add nslcd for mail and coffee

2021-09-10 18:29:32 -04:00 · 2021-09-10 18:29:32 -04:00 · f72c6665f9
parent 1eeb5bc10b
commit f72c6665f9
5 changed files with 65 additions and 53 deletions
--- a/.drone/auth1-setup.sh
+++ b/.drone/auth1-setup.sh
@ -64,6 +64,7 @@ cat <<EOF | kadmin.local
 addpol -minlength 4 default
 addprinc -pw krb5 sysadmin/admin
 addprinc -pw krb5 ctdalek
 addprinc -pw krb5 exec1
 addprinc -pw krb5 regular1
 addprinc -randkey host/auth1.csclub.internal
 addprinc -randkey ldap/auth1.csclub.internal
@ -82,14 +83,22 @@ EOF
 sed -E -i 's/^START=.*$/START=yes/' /etc/default/saslauthd
 sed -E -i 's/^MECHANISMS=.*$/MECHANISMS="kerberos5"/' /etc/default/saslauthd
 service saslauthd start
-killall slapd && sleep 0.5 && service slapd start
+while true; do
    killall slapd
    sleep 1
    if service slapd start; then
        break
    fi
 done
 # sync with phosphoric-acid
 apt install -y netcat-openbsd
 # sync with phosphoric-acid
 nc -l 0.0.0.0 9000
 if [ -z "$CI" ]; then
-    # sync with mail
+    # sync with coffee
    nc -l 0.0.0.0 9001
    # sync with mail
    nc -l 0.0.0.0 9002
 fi
 sleep infinity
--- a/.drone/coffee-setup.sh
+++ b/.drone/coffee-setup.sh
@ -6,12 +6,14 @@ set -ex
 # set FQDN in /etc/hosts
 add_fqdn_to_hosts $(get_ip_addr $(hostname)) coffee
 add_fqdn_to_hosts $(get_ip_addr auth1) auth1
 export DEBIAN_FRONTEND=noninteractive
 apt update
 apt install --no-install-recommends -y default-mysql-server postgresql
 # MYSQL
 service mysql stop
 sed -E -i 's/^(bind-address[[:space:]]+= 127.0.0.1)$/#\1/' /etc/mysql/mariadb.conf.d/50-server.cnf
 service mysql start
@ -20,6 +22,7 @@ CREATE USER 'mysql' IDENTIFIED BY 'mysql';
 GRANT ALL PRIVILEGES ON *.* TO 'mysql' WITH GRANT OPTION;
 EOF
 # POSTGRESQL
 service postgresql stop
 POSTGRES_DIR=/etc/postgresql/11/main
 cat <<EOF > $POSTGRES_DIR/pg_hba.conf
@ -43,8 +46,10 @@ REVOKE ALL ON SCHEMA public FROM public;
 GRANT ALL ON SCHEMA public TO postgres;
 EOF" postgres
 # sync with phosphoric-acid
 apt install -y netcat-openbsd
 auth_setup coffee
 # sync with phosphoric-acid
 nc -l 0.0.0.0 9000
 sleep infinity
--- a/.drone/common.sh
+++ b/.drone/common.sh
@ -33,3 +33,45 @@ sync_with() {
    done
    test $synced = true
 }
 auth_setup() {
    hostname=$1
    # LDAP
    apt install -y --no-install-recommends libnss-ldapd
    service nslcd stop || true
    cp .drone/ldap.conf /etc/ldap/ldap.conf
    grep -Eq '^map group member uniqueMember$' /etc/nslcd.conf || \
        echo 'map group member uniqueMember' >> /etc/nslcd.conf
    sed -E -i 's/^uri .*$/uri ldap:\/\/auth1.csclub.internal/' /etc/nslcd.conf
    sed -E -i 's/^base .*$/base dc=csclub,dc=internal/' /etc/nslcd.conf
    cp .drone/nsswitch.conf /etc/nsswitch.conf
    # KERBEROS
    apt install -y krb5-user libpam-krb5 libsasl2-modules-gssapi-mit
