3 # FIXME BEFORE REINSTALLING Override /etc/adduser.conf to set
4 # min_system_uid/gid to 110 to skip over domtool. We are going to kill
5 # the domtool identity for domtool2 eventually, but...
7 # Overriding in hcoop-common-config is sufficient, as long as fewer
8 # than 8 packages requesting dynamically allocated system uids are
11 # Run on newly created node as a kerberos/afs admin with local sudo rights
18 # Unfortunately has to be run after the first reboot by an admin user
20 # Domtool was created in pts with id #108, so we skip to 110 for
21 # dynamically allocated UID/GIDs to avoid conflict until the domtool
22 # pts user can be replaced.
23 sudo su
-c "cat /etc/adduser.conf | sed -e 's/^FIRST_SYSTEM_UID=.*/FIRST_SYSTEM_UID=110/' -e 's/^FIRST_SYSTEM_GID=.*/FIRST_SYSTEM_GID=110/' > /etc/adduser.conf.hcoop"
24 sudo
mv /etc
/adduser.conf
/etc
/adduser.conf.hcoop-orig
25 sudo
ln -s /etc
/adduser.conf
/etc
/adduser.conf.hcoop
27 sudo apt-get
install hcoop-admin-common-config
30 sudo kadmin
-p ${USER}@HCOOP.NET
-r HCOOP.NET
-q "ktadd -k /etc/krb5.keytab host/mccarthy.hcoop.net@HCOOP.NET"
31 sudo chown root
:root
/etc
/krb5.keytab
32 sudo
chmod go-rwx
/etc
/krb5.keytab
34 # Sync initial set of keytabs
35 sudo mkdir
-p /etc
/keytabs
36 sudo mkdir
-p /etc
/keytabs
/service
38 (ssh fritz.hcoop.net
cd /etc
/keytabs \
; sudo
tar clpf
- domtool hcoop | \
39 (cd /etc
/keytabs
; sudo
tar xlpf
-))
42 sudo kadmin
-p ${USER}@HCOOP.NET
-r HCOOP.NET
-q "ktadd -k /etc/keytabs/service/apache apache2/mccarthy.hcoop.net@HCOOP.NET"
43 sudo chown www-data
:root
/etc
/keytabs
/service
/apache
44 sudo
chmod 400 /etc
/keytabs
/service
/apache
46 sudo addgroup hcoop-tlscert
48 (ssh navajos.hcoop.net sudo
tar clpf
- /etc
/hcoop-ssl
/hcoop.pem | \
49 (cd /; sudo
tar xlpf
-))
52 sudo chown root
:hcoop-tlscert
/etc
/hcoop-ssl
53 sudo chown root
:hcoop-tlscert
/etc
/hcoop-ssl
/hcoop.pem
55 sudo
chmod 750 /etc
/hcoop-ssl
56 sudo
chmod 440 /etc
/hcoop-ssl
/hcoop.pem
58 # deploy domtool locally
59 sudo
touch /var
/log
/domtool.log
60 sudo chown domtool
:nogroup
/var
/log
/domtool.log
61 sudo
chmod 600 /var
/log
/domtool.log
63 sudo mkdir
-p /var
/domtool
64 sudo chown domtool
:nogroup
/var
/domtool
65 sudo
chmod 755 /var
/domtool
67 sudo
-u domtool mkdir
-p /var
/domtool
/vhosts
68 sudo
-u domtool mkdir
-p /var
/domtool
/firewall
70 /afs
/hcoop.net
/common
/etc
/scripts
/deploy-domtool-on-host
--slave --bootstrap
74 echo "Manually run 'domtool-admin regen' if needed"