[debian-edu-commits] [Git][debian-edu/debian-edu-config][master] 3 commits: Improve share/debian-edu-config/tools/gosa-remove-host
WolfgangSchweer
gitlab at salsa.debian.org
Wed Oct 3 10:33:52 BST 2018
WolfgangSchweer pushed to branch master at Debian Edu / debian-edu-config
Commits:
2ecd4188 by Wolfgang Schweer at 2018-10-03T09:26:30Z
Improve share/debian-edu-config/tools/gosa-remove-host
Make host principals and keytab file removal conditional; this is needed
in case a system accidentally added via sitesummary2ldapdhcp is removed
without any modification applied.
- - - - -
c9170b34 by Wolfgang Schweer at 2018-10-03T09:28:43Z
Improve share/debian-edu-config/tools/gosa-modify-host:
Also create nfs principal for the modified host.
Remove leftover principals and keytab file belonging to modified host.
Add logging statement.
- - - - -
da2b93fb by Wolfgang Schweer at 2018-10-03T09:30:36Z
Document gosa-{remove,modify}-host script changes.
- - - - -
3 changed files:
- debian/changelog
- share/debian-edu-config/tools/gosa-modify-host
- share/debian-edu-config/tools/gosa-remove-host
Changes:
=====================================
debian/changelog
=====================================
@@ -5,6 +5,15 @@ debian-edu-config (2.10.39) UNRELEASED; urgency=medium
* cf3/cf.grub: Adjust configuration for systems with profile 'Minimal'. Keep
legacy interface names to ensure easier configuration as a gateway; don't
run 'plymouth-set-default-theme', plymouth isn't used on a minimal system.
+ * Improve scripts needed for kerberized NFS.
+ - share/debian-edu-config/tools/gosa-remove-host:
+ + Make host principals and keytab file removal conditional; this is needed
+ in case a system accidentally added via sitesummary2ldapdhcp is removed
+ without any modification applied.
+ - share/debian-edu-config/tools/gosa-modify-host:
+ + Also create nfs principal for the modified host.
+ + Remove leftover principals and keytab file belonging to modified host.
+ + Add logging statement.
-- Wolfgang Schweer <wschweer at arcor.de> Sun, 30 Sep 2018 23:35:05 +0200
=====================================
share/debian-edu-config/tools/gosa-modify-host
=====================================
@@ -10,7 +10,22 @@ HOST="$1"
/usr/share/debian-edu-config/tools/gosa-create-host $HOST
kadmin.local -q "add_principal -policy hosts -randkey host/$HOST.intern"
kadmin.local -q "ktadd -k /etc/debian-edu/host-keytabs/$HOST.intern.keytab host/$HOST.intern"
+kadmin.local -q "add_principal -policy hosts -randkey nfs/$HOST.intern"
+kadmin.local -q "ktadd -k /etc/debian-edu/host-keytabs/$HOST.intern.keytab nfs/$HOST.intern"
+logger -t gosa-modify-host -p notice Krb5 keytab file for \'$HOST\' created.
+
# update services:
/usr/share/debian-edu-config/tools/gosa-sync-dns-nfs
+# cleanup from leftover host principals and keytab file:
+for i in $(basename -a /etc/debian-edu/host-keytabs/* | sed 's#.intern.keytab##') ; do
+ if slapcat | grep $i | grep -q dhcp ; then
+ :
+ else
+ kadmin.local delprinc host/$i.intern at INTERN
+ kadmin.local delprinc nfs/$i.intern at INTERN
+ rm /etc/debian-edu/host-keytabs/$i.intern.keytab
+ fi
+done
+
exit 0
=====================================
share/debian-edu-config/tools/gosa-remove-host
=====================================
@@ -12,10 +12,12 @@ set -ex
HOST="$1"
## delete host's nfs principal and keytab file;
-for i in $(kadmin.local listprincs | grep $HOST) ; do
- kadmin.local delprinc $i
+if $(kadmin.local listprincs | grep -q $HOST) ; then
+ for i in $(kadmin.local listprincs | grep $HOST) ; do
+ kadmin.local delprinc $i
done
-rm /etc/debian-edu/host-keytabs/$(ls -l /etc/debian-edu/host-keytabs | grep $HOST | awk '{print $9}')
+ rm /etc/debian-edu/host-keytabs/$(ls -l /etc/debian-edu/host-keytabs | grep $HOST | awk '{print $9}')
+fi
#
# update services:
View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/compare/56dbd3a5aaba7b60088717bafcfa13f13d49de85...da2b93fbb90aaf4d1e66cadc84f1dd4f9dcac298
--
View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/compare/56dbd3a5aaba7b60088717bafcfa13f13d49de85...da2b93fbb90aaf4d1e66cadc84f1dd4f9dcac298
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-edu-commits/attachments/20181003/d377c52f/attachment-0001.html>
More information about the debian-edu-commits
mailing list