aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorB Stack <bgstack15@gmail.com>2020-03-11 17:11:31 -0400
committerB Stack <bgstack15@gmail.com>2020-03-11 17:11:31 -0400
commit45a5328ed934dc4b718e9eceb18ce13c7ccafbde (patch)
treed520495a382185340834bd44c45a2ce9a386eda0
downloadfreeipa-helper-45a5328ed934dc4b718e9eceb18ce13c7ccafbde.tar.gz
freeipa-helper-45a5328ed934dc4b718e9eceb18ce13c7ccafbde.tar.bz2
freeipa-helper-45a5328ed934dc4b718e9eceb18ce13c7ccafbde.zip
initial commit
-rw-r--r--README.md2
-rw-r--r--src/Makefile67
-rwxr-xr-xsrc/usr/sbin/freeipa-helper-post-install26
-rwxr-xr-xsrc/usr/sbin/systemctl9
-rw-r--r--src/usr/share/doc/freeipa-helper/README.md72
5 files changed, 176 insertions, 0 deletions
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..11ab72a
--- /dev/null
+++ b/README.md
@@ -0,0 +1,2 @@
+# Overview for freeipa-helper
+See the [full readme](src/usr/share/doc/freeipa-helper/README.md) farther down in the source tree.
diff --git a/src/Makefile b/src/Makefile
new file mode 100644
index 0000000..44bdc0d
--- /dev/null
+++ b/src/Makefile
@@ -0,0 +1,67 @@
+# File: Makefile for freeipa-helper
+# Location: freeipa-helper source package
+# Author: bgstack15
+# Startdate: 2020-03-11
+# Title: Makefile for freeipa-helper source package
+# Purpose: To use traditional Unix make utility
+# History:
+# Usage:
+# Reference:
+# bgscripts Makefile
+# Improve:
+# Document:
+# Dependencies:
+
+APPNAME = freeipa-helper
+APPVERSION = 0.0.1
+SRCDIR = $(CURDIR)
+prefix = /usr
+SYSCONFDIR = $(DESTDIR)/etc
+BINDIR = $(DESTDIR)$(prefix)/bin
+BINDIR1 = $(DESTDIR)/bin
+SBINDIR = $(DESTDIR)$(prefix)/sbin
+SHAREDIR = $(DESTDIR)$(prefix)/share
+DOCDIR = $(SHAREDIR)/doc/$(APPNAME)
+APPDIR = $(SHAREDIR)/$(APPNAME)
+
+awkbin :=$(shell which awk)
+cpbin :=$(shell which cp)
+echobin :=$(shell which echo)
+findbin :=$(shell which find)
+grepbin :=$(shell which grep)
+installbin :=$(shell which install)
+rmbin :=$(shell which rm)
+sedbin :=$(shell which sed)
+sortbin :=$(shell which sort)
+truebin :=$(shell which true)
+lnbin :=$(shell which ln)
+
+all:
+ ${echobin} "No compilation in this package."
+
+.PHONY: clean install uninstall list
+
+list:
+ @$(MAKE) -pRrq -f $(lastword $(MAKEFILE_LIST)) : 2>/dev/null | ${awkbin} -v RS= -F: '/^# File/,/^# Finished Make data base/ {if ($$1 !~ "^[#.]") {print $$1}}' | ${sortbin} | ${grepbin} -E -v -e '^[^[:alnum:]]' -e '^$@$$'
+
+install:
+ @${echobin} Installing files to ${DESTDIR}
+ ${installbin} -d ${SBINDIR} ${DOCDIR} ${BINDIR} ${BINDIR1}
+ ${installbin} -m 0755 -t ${SBINDIR} ${SRCDIR}/usr/sbin/*
+ test -L ${BINDIR1}/systemctl || ${lnbin} -s ${SBINDIR}/systemctl ${BINDIR1}/systemctl
+ test -L ${BINDIR}/hostnamectl || ${lnbin} -s ${SBINDIR}/systemctl ${BINDIR}/hostnamectl
+ test -L ${BINDIR}/systemd-detect-virt || ${lnbin} -s ${SBINDIR}/systemctl ${BINDIR}/systemd-detect-virt
+
+uninstall:
+ @${echobin} "#" SRCDIR=${SRCDIR}
+ ${rmbin} -f $$( ${findbin} ${SRCDIR} -mindepth 1 ! -type d -printf '%p\n' | ${sedbin} -r -e "s:^${SRCDIR}:${DESTDIR}:" )
+ ${rmbin} ${BINDIR1}/systemctl || :
+ ${rmbin} ${BINDIR}/hostnamectl || :
+ ${rmbin} ${BINDIR}/systemd-detect-virt || :
+
+ # remove all installed directories that are now blank.
