71 lines
2.6 KiB
Bash
71 lines
2.6 KiB
Bash
#!/bin/bash
|
|
|
|
## Script Location
|
|
SCRIPTDIR=$(dirname $0)
|
|
source "$SCRIPTDIR/common/colors.sh"
|
|
source "$SCRIPTDIR/common/functions.sh"
|
|
|
|
load_defaults=""
|
|
case "$1" in
|
|
defaults) load_defaults="defaults";;
|
|
"") load_defaults="";;
|
|
*) echo "'$1' is not a valid template-setup command";;
|
|
esac
|
|
if [ "$load_defaults" == "defaults" ]; then
|
|
source $SCRIPTDIR/defaults-dbb.sh
|
|
else
|
|
source $SCRIPTDIR/defaults-blank.sh
|
|
fi
|
|
|
|
|
|
# TODO setup /etc/hosts with FQDN and FreeIPA servers
|
|
|
|
printf "$COL_LIGHT_BLUE" "* Checking if system already contains Membership to FreeIPA Realm"
|
|
realm_join=0
|
|
if [[ ! -f /var/lib/ipa-client/sysrestore/sysrestore.state ]]
|
|
then
|
|
printf "$COL_YELLOW" "** $HOSTNAME appears to not be joined to FreeIPA Server Realm"
|
|
realm_join=1
|
|
else
|
|
printf "$COL_GREEN" "** $HOSTNAME appears to already be joined to FreeIPA Server Realm"
|
|
fi
|
|
|
|
## FreeIPA Realm Join
|
|
if [ "$realm_join" == 1 ]; then
|
|
if (whiptail --title "FreeIPA Realm Join" --yes-button "yes" --no-button "no" --yesno "Do You want to join a FreeIPA Realm?" 10 80)
|
|
then
|
|
|
|
if [[ $HOSTNAME == *template* ]]; then
|
|
printf "$COL_RED" "** Hostname $HOSTNAME contains the word 'template', skipping realm joining"
|
|
realm_join=0
|
|
fi
|
|
|
|
if [ "$realm_join" == 1 ]; then
|
|
printf "$COL_YELLOW" "** Setting up ipa-client to join FreeIPA Server Realm"
|
|
freeipa_admin=$(whiptail --passwordbox "Please enter the user authorized to join FreeIPA realm: $freeipa_admin" 8 78 --title "FreeIPA Admin User Prompt" 3>&1 1>&2 2>&3)
|
|
freeipa_password=$(whiptail --passwordbox "Please enter the password for the FreeIPA admin user: $freeipa_admin" 8 78 --title "FreeIPA Password Prompt" 3>&1 1>&2 2>&3)
|
|
ipa-client-install --mkhomedir --no-ntp --principal="$freeipa_admin" --password="$freeipa_password" --enable-dns-updates --unattended
|
|
fi
|
|
else
|
|
printf "$COL_CYAN" "** Skipping realm joining"
|
|
fi
|
|
fi
|
|
|
|
|
|
if [[ ! -f /var/lib/ipa-client/sysrestore/sysrestore.state ]]
|
|
then
|
|
printf "$COL_YELLOW" "** $HOSTNAME appears to not be joined to FreeIPA Server Realm, skipping Cert Question"
|
|
else
|
|
printf "$COL_GREEN" "** $HOSTNAME appears to be joined to FreeIPA Server Realm, Checking if user wants a cert."
|
|
|
|
if (whiptail --title "FreeIPA CA" --yes-button "yes" --no-button "no" --yesno "Do You want to use FreeIPA as a CA and get a certificate?" 10 80)
|
|
then
|
|
mkdir -p /etc/certmonger/certs
|
|
ipa-getcert request -f /etc/certmonger/certs/app.crt -k /etc/certmonger/certs/app.key -K HTTP/$(hostname -f) -D $(hostname -f) -N $(hostname -f)
|
|
sudo getcert list
|
|
else
|
|
printf "$COL_CYAN" "** Skipping Cert Grabbing"
|
|
fi
|
|
|
|
fi
|