    cp .drone/krb5.conf /etc/krb5.conf
    if [ $hostname = phosphoric-acid ]; then
        sync_port=9000
    elif [ $hostname = coffee ]; then
        sync_port=9001
    else
        sync_port=9002
    fi
    sync_with auth1 $sync_port
    rm -f /etc/krb5.keytab
    cat <<EOF | kadmin -p sysadmin/admin -w krb5
 addprinc -randkey host/$hostname.csclub.internal
 ktadd host/$hostname.csclub.internal
 addprinc -randkey ceod/$hostname.csclub.internal
 ktadd ceod/$hostname.csclub.internal
 EOF
    if [ $hostname = phosphoric-acid ]; then
        cat <<EOF | kadmin -p sysadmin/admin -w krb5
 addprinc -randkey ceod/admin
 ktadd ceod/admin
 EOF
    fi
    service nslcd start
 }
--- a/.drone/mail-setup.sh
+++ b/.drone/mail-setup.sh
@ -12,23 +12,10 @@ add_fqdn_to_hosts $(get_ip_addr auth1) auth1
 python tests/MockMailmanServer.py &
 python tests/MockSMTPServer.py &
 # KERBEROS
 export DEBIAN_FRONTEND=noninteractive
 apt update
-apt install -y krb5-user netcat-openbsd
+apt install -y netcat-openbsd
-cp .drone/krb5.conf /etc/krb5.conf
+auth_setup mail
 # sync with auth1
 sync_with auth1 9001
 rm -f /etc/krb5.keytab
 cat <<EOF | kadmin -p sysadmin/admin
 krb5
 addprinc -randkey host/mail.csclub.internal
 ktadd host/mail.csclub.internal
 addprinc -randkey ceod/mail.csclub.internal
 ktadd ceod/mail.csclub.internal
 EOF
 # sync with phosphoric-acid
 nc -l 0.0.0.0 9000
--- a/.drone/phosphoric-acid-setup.sh
+++ b/.drone/phosphoric-acid-setup.sh
@ -15,41 +15,8 @@ fi
 export DEBIAN_FRONTEND=noninteractive
 apt update
 # LDAP
 apt install -y --no-install-recommends libnss-ldapd
 service nslcd stop || true
 cp .drone/ldap.conf /etc/ldap/ldap.conf
 grep -Eq '^map group member uniqueMember$' /etc/nslcd.conf || \
     echo 'map group member uniqueMember' >> /etc/nslcd.conf
 sed -E -i 's/^uri .*$/uri ldap:\/\/auth1.csclub.internal/' /etc/nslcd.conf
 sed -E -i 's/^base .*$/base dc=csclub,dc=internal/' /etc/nslcd.conf
 cp .drone/nsswitch.conf /etc/nsswitch.conf
 # KERBEROS
 apt install -y krb5-user libpam-krb5 libsasl2-modules-gssapi-mit
 cp .drone/krb5.conf /etc/krb5.conf
 apt install -y netcat-openbsd
-
+auth_setup phosphoric-acid
 sync_with auth1
 rm -f /etc/krb5.keytab
 cat <<EOF | kadmin -p sysadmin/admin
 krb5
 addprinc -randkey host/phosphoric-acid.csclub.internal
 ktadd host/phosphoric-acid.csclub.internal
 addprinc -randkey ceod/phosphoric-acid.csclub.internal
 ktadd ceod/phosphoric-acid.csclub.internal
 addprinc -randkey ceod/admin
 ktadd ceod/admin
 EOF
 service nslcd start
 sync_with coffee
 if [ -z "$CI" ]; then
    sync_with mail
 fi
 # initialize the skel directory
 shopt -s dotglob
@ -62,6 +29,8 @@ for user in ctdalek regular1 exec1; do
    chown $user:$user /users/$user
 done
 sync_with coffee
 if [ -z "$CI" ]; then
    sync_with mail
    sleep infinity
 fi