add nslcd for mail and coffee
continuous-integration/drone/pr Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
This commit is contained in:
parent
1eeb5bc10b
commit
f72c6665f9
|
@ -64,6 +64,7 @@ cat <<EOF | kadmin.local
|
|||
addpol -minlength 4 default
|
||||
addprinc -pw krb5 sysadmin/admin
|
||||
addprinc -pw krb5 ctdalek
|
||||
addprinc -pw krb5 exec1
|
||||
addprinc -pw krb5 regular1
|
||||
addprinc -randkey host/auth1.csclub.internal
|
||||
addprinc -randkey ldap/auth1.csclub.internal
|
||||
|
@ -82,14 +83,22 @@ EOF
|
|||
sed -E -i 's/^START=.*$/START=yes/' /etc/default/saslauthd
|
||||
sed -E -i 's/^MECHANISMS=.*$/MECHANISMS="kerberos5"/' /etc/default/saslauthd
|
||||
service saslauthd start
|
||||
killall slapd && sleep 0.5 && service slapd start
|
||||
while true; do
|
||||
killall slapd
|
||||
sleep 1
|
||||
if service slapd start; then
|
||||
break
|
||||
fi
|
||||
done
|
||||
|
||||
# sync with phosphoric-acid
|
||||
apt install -y netcat-openbsd
|
||||
# sync with phosphoric-acid
|
||||
nc -l 0.0.0.0 9000
|
||||
if [ -z "$CI" ]; then
|
||||
# sync with mail
|
||||
# sync with coffee
|
||||
nc -l 0.0.0.0 9001
|
||||
# sync with mail
|
||||
nc -l 0.0.0.0 9002
|
||||
fi
|
||||
|
||||
sleep infinity
|
||||
|
|
|
@ -6,12 +6,14 @@ set -ex
|
|||
|
||||
# set FQDN in /etc/hosts
|
||||
add_fqdn_to_hosts $(get_ip_addr $(hostname)) coffee
|
||||
add_fqdn_to_hosts $(get_ip_addr auth1) auth1
|
||||
|
||||
export DEBIAN_FRONTEND=noninteractive
|
||||
apt update
|
||||
|
||||
apt install --no-install-recommends -y default-mysql-server postgresql
|
||||
|
||||
# MYSQL
|
||||
service mysql stop
|
||||
sed -E -i 's/^(bind-address[[:space:]]+= 127.0.0.1)$/#\1/' /etc/mysql/mariadb.conf.d/50-server.cnf
|
||||
service mysql start
|
||||
|
@ -20,6 +22,7 @@ CREATE USER 'mysql' IDENTIFIED BY 'mysql';
|
|||
GRANT ALL PRIVILEGES ON *.* TO 'mysql' WITH GRANT OPTION;
|
||||
EOF
|
||||
|
||||
# POSTGRESQL
|
||||
service postgresql stop
|
||||
POSTGRES_DIR=/etc/postgresql/11/main
|
||||
cat <<EOF > $POSTGRES_DIR/pg_hba.conf
|
||||
|
@ -43,8 +46,10 @@ REVOKE ALL ON SCHEMA public FROM public;
|
|||
GRANT ALL ON SCHEMA public TO postgres;
|
||||
EOF" postgres
|
||||
|
||||
# sync with phosphoric-acid
|
||||
apt install -y netcat-openbsd
|
||||
auth_setup coffee
|
||||
|
||||
# sync with phosphoric-acid
|
||||
nc -l 0.0.0.0 9000
|
||||
|
||||
sleep infinity
|
||||
|
|
|
@ -33,3 +33,45 @@ sync_with() {
|
|||
done
|
||||
test $synced = true
|
||||
}
|
||||
|
||||
auth_setup() {
|
||||
hostname=$1
|
||||
|
||||
# LDAP
|
||||
apt install -y --no-install-recommends libnss-ldapd
|
||||
service nslcd stop || true
|
||||
cp .drone/ldap.conf /etc/ldap/ldap.conf
|
||||
grep -Eq '^map group member uniqueMember$' /etc/nslcd.conf || \
|
||||
echo 'map group member uniqueMember' >> /etc/nslcd.conf
|
||||
sed -E -i 's/^uri .*$/uri ldap:\/\/auth1.csclub.internal/' /etc/nslcd.conf
|
||||
sed -E -i 's/^base .*$/base dc=csclub,dc=internal/' /etc/nslcd.conf
|
||||
cp .drone/nsswitch.conf /etc/nsswitch.conf
|
||||
|
||||
# KERBEROS
|
||||
apt install -y krb5-user libpam-krb5 libsasl2-modules-gssapi-mit
|
||||
cp .drone/krb5.conf /etc/krb5.conf
|
||||
|
||||
if [ $hostname = phosphoric-acid ]; then
