From 45a5328ed934dc4b718e9eceb18ce13c7ccafbde Mon Sep 17 00:00:00 2001 From: B Stack Date: Wed, 11 Mar 2020 17:11:31 -0400 Subject: initial commit --- src/usr/sbin/freeipa-helper-post-install | 26 +++++++++++ src/usr/sbin/systemctl | 9 ++++ src/usr/share/doc/freeipa-helper/README.md | 72 ++++++++++++++++++++++++++++++ 3 files changed, 107 insertions(+) create mode 100755 src/usr/sbin/freeipa-helper-post-install create mode 100755 src/usr/sbin/systemctl create mode 100644 src/usr/share/doc/freeipa-helper/README.md (limited to 'src/usr') diff --git a/src/usr/sbin/freeipa-helper-post-install b/src/usr/sbin/freeipa-helper-post-install new file mode 100755 index 0000000..e9b61b2 --- /dev/null +++ b/src/usr/sbin/freeipa-helper-post-install @@ -0,0 +1,26 @@ +#!/bin/sh +# File: /usr/sbin/freeipa-helper-post-install +# License: CC-BY-SA 4.0 +# Author: bgstack15 +# Startdate: 2020-03-11 +# Title: Script for configuring system after ipa-client-install on non-RH-like systems +# Purpose: Turn my configs into a one-liner +# History: +# 2020-03-11 contents ripped entirely from devuan.txt +# Usage: +# sudo freeipa-helper-post-install +# References: +# /mnt/public/Support/Platforms/devuan/devuan.txt +# Improve: +# Dependencies: +# raw: /usr/share/bgconf/confs/kerberos/kerberos.sh +# devuan: bgconf +# el7: bgconf + +# add pam_mkhomedir +tf=/etc/pam.d/common-session ; ! grep -q 'mkhomedir' "${tf}" && { thisline="$(( $( grep -nE 'session\s+optional' "${tf}" | head -n1 | awk -F':' '{print $1}' ) - 0 ))" ; awk -v thisline="$thisline" 'NR == (thisline) {print "session optional pam_mkhomedir.so"; } {print;}' "${tf}" > "${tf}.2" ; test -f "${tf}.2" && mv "${tf}.2" "${tf}" ; } +# set dns_canonicalize_hostname = true +sudo updateval -a /etc/krb5.conf -s '[libdefaults]' '^(\s*dns_canonicalize_hostname\s*=\s*).*' ' dns_canonicalize_hostname = true' +test -e /usr/share/bgconf/confs/kerberos/kerberos.sh && sudo sh /usr/share/bgconf/confs/kerberos/kerberos.sh +service sssd stop ; service sssd start +service ssh stop ; service ssh start diff --git a/src/usr/sbin/systemctl b/src/usr/sbin/systemctl new file mode 100755 index 0000000..d1b091d --- /dev/null +++ b/src/usr/sbin/systemctl @@ -0,0 +1,9 @@ +#!/bin/sh +# Dependencies: +# raw: lecho +# devuan: bgscripts-core +{ + LOGFILE=/var/log/systemctl.log + lecho "${0} ${*}" >> "${LOGFILE}" +} 2>/dev/null +: diff --git a/src/usr/share/doc/freeipa-helper/README.md b/src/usr/share/doc/freeipa-helper/README.md new file mode 100644 index 0000000..70b3417 --- /dev/null +++ b/src/usr/share/doc/freeipa-helper/README.md @@ -0,0 +1,72 @@ +# README for freeipa-helper +## Introduction +This is a set of scripts that facilitates installing FreeIPA client on systems that are not 100% Red Hat-like. The biggest issue is the lack of systemctl, which is hardcoded into the freeipa commands. After 5 minutes of starting to hack that codebase, I gave up. I'll lie to it instead. + +## How to use +Install freeipa-helper package in addition to the regular freeipa-client, which takes some [special work](https://bgstack15.wordpress.com/2019/10/07/devuan-join-freeipa-domain/). See heading "Related packages" for additional requirements. + +## More details +Using a simple script that captures all invocations of the affected commands, here is what the author captured: + + /bin/systemctl stop certmonger.service + /bin/systemctl disable certmonger.service + /bin/systemctl stop oddjobd.service + /bin/systemctl disable oddjobd.service + /bin/systemctl stop sssd.service + /bin/systemctl disable sssd.service + /usr/bin/hostnamectl set-hostname d2-04a + /bin/systemctl list-unit-files --full + /bin/systemctl list-unit-files --full + /bin/systemctl stop chronyd.service + /bin/systemctl disable chronyd.service + /usr/bin/hostnamectl set-hostname d2-04a.ipa.smith122.com + /bin/systemctl is-enabled chronyd.service + /bin/systemctl enable chronyd.service + /bin/systemctl restart chronyd.service + /bin/systemctl is-active chronyd.service + /usr/bin/systemd-detect-virt --container + /usr/bin/systemd-detect-virt --container + /bin/systemctl try-restart certmonger.service + /bin/systemctl is-active certmonger.service + /bin/systemctl list-unit-files --full + /bin/systemctl list-unit-files --full + /bin/systemctl is-active oddjobd.service + /bin/systemctl is-enabled oddjobd.service + /bin/systemctl restart sssd.service + /bin/systemctl is-active sssd.service + /bin/systemctl enable sssd.service + /bin/systemctl is-active sshd.service + /bin/systemctl restart sshd.service + /bin/systemctl is-active sshd.service + +So most of this is easily [translatable](https://gitlab.com/bgstack15/systemdtl) to real service commands. Unfortunately, chrony on devuan is flaky and never returns from an `update-rc.d chrony enable` so I gave up on that too. + +Instead, we are going to just exit 0 on every invocation, while logging. + + { + LOGFILE=/var/log/systemctl.log + lecho "${0} ${*}" >> "${LOGFILE}" + } 2>/dev/null + : + +## Alternatives +Use a distro with systemd which is almost a requirement for installing freeipa. +[https://gitlab.com/bgstack15/systemdtl](https://gitlab.com/bgstack15/systemdtl) is another project that attempts to satisfy ipa-client-install. + +## License +[CC-BY-SA 4.0](https://choosealicense.com/licenses/cc-by-sa-4.0/) + +## Description +Some scripts that sit on the filesystem exactly where ipa-client-install wants to find systemd-related commands. Use at your own risk! + +## Upsides +Facilitates joining Devuan systems to a FreeIPA domain. + +## Downsides +Has the potential to cause errors because the commands do not ever return failure. They just say "yes" to ipa-client-install, basically, which is probably not what it wants to hear every single time. + +## Dependencies +Merely for the logging output: bgscripts [source](https://gitlab.com/bgstack15/bgscripts/) [deb](https://build.opensuse.org/package/show/home:bgstack15/bgscripts) [rpm](https://copr.fedorainfracloud.org/coprs/bgstack15/stackrpms/package/bgscripts/) + +## Related packages +[oddjob-mkhomedir](https://build.opensuse.org/package/show/home:bgstack15/oddjob-mkhomedir) is required for freeipa-client on Devuan. -- cgit