6 +64,7 @@ cat <<EOF | kadmin.local
|
||||||
addpol -minlength 4 default
|
addpol -minlength 4 default
|
||||||
addprinc -pw krb5 sysadmin/admin
|
addprinc -pw krb5 sysadmin/admin
|
||||||
addprinc -pw krb5 ctdalek
|
addprinc -pw krb5 ctdalek
|
||||||
|
addprinc -pw krb5 exec1
|
||||||
addprinc -pw krb5 regular1
|
addprinc -pw krb5 regular1
|
||||||
addprinc -randkey host/auth1.csclub.internal
|
addprinc -randkey host/auth1.csclub.internal
|
||||||
addprinc -randkey ldap/auth1.csclub.internal
|
addprinc -randkey ldap/auth1.csclub.internal
|
||||||
|
@ -82,14 +83,22 @@ EOF
|
||||||
sed -E -i 's/^START=.*$/START=yes/' /etc/default/saslauthd
|
sed -E -i 's/^START=.*$/START=yes/' /etc/default/saslauthd
|
||||||
sed -E -i 's/^MECHANISMS=.*$/MECHANISMS="kerberos5"/' /etc/default/saslauthd
|
sed -E -i 's/^MECHANISMS=.*$/MECHANISMS="kerberos5"/' /etc/default/saslauthd
|
||||||
service saslauthd start
|
service saslauthd start
|
||||||
killall slapd && sleep 0.5 && service slapd start
|
while true; do
|
||||||
|
killall slapd
|
||||||
|
sleep 1
|
||||||
|
if service slapd start; then
|
||||||
|
break
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
# sync with phosphoric-acid
|
|
||||||
apt install -y netcat-openbsd
|
apt install -y netcat-openbsd
|
||||||
|
# sync with phosphoric-acid
|
||||||
nc -l 0.0.0.0 9000
|
nc -l 0.0.0.0 9000
|
||||||
if [ -z "$CI" ]; then
|
if [ -z "$CI" ]; then
|
||||||
# sync with mail
|
# sync with coffee
|
||||||
nc -l 0.0.0.0 9001
|
nc -l 0.0.0.0 9001
|
||||||
|
# sync with mail
|
||||||
|
nc -l 0.0.0.0 9002
|
||||||
fi
|
fi
|
||||||
|
|
||||||
sleep infinity
|
sleep infinity
|
||||||
|
|
|
@ -6,12 +6,14 @@ set -ex
|
||||||
|
|
||||||
# set FQDN in /etc/hosts
|
# set FQDN in /etc/hosts
|
||||||
add_fqdn_to_hosts $(get_ip_addr $(hostname)) coffee
|
add_fqdn_to_hosts $(get_ip_addr $(hostname)) coffee
|
||||||
|
add_fqdn_to_hosts $(get_ip_addr auth1) auth1
|
||||||
|
|
||||||
export DEBIAN_FRONTEND=noninteractive
|
export DEBIAN_FRONTEND=noninteractive
|
||||||
apt update
|
apt update
|
||||||
|
|
||||||
apt install --no-install-recommends -y default-mysql-server postgresql
|
apt install --no-install-recommends -y default-mysql-server postgresql
|
||||||
|
|
||||||
|
# MYSQL
|
||||||
service mysql stop
|
service mysql stop
|
||||||
sed -E -i 's/^(bind-address[[:space:]]+= 127.0.0.1)$/#\1/' /etc/mysql/mariadb.conf.d/50-server.cnf
|
sed -E -i 's/^(bind-address[[:space:]]+= 127.0.0.1)$/#\1/' /etc/mysql/mariadb.conf.d/50-server.cnf
|
||||||
service mysql start
|
service mysql start
|
||||||
|
@ -20,6 +22,7 @@ CREATE USER 'mysql' IDENTIFIED BY 'mysql';
|
||||||
GRANT ALL PRIVILEGES ON *.* TO 'mysql' WITH GRANT OPTION;
|
GRANT ALL PRIVILEGES ON *.* TO 'mysql' WITH GRANT OPTION;
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
|
# POSTGRESQL
|
