diff options
| -rw-r--r-- | .gitignore | 2 | ||||
| -rw-r--r-- | configs/interfaces (renamed from configs/kerberos/interfaces) | 2 | ||||
| -rw-r--r-- | configs/krb/kadm5.acl (renamed from configs/kerberos/kadm5.acl) | 0 | ||||
| -rw-r--r-- | configs/krb/kdc.conf (renamed from configs/kerberos/kdc.conf) | 0 | ||||
| -rw-r--r-- | configs/krb/krb5.conf (renamed from configs/kerberos/krb5.conf) | 0 | ||||
| -rw-r--r-- | configs/ldap/interfaces | 14 | ||||
| -rw-r--r-- | configs/nfs/interfaces | 14 | ||||
| -rwxr-xr-x | create | 8 | ||||
| -rwxr-xr-x | destroy | 12 | ||||
| -rwxr-xr-x | scripts/debian_roll | 45 | ||||
| -rwxr-xr-x | scripts/kerberos | 22 | ||||
| -rwxr-xr-x | scripts/krb | 23 | ||||
| -rwxr-xr-x | scripts/ldap | 2 | ||||
| -rw-r--r-- | tmp/.gitignore | 0 |
14 files changed, 60 insertions, 84 deletions
@@ -1,2 +1,4 @@ logs/* !logs/.gitignore +tmp/* +!tmp/.gitignore diff --git a/configs/kerberos/interfaces b/configs/interfaces index cf65d6a..b663d7f 100644 --- a/configs/kerberos/interfaces +++ b/configs/interfaces @@ -7,7 +7,7 @@ iface lo inet loopback auto eth0 iface eth0 inet static - address 192.168.122.100/24 + address ADDRESS/24 post-up route add -net 0.0.0.0 netmask 0.0.0.0 gw 192.168.122.1 pre-down route del -net 0.0.0.0 netmask 0.0.0.0 gw 192.168.122.1 diff --git a/configs/kerberos/kadm5.acl b/configs/krb/kadm5.acl index 76df603..76df603 100644 --- a/configs/kerberos/kadm5.acl +++ b/configs/krb/kadm5.acl diff --git a/configs/kerberos/kdc.conf b/configs/krb/kdc.conf index baa19a0..baa19a0 100644 --- a/configs/kerberos/kdc.conf +++ b/configs/krb/kdc.conf diff --git a/configs/kerberos/krb5.conf b/configs/krb/krb5.conf index c78717b..c78717b 100644 --- a/configs/kerberos/krb5.conf +++ b/configs/krb/krb5.conf diff --git a/configs/ldap/interfaces b/configs/ldap/interfaces deleted file mode 100644 index 78fd4c1..0000000 --- a/configs/ldap/interfaces +++ /dev/null @@ -1,14 +0,0 @@ -# This file describes the network interfaces available on your system -# and how to activate them. For more information, see interfaces(5). - -# The loopback network interface -auto lo -iface lo inet loopback - -auto eth0 -iface eth0 inet static - address 192.168.122.120/24 - post-up route add -net 0.0.0.0 netmask 0.0.0.0 gw 192.168.122.1 - pre-down route del -net 0.0.0.0 netmask 0.0.0.0 gw 192.168.122.1 - -source /etc/network/interfaces.d/*.cfg diff --git a/configs/nfs/interfaces b/configs/nfs/interfaces deleted file mode 100644 index f5d11ed..0000000 --- a/configs/nfs/interfaces +++ /dev/null @@ -1,14 +0,0 @@ -# This file describes the network interfaces available on your system -# and how to activate them. For more information, see interfaces(5). - -# The loopback network interface -auto lo -iface lo inet loopback - -auto