From 45a5328ed934dc4b718e9eceb18ce13c7ccafbde Mon Sep 17 00:00:00 2001 From: B Stack Date: Wed, 11 Mar 2020 17:11:31 -0400 Subject: initial commit --- src/Makefile | 67 +++++++++++++++++++++++++++ src/usr/sbin/freeipa-helper-post-install | 26 +++++++++++ src/usr/sbin/systemctl | 9 ++++ src/usr/share/doc/freeipa-helper/README.md | 72 ++++++++++++++++++++++++++++++ 4 files changed, 174 insertions(+) create mode 100644 src/Makefile create mode 100755 src/usr/sbin/freeipa-helper-post-install create mode 100755 src/usr/sbin/systemctl create mode 100644 src/usr/share/doc/freeipa-helper/README.md (limited to 'src') diff --git a/src/Makefile b/src/Makefile new file mode 100644 index 0000000..44bdc0d --- /dev/null +++ b/src/Makefile @@ -0,0 +1,67 @@ +# File: Makefile for freeipa-helper +# Location: freeipa-helper source package +# Author: bgstack15 +# Startdate: 2020-03-11 +# Title: Makefile for freeipa-helper source package +# Purpose: To use traditional Unix make utility +# History: +# Usage: +# Reference: +# bgscripts Makefile +# Improve: +# Document: +# Dependencies: + +APPNAME = freeipa-helper +APPVERSION = 0.0.1 +SRCDIR = $(CURDIR) +prefix = /usr +SYSCONFDIR = $(DESTDIR)/etc +BINDIR = $(DESTDIR)$(prefix)/bin +BINDIR1 = $(DESTDIR)/bin +SBINDIR = $(DESTDIR)$(prefix)/sbin +SHAREDIR = $(DESTDIR)$(prefix)/share +DOCDIR = $(SHAREDIR)/doc/$(APPNAME) +APPDIR = $(SHAREDIR)/$(APPNAME) + +awkbin :=$(shell which awk) +cpbin :=$(shell which cp) +echobin :=$(shell which echo) +findbin :=$(shell which find) +grepbin :=$(shell which grep) +installbin :=$(shell which install) +rmbin :=$(shell which rm) +sedbin :=$(shell which sed) +sortbin :=$(shell which sort) +truebin :=$(shell which true) +lnbin :=$(shell which ln) + +all: + ${echobin} "No compilation in this package." + +.PHONY: clean install uninstall list + +list: + @$(MAKE) -pRrq -f $(lastword $(MAKEFILE_LIST)) : 2>/dev/null | ${awkbin} -v RS= -F: '/^# File/,/^# Finished Make data base/ {if ($$1 !~ "^[#.]") {print $$1}}' | ${sortbin} | ${grepbin} -E -v -e '^[^[:alnum:]]' -e '^$@$$' + +install: + @${echobin} Installing files to ${DESTDIR} + ${installbin} -d ${SBINDIR} ${DOCDIR} ${BINDIR} ${BINDIR1} + ${installbin} -m 0755 -t ${SBINDIR} ${SRCDIR}/usr/sbin/* + test -L ${BINDIR1}/systemctl || ${lnbin} -s ${SBINDIR}/systemctl ${BINDIR1}/systemctl + test -L ${BINDIR}/hostnamectl || ${lnbin} -s ${SBINDIR}/systemctl ${BINDIR}/hostnamectl + test -L ${BINDIR}/systemd-detect-virt || ${lnbin} -s ${SBINDIR}/systemctl ${BINDIR}/systemd-detect-virt + +uninstall: + @${echobin} "#" SRCDIR=${SRCDIR} + ${rmbin} -f $$( ${findbin} ${SRCDIR} -mindepth 1 ! -type d -printf '%p\n' | ${sedbin} -r -e "s:^${SRCDIR}:${DESTDIR}:" ) + ${rmbin} ${BINDIR1}/systemctl || : + ${rmbin} ${BINDIR}/hostnamectl || : + ${rmbin} ${BINDIR}/systemd-detect-virt || : + + # remove all installed directories that are now blank. + rmdir ${BINDIR} ${BINDIR1} || : + for word in $$( ${findbin} ${SRCDIR} -mindepth 1 -type d -printf '%p\n' | ${sedbin} -r -e "s:^${SRCDIR}:${DESTDIR}:" | ${awkbin} '{ print length, $$0 }' | sort -rn | ${awkbin} '{print $$2}' ) ; do ${findbin} $${word} -mindepth 1 1>/dev/null 2>&1 | read 1>/dev/null 2>&1 || { rmdir "$${word}" 2>/dev/null || ${truebin} ; } ; done + +clean: + -${echobin} "target $@ not implemented yet! Gotta say unh." diff --git a/src/usr/sbin/freeipa-helper-post-install b/src/usr/sbin/freeipa-helper-post-install new file mode 100755 index 0000000..e9b61b2 --- /dev/null +++ b/src/usr/sbin/freeipa-helper-post-install @@ -0,0 +1,26 @@ +#!/bin/sh +# File: /usr/sbin/freeipa-helper-post-install +# License: CC-BY-SA 4.0 +# Author: bgstack15 +# Startdate: 2020-03-11 +# Title: Script for configuring system after ipa-client-install on non-RH-like systems +# Purpose: Turn my configs into a one-liner +# History: +# 2020-03-11 contents ripped entirely from devuan.txt +# Usage: +# sudo freeipa-helper-post-install +# References: +# /mnt/public/Support/Platforms/devuan/devuan.txt +# Improve: +# Dependencies: +# raw: /usr/share/bgconf/confs/kerberos/kerberos.sh +# devuan: bgconf +# el7: bgconf + +# add pam_mkhomedir +tf=/etc/pam.d/common-session ; ! grep -q 'mkhomedir' "${tf}" && { thisline="$(( $( grep -nE 'session\s+optional' "${tf}" | head -n1 | awk -F':' '{print $1}' ) - 0 ))" ; awk -v thisline="$thisline" 'NR == (thisline) {print "session optional pam_mkhomedir.so"; } {print;}' "${tf}" > "${tf}.2" ; test -f "${tf}.2" && mv "${tf}.2" "${tf}" ; } +# set dns_canonicalize_hostname = true +sudo updateval -a /etc/krb5.conf -s '[libdefaults]' '^(\s*dns_canonicalize_hostname\s*=\s*).