+ rmdir ${BINDIR} ${BINDIR1} || :
+ for word in $$( ${findbin} ${SRCDIR} -mindepth 1 -type d -printf '%p\n' | ${sedbin} -r -e "s:^${SRCDIR}:${DESTDIR}:" | ${awkbin} '{ print length, $$0 }' | sort -rn | ${awkbin} '{print $$2}' ) ; do ${findbin} $${word} -mindepth 1 1>/dev/null 2>&1 | read 1>/dev/null 2>&1 || { rmdir "$${word}" 2>/dev/null || ${truebin} ; } ; done
+
+clean:
+ -${echobin} "target $@ not implemented yet! Gotta say unh."
diff --git a/src/usr/sbin/freeipa-helper-post-install b/src/usr/sbin/freeipa-helper-post-install
new file mode 100755
index 0000000..e9b61b2
--- /dev/null
+++ b/src/usr/sbin/freeipa-helper-post-install
@@ -0,0 +1,26 @@
+#!/bin/sh
+# File: /usr/sbin/freeipa-helper-post-install
+# License: CC-BY-SA 4.0
+# Author: bgstack15
+# Startdate: 2020-03-11
+# Title: Script for configuring system after ipa-client-install on non-RH-like systems
+# Purpose: Turn my configs into a one-liner
+# History:
+# 2020-03-11 contents ripped entirely from devuan.txt
+# Usage:
+# sudo freeipa-helper-post-install
+# References:
+# /mnt/public/Support/Platforms/devuan/devuan.txt
+# Improve:
+# Dependencies:
+# raw: /usr/share/bgconf/confs/kerberos/kerberos.sh
+# devuan: bgconf
+# el7: bgconf
+
+# add pam_mkhomedir
+tf=/etc/pam.d/common-session ; ! grep -q 'mkhomedir' "${tf}" && { thisline="$(( $( grep -nE 'session\s+optional' "${tf}" | head -n1 | awk -F':' '{print $1}' ) - 0 ))" ; awk -v thisline="$thisline" 'NR == (thisline) {print "session optional pam_mkhomedir.so"; } {print;}' "${tf}" > "${tf}.2" ; test -f "${tf}.2" && mv "${tf}.2" "${tf}" ; }
+# set dns_canonicalize_hostname = true
+sudo updateval -a /etc/krb5.conf -s '[libdefaults]' '^(\s*dns_canonicalize_hostname\s*=\s*).*' ' dns_canonicalize_hostname = true'
+test -e /usr/share/bgconf/confs/kerberos/kerberos.sh && sudo sh /usr/share/bgconf/confs/kerberos/kerberos.sh
+service sssd stop ; service sssd start
+service ssh stop ; service ssh start
diff --git a/src/usr/sbin/systemctl b/src/usr/sbin/systemctl
new file mode 100755
index 0000000..d1b091d
--- /dev/null
+++ b/src/usr/sbin/systemctl
@@ -0,0 +1,9 @@
+#!/bin/sh
+# Dependencies:
+# raw: lecho
+# devuan: bgscripts-core
+{
+ LOGFILE=/var/log/systemctl.log
+ lecho "${0} ${*}" >> "${LOGFILE}"
+} 2>/dev/null
+:
diff --git a/src/usr/share/doc/freeipa-helper/README.md b/src/usr/share/doc/freeipa-helper/README.md
new file mode 100644
index 0000000..70b3417
--- /dev/null
+++ b/src/usr/share/doc/freeipa-helper/README.md
@@ -0,0 +1,72 @@
+# README for freeipa-helper
+## Introduction
+This is a set of scripts that facilitates installing FreeIPA client on systems that are not 100% Red Hat-like. The biggest issue is the lack of systemctl, which is hardcoded into the freeipa commands. After 5 minutes of starting to hack that codebase, I gave up. I'll lie to it instead.