||||||
service postgresql stop
|
service postgresql stop
|
||||||
POSTGRES_DIR=/etc/postgresql/11/main
|
POSTGRES_DIR=/etc/postgresql/11/main
|
||||||
cat <<EOF > $POSTGRES_DIR/pg_hba.conf
|
cat <<EOF > $POSTGRES_DIR/pg_hba.conf
|
||||||
|
@ -43,8 +46,10 @@ REVOKE ALL ON SCHEMA public FROM public;
|
||||||
GRANT ALL ON SCHEMA public TO postgres;
|
GRANT ALL ON SCHEMA public TO postgres;
|
||||||
EOF" postgres
|
EOF" postgres
|
||||||
|
|
||||||
# sync with phosphoric-acid
|
|
||||||
apt install -y netcat-openbsd
|
apt install -y netcat-openbsd
|
||||||
|
auth_setup coffee
|
||||||
|
|
||||||
|
# sync with phosphoric-acid
|
||||||
nc -l 0.0.0.0 9000
|
nc -l 0.0.0.0 9000
|
||||||
|
|
||||||
sleep infinity
|
sleep infinity
|
||||||
|
|
|
@ -33,3 +33,45 @@ sync_with() {
|
||||||
done
|
done
|
||||||
test $synced = true
|
test $synced = true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
auth_setup() {
|
||||||
|
hostname=$1
|
||||||
|
|
||||||
|
# LDAP
|
||||||
|
apt install -y --no-install-recommends libnss-ldapd
|
||||||
|
service nslcd stop || true
|
||||||
|
cp .drone/ldap.conf /etc/ldap/ldap.conf
|
||||||
|
grep -Eq '^map group member uniqueMember$' /etc/nslcd.conf || \
|
||||||
|
echo 'map group member uniqueMember' >> /etc/nslcd.conf
|
||||||
|
sed -E -i 's/^uri .*$/uri ldap:\/\/auth1.csclub.internal/' /etc/nslcd.conf
|
||||||
|
sed -E -i 's/^base .*$/base dc=csclub,dc=internal/' /etc/nslcd.conf
|
||||||
|
cp .drone/nsswitch.conf /etc/nsswitch.conf
|
||||||
|
|
||||||
|
# KERBEROS
|
||||||
|
apt install -y krb5-user libpam-krb5 libsasl2-modules-gssapi-mit
|
||||||
|
cp .drone/krb5.conf /etc/krb5.conf
|
||||||
|
|
||||||
|
if [ $hostname = phosphoric-acid ]; then
|
||||||
|
sync_port=9000
|
||||||
|
elif [ $hostname = coffee ]; then
|
||||||
|
sync_port=9001
|
||||||
|
else
|
||||||
|
sync_port=9002
|
||||||
|
fi
|
||||||
|
sync_with auth1 $sync_port
|
||||||
|
|
||||||
|
rm -f /etc/krb5.keytab
|
||||||
|
cat <<EOF | kadmin -p sysadmin/admin -w krb5
|
||||||
|
addprinc -randkey host/$hostname.csclub.internal
|
||||||
|
ktadd host/$hostname.csclub.internal
|
||||||
|
addprinc -randkey ceod/$hostname.csclub.internal
|
||||||
|
ktadd ceod/$hostname.csclub.internal
|
||||||
|
EOF
|
||||||
|
if [ $hostname = phosphoric-acid ]; then
|
||||||
|
cat <<EOF | kadmin -p sysadmin/admin -w krb5
|
||||||
|
addprinc -randkey ceod/admin
|
||||||
|
ktadd ceod/admin
|
||||||
|
EOF
|
||||||
|
fi
|
||||||
|
service nslcd start
|
||||||
|
}
|
||||||
|
|
|
@ -12,23 +12,10 @@ add_fqdn_to_hosts $(get_ip_addr auth1) auth1
|
||||||
python tests/MockMailmanServer.py &
|
python tests/MockMailmanServer.py &
|
||||||
python tests/MockSMTPServer.py &
|
python tests/MockSMTPServer.py &
|
||||||
|
|
||||||
# KERBEROS
|
|
||||||
export DEBIAN_FRONTEND=noninteractive
|