*' ' dns_canonicalize_hostname = true' +test -e /usr/share/bgconf/confs/kerberos/kerberos.sh && sudo sh /usr/share/bgconf/confs/kerberos/kerberos.sh +service sssd stop ; service sssd start +service ssh stop ; service ssh start diff --git a/src/usr/sbin/systemctl b/src/usr/sbin/systemctl new file mode 100755 index 0000000..d1b091d --- /dev/null +++ b/src/usr/sbin/systemctl @@ -0,0 +1,9 @@ +#!/bin/sh +# Dependencies: +# raw: lecho +# devuan: bgscripts-core +{ + LOGFILE=/var/log/systemctl.log + lecho "${0} ${*}" >> "${LOGFILE}" +} 2>/dev/null +: diff --git a/src/usr/share/doc/freeipa-helper/README.md b/src/usr/share/doc/freeipa-helper/README.md new file mode 100644 index 0000000..70b3417 --- /dev/null +++ b/src/usr/share/doc/freeipa-helper/README.md @@ -0,0 +1,72 @@ +# README for freeipa-helper +## Introduction +This is a set of scripts that facilitates installing FreeIPA client on systems that are not 100% Red Hat-like. The biggest issue is the lack of systemctl, which is hardcoded into the freeipa commands. After 5 minutes of starting to hack that codebase, I gave up. I'll lie to it instead. + +## How to use +Install freeipa-helper package in addition to the regular freeipa-client, which takes some [special work](https://bgstack15.wordpress.com/2019/10/07/devuan-join-freeipa-domain/). See heading "Related packages" for additional requirements. + +## More details +Using a simple script that captures all invocations of the affected commands, here is what the author captured: + + /bin/systemctl stop certmonger.service + /bin/systemctl disable certmonger.service + /bin/systemctl stop oddjobd.service + /bin/systemctl disable oddjobd.service + /bin/systemctl stop sssd.service + /bin/systemctl disable sssd.service + /usr/bin/hostnamectl set-hostname d2-04a + /bin/systemctl list-unit-files --full + /bin/systemctl list-unit-files --full + /bin/systemctl stop chronyd.service + /bin/systemctl disable chronyd.service + /usr/bin/hostnamectl set-hostname d2-04a.ipa.smith122.com + /bin/systemctl is-enabled chronyd.service + /bin/systemctl enable chronyd.service + /bin/systemctl restart chronyd.service + /bin/systemctl is-active chronyd.service + /usr/bin/systemd-detect-virt --container + /usr/bin/systemd-detect-virt --container + /bin/systemctl try-restart certmonger.service + /bin/systemctl is-active certmonger.service + /bin/systemctl list-unit-files --full + /bin/systemctl list-unit-files --full + /bin/systemctl is-active oddjobd.service + /bin/systemctl is-enabled oddjobd.service + /bin/systemctl restart sssd.service + /bin/systemctl is-active sssd.service + /bin/systemctl enable sssd.service + /bin/systemctl is-active sshd.service + /bin/systemctl restart sshd.service + /bin/systemctl is-active sshd.service + +So most of this is easily [translatable](https://gitlab.com/bgstack15/systemdtl) to real service commands. Unfortunately, chrony on devuan is flaky and never returns from an `update-rc.d chrony enable` so I gave up on that too. + +Instead, we are going to just exit 0 on every invocation, while logging. + + { + LOGFILE=/var/log/systemctl.log + lecho "${0} ${*}" >> "${LOGFILE}" + } 2>/dev/null + : + +## Alternatives +Use a distro with systemd which is almost a requirement for installing freeipa. +[https://gitlab.com/bgstack15/systemdtl](https://gitlab.com/bgstack15/systemdtl) is another project that attempts to satisfy ipa-client-install. + +## License +[CC-BY-SA 4.0](https://choosealicense.com/licenses/cc-by-sa-4.0/) + +## Description +Some scripts that sit on the filesystem exactly where ipa-client-install wants to find systemd-related commands. Use at your own risk! + +## Upsides +Facilitates joining Devuan systems to a FreeIPA domain. + +## Downsides +Has the potential to cause errors because the commands do not ever return failure. They just say "yes" to ipa-client-install, basically, which is probably not what it wants to hear every single time. + +## Dependencies +Merely for the logging output: bgscripts [source](https://gitlab.com/bgstack15/bgscripts/) [deb](https://build.opensuse.org/package/show/home:bgstack15/bgscripts) [rpm](https://copr.fedorainfracloud.org/coprs/bgstack15/stackrpms/package/bgscripts/) + +## Related packages +[oddjob-mkhomedir](https://build.opensuse.org/package/show/home:bgstack15/oddjob-mkhomedir) is required for freeipa-client on Devuan. -- cgit