# don't resolve container names to *real* CSC machines sed -E '/^(domain|search)[[:space:]]+csclub.uwaterloo.ca/d' /etc/resolv.conf > /tmp/resolv.conf cp /tmp/resolv.conf /etc/resolv.conf rm /tmp/resolv.conf get_ip_addr() { getent hosts $1 | cut -d' ' -f1 } add_fqdn_to_hosts() { ip_addr=$1 hostname=$2 sed -E "/${ip_addr}.*\\b${hostname}\\b/d" /etc/hosts > /tmp/hosts cp /tmp/hosts /etc/hosts rm /tmp/hosts echo "$ip_addr $hostname.csclub.internal $hostname" >> /etc/hosts } sync_with() { host=$1 port=9000 if [ $# -eq 2 ]; then port=$2 fi synced=false # give it 5 minutes for i in {1..60}; do if nc -vz $host $port ; then synced=true break fi sleep 5 done test $synced = true } auth_setup() { hostname=$1 # LDAP apt install -y --no-install-recommends libnss-ldapd service nslcd stop || true cp .drone/ldap.conf /etc/ldap/ldap.conf grep -Eq '^map group member uniqueMember$' /etc/nslcd.conf || \ echo 'map group member uniqueMember' >> /etc/nslcd.conf sed -E -i 's/^uri .*$/uri ldap:\/\/auth1.csclub.internal/' /etc/nslcd.conf sed -E -i 's/^base .*$/base dc=csclub,dc=internal/' /etc/nslcd.conf cp .drone/nsswitch.conf /etc/nsswitch.conf # KERBEROS apt install -y krb5-user libpam-krb5 libsasl2-modules-gssapi-mit cp .drone/krb5.conf /etc/krb5.conf if [ $hostname = phosphoric-acid ]; then sync_port=9000 elif [ $hostname = coffee ]; then sync_port=9001 else sync_port=9002 fi sync_with auth1 $sync_port rm -f /etc/krb5.keytab cat <