export DEBIAN_FRONTEND=noninteractive
|
||||||
apt update
|
apt update
|
||||||
apt install -y krb5-user netcat-openbsd
|
apt install -y netcat-openbsd
|
||||||
cp .drone/krb5.conf /etc/krb5.conf
|
auth_setup mail
|
||||||
|
|
||||||
# sync with auth1
|
|
||||||
sync_with auth1 9001
|
|
||||||
|
|
||||||
rm -f /etc/krb5.keytab
|
|
||||||
cat <<EOF | kadmin -p sysadmin/admin
|
|
||||||
krb5
|
|
||||||
addprinc -randkey host/mail.csclub.internal
|
|
||||||
ktadd host/mail.csclub.internal
|
|
||||||
addprinc -randkey ceod/mail.csclub.internal
|
|
||||||
ktadd ceod/mail.csclub.internal
|
|
||||||
EOF
|
|
||||||
|
|
||||||
# sync with phosphoric-acid
|
# sync with phosphoric-acid
|
||||||
nc -l 0.0.0.0 9000
|
nc -l 0.0.0.0 9000
|
||||||
|
|
|
@ -15,41 +15,8 @@ fi
|
||||||
|
|
||||||
export DEBIAN_FRONTEND=noninteractive
|
export DEBIAN_FRONTEND=noninteractive
|
||||||
apt update
|
apt update
|
||||||
|
|
||||||
# LDAP
|
|
||||||
apt install -y --no-install-recommends libnss-ldapd
|
|
||||||
service nslcd stop || true
|
|
||||||
cp .drone/ldap.conf /etc/ldap/ldap.conf
|
|
||||||
grep -Eq '^map group member uniqueMember$' /etc/nslcd.conf || \
|
|
||||||
echo 'map group member uniqueMember' >> /etc/nslcd.conf
|
|
||||||
sed -E -i 's/^uri .*$/uri ldap:\/\/auth1.csclub.internal/' /etc/nslcd.conf
|
|
||||||
sed -E -i 's/^base .*$/base dc=csclub,dc=internal/' /etc/nslcd.conf
|
|
||||||
cp .drone/nsswitch.conf /etc/nsswitch.conf
|
|
||||||
|
|
||||||
# KERBEROS
|
|
||||||
apt install -y krb5-user libpam-krb5 libsasl2-modules-gssapi-mit
|
|
||||||
cp .drone/krb5.conf /etc/krb5.conf
|
|
||||||
|
|
||||||
apt install -y netcat-openbsd
|
apt install -y netcat-openbsd
|
||||||
|
auth_setup phosphoric-acid
|
||||||
sync_with auth1
|
|
||||||
|
|
||||||
rm -f /etc/krb5.keytab
|
|
||||||
cat <<EOF | kadmin -p sysadmin/admin
|
|
||||||
krb5
|
|
||||||
addprinc -randkey host/phosphoric-acid.csclub.internal
|
|
||||||
ktadd host/phosphoric-acid.csclub.internal
|
|
||||||
addprinc -randkey ceod/phosphoric-acid.csclub.internal
|
|
||||||
ktadd ceod/phosphoric-acid.csclub.internal
|
|
||||||
addprinc -randkey ceod/admin
|
|
||||||
ktadd ceod/admin
|
|
||||||
EOF
|
|
||||||
service nslcd start
|
|
||||||
|
|
||||||
sync_with coffee
|
|
||||||
if [ -z "$CI" ]; then
|
|
||||||
sync_with mail
|
|
||||||
fi
|
|
||||||
|
|
||||||
# initialize the skel directory
|
# initialize the skel directory
|
||||||
shopt -s dotglob
|
shopt -s dotglob
|
||||||
|
@ -62,6 +29,8 @@ for user in ctdalek regular1 exec1; do
|
||||||
chown $user:$user /users/$user
|
chown $user:$user /users/$user
|
||||||
done
|
done
|
||||||
|
|
||||||
|
sync_with coffee
|
||||||
if [ -z "$CI" ]; then
|
if [ -z "$CI" ]; then
|
||||||
|
sync_with mail
|
||||||
sleep infinity
|
sleep infinity
|
||||||
fi
|
fi
|
||||||
|
|
Loading…
Reference in New Issue