+
+## How to use
+Install freeipa-helper package in addition to the regular freeipa-client, which takes some [special work](https://bgstack15.wordpress.com/2019/10/07/devuan-join-freeipa-domain/). See heading "Related packages" for additional requirements.
+
+## More details
+Using a simple script that captures all invocations of the affected commands, here is what the author captured:
+
+ /bin/systemctl stop certmonger.service
+ /bin/systemctl disable certmonger.service
+ /bin/systemctl stop oddjobd.service
+ /bin/systemctl disable oddjobd.service
+ /bin/systemctl stop sssd.service
+ /bin/systemctl disable sssd.service
+ /usr/bin/hostnamectl set-hostname d2-04a
+ /bin/systemctl list-unit-files --full
+ /bin/systemctl list-unit-files --full
+ /bin/systemctl stop chronyd.service
+ /bin/systemctl disable chronyd.service
+ /usr/bin/hostnamectl set-hostname d2-04a.ipa.smith122.com
+ /bin/systemctl is-enabled chronyd.service
+ /bin/systemctl enable chronyd.service
+ /bin/systemctl restart chronyd.service
+ /bin/systemctl is-active chronyd.service
+ /usr/bin/systemd-detect-virt --container
+ /usr/bin/systemd-detect-virt --container
+ /bin/systemctl try-restart certmonger.service
+ /bin/systemctl is-active certmonger.service
+ /bin/systemctl list-unit-files --full
+ /bin/systemctl list-unit-files --full
+ /bin/systemctl is-active oddjobd.service
+ /bin/systemctl is-enabled oddjobd.service
+ /bin/systemctl restart sssd.service
+ /bin/systemctl is-active sssd.service
+ /bin/systemctl enable sssd.service
+ /bin/systemctl is-active sshd.service
+ /bin/systemctl restart sshd.service
+ /bin/systemctl is-active sshd.service
+
+So most of this is easily [translatable](https://gitlab.com/bgstack15/systemdtl) to real service commands. Unfortunately, chrony on devuan is flaky and never returns from an `update-rc.d chrony enable` so I gave up on that too.
+
+Instead, we are going to just exit 0 on every invocation, while logging.
+
+ {
+ LOGFILE=/var/log/systemctl.log
+ lecho "${0} ${*}" >> "${LOGFILE}"
+ } 2>/dev/null
+ :
+
+## Alternatives
+Use a distro with systemd which is almost a requirement for installing freeipa.
+[https://gitlab.com/bgstack15/systemdtl](https://gitlab.com/bgstack15/systemdtl) is another project that attempts to satisfy ipa-client-install.
+
+## License
+[CC-BY-SA 4.0](https://choosealicense.com/licenses/cc-by-sa-4.0/)
+
+## Description
+Some scripts that sit on the filesystem exactly where ipa-client-install wants to find systemd-related commands. Use at your own risk!
+
+## Upsides
+Facilitates joining Devuan systems to a FreeIPA domain.
+
+## Downsides
+Has the potential to cause errors because the commands do not ever return failure. They just say "yes" to ipa-client-install, basically, which is probably not what it wants to hear every single time.
+
+## Dependencies
+Merely for the logging output: bgscripts [source](https://gitlab.com/bgstack15/bgscripts/) [deb](https://build.opensuse.org/package/show/home:bgstack15/bgscripts) [rpm](https://copr.fedorainfracloud.org/coprs/bgstack15/stackrpms/package/bgscripts/)
+
+## Related packages
+[oddjob-mkhomedir](https://build.opensuse.org/package/show/home:bgstack15/oddjob-mkhomedir) is required for freeipa-client on Devuan.
bgstack15