HCoop / hcoop / zz_old / machine-template.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
postinstall/mccarthy: correct ln order
[hcoop/zz_old/machine-template.git] / mccarthy-postinstall.sh
... / ...
CommitLineData
1#!/bin/bash
2
3# FIXME BEFORE REINSTALLING Override /etc/adduser.conf to set
4# min_system_uid/gid to 110 to skip over domtool. We are going to kill
5# the domtool identity for domtool2 eventually, but...
6
7# Overriding in hcoop-common-config is sufficient, as long as fewer
8# than 8 packages requesting dynamically allocated system uids are
9# installed by d-i
10
11# Run on newly created node as a kerberos/afs admin with local sudo rights
12
13set -e
14set -v
15set -x
16
17# Misc postinst stuff
18# Unfortunately has to be run after the first reboot by an admin user
19
20# Domtool was created in pts with id #108, so we skip to 110 for
21# dynamically allocated UID/GIDs to avoid conflict until the domtool
22# pts user can be replaced.
23sudo su -c "cat /etc/adduser.conf | sed -e 's/^FIRST_SYSTEM_UID=.*/FIRST_SYSTEM_UID=110/' -e 's/^FIRST_SYSTEM_GID=.*/FIRST_SYSTEM_GID=110/' > /etc/adduser.conf.hcoop"
24sudo mv /etc/adduser.conf /etc/adduser.conf.hcoop-orig
25sudo ln -s /etc/adduser.conf.hcoop /etc/adduser.conf
26
27sudo apt-get install hcoop-admin-common-config
28
29# Extract host keytab
30sudo kadmin -p ${USER}@HCOOP.NET -r HCOOP.NET -q "ktadd -k /etc/krb5.keytab host/mccarthy.hcoop.net@HCOOP.NET"
31sudo chown root:root /etc/krb5.keytab
32sudo chmod go-rwx /etc/krb5.keytab
33
34# Sync initial set of keytabs
35sudo mkdir -p /etc/keytabs
36sudo mkdir -p /etc/keytabs/service
37
38(ssh fritz.hcoop.net cd /etc/keytabs \; sudo tar clpf - domtool hcoop | \
39 (cd /etc/keytabs; sudo tar xlpf -))
40
41# Web Server
42sudo kadmin -p ${USER}@HCOOP.NET -r HCOOP.NET -q "ktadd -k /etc/keytabs/service/apache apache2/mccarthy.hcoop.net@HCOOP.NET"
43sudo chown www-data:root /etc/keytabs/service/apache
44sudo chmod 400 /etc/keytabs/service/apache
45
46sudo addgroup hcoop-tlscert
47
48(ssh navajos.hcoop.net sudo tar clpf - /etc/hcoop-ssl/hcoop.pem | \
49 (cd /; sudo tar xlpf -))
50
51# Just in case
52sudo chown root:hcoop-tlscert /etc/hcoop-ssl
53sudo chown root:hcoop-tlscert /etc/hcoop-ssl/hcoop.pem
54
55sudo chmod 750 /etc/hcoop-ssl
56sudo chmod 440 /etc/hcoop-ssl/hcoop.pem
57
58# deploy domtool locally
59sudo touch /var/log/domtool.log
60sudo chown domtool:nogroup /var/log/domtool.log
61sudo chmod 600 /var/log/domtool.log
62
63sudo mkdir -p /var/domtool
64sudo chown domtool:nogroup /var/domtool
65sudo chmod 755 /var/domtool
66
67sudo -u domtool mkdir -p /var/domtool/vhosts
68sudo -u domtool mkdir -p /var/domtool/firewall
69
70/afs/hcoop.net/common/etc/scripts/deploy-domtool-on-host --slave --bootstrap
71
72fwtool regen mccarthy
73
74echo "Manually run 'domtool-admin regen' if needed"
Unnamed repository; edit this file 'description' to name the repository.