|
||||
sync_port=9000
|
||||
elif [ $hostname = coffee ]; then
|
||||
sync_port=9001
|
||||
else
|
||||
sync_port=9002
|
||||
fi
|
||||
sync_with auth1 $sync_port
|
||||
|
||||
rm -f /etc/krb5.keytab
|
||||
cat <<EOF | kadmin -p sysadmin/admin -w krb5
|
||||
addprinc -randkey host/$hostname.csclub.internal
|
||||
ktadd host/$hostname.csclub.internal
|
||||
addprinc -randkey ceod/$hostname.csclub.internal
|
||||
ktadd ceod/$hostname.csclub.internal
|
||||
EOF
|
||||
if [ $hostname = phosphoric-acid ]; then
|
||||
cat <<EOF | kadmin -p sysadmin/admin -w krb5
|
||||
addprinc -randkey ceod/admin
|
||||
ktadd ceod/admin
|
||||
EOF
|
||||
fi
|
||||
service nslcd start
|
||||
}
|
||||
|
|
|
@ -12,23 +12,10 @@ add_fqdn_to_hosts $(get_ip_addr auth1) auth1
|
|||
python tests/MockMailmanServer.py &
|
||||
python tests/MockSMTPServer.py &
|
||||
|
||||
# KERBEROS
|
||||
export DEBIAN_FRONTEND=noninteractive
|
||||
apt update
|
||||
apt install -y krb5-user netcat-openbsd
|
||||
cp .drone/krb5.conf /etc/krb5.conf
|
||||
|
||||
# sync with auth1
|
||||
sync_with auth1 9001
|
||||
|
||||
rm -f /etc/krb5.keytab
|
||||
cat <<EOF | kadmin -p sysadmin/admin
|
||||
krb5
|
||||
addprinc -randkey host/mail.csclub.internal
|
||||
ktadd host/mail.csclub.internal
|
||||
addprinc -randkey ceod/mail.csclub.internal
|
||||
ktadd ceod/mail.csclub.internal
|
||||
EOF
|
||||
apt install -y netcat-openbsd
|
||||
auth_setup mail
|
||||
|
||||
# sync with phosphoric-acid
|
||||
nc -l 0.0.0.0 9000
|
||||
|
|
|
@ -15,41 +15,8 @@ fi
|
|||
|
||||
export DEBIAN_FRONTEND=noninteractive
|
||||
apt update
|
||||
|
||||
# LDAP
|
||||
apt install -y --no-install-recommends libnss-ldapd
|
||||
service nslcd stop || true
|
||||
cp .drone/ldap.conf /etc/ldap/ldap.conf
|
||||
grep -Eq '^map group member uniqueMember$' /etc/nslcd.conf || \
|
||||
echo 'map group member uniqueMember' >> /etc/nslcd.conf
|
||||
sed -E -i 's/^uri .*$/uri ldap:\/\/auth1.csclub.internal/' /etc/nslcd.conf
|
||||
sed -E -i 's/^base .*$/base dc=csclub,dc=internal/' /etc/nslcd.conf
|
||||
cp .drone/nsswitch.conf /etc/nsswitch.conf
|
||||
|
||||
# KERBEROS
|
||||
apt install -y krb5-user libpam-krb5 libsasl2-modules-gssapi-mit
|
||||
cp .drone/krb5.conf /etc/krb5.conf
|
||||
|
||||
apt install -y netcat-openbsd
|
||||
|
||||
sync_with auth1
|
||||
|
||||
rm -f /etc/krb5.keytab
|
||||
cat <<EOF | kadmin -p sysadmin/admin
|
||||
krb5
|
||||
addprinc -randkey host/phosphoric-acid.csclub.internal
|
||||
ktadd host/phosphoric-acid.csclub.internal
|
||||
addprinc -randkey ceod/phosphoric-acid.csclub.internal
|
||||
ktadd ceod/phosphoric-acid.csclub.internal
|
||||
addprinc -randkey ceod/admin
|
||||
ktadd ceod/admin
|
||||
EOF
|
||||
service nslcd start
|
||||
|
||||
sync_with coffee
|
||||
if [ -z "$CI" ]; then
|
||||
sync_with mail
|
||||
fi
|
||||
auth_setup phosphoric-acid
|
||||
|
||||
# initialize the skel directory
|
||||
shopt -s dotglob
|
||||
|
@ -62,6 +29,8 @@ for user in ctdalek regular1 exec1; do
|
|||
chown $user:$user /users/$user
|
||||
done
|
||||
|
||||
sync_with coffee
|
||||
if [ -z "$CI" ]; then
|
||||
sync_with mail
|
||||
sleep infinity
|
||||
fi
|
||||
|
|
Loading…
Reference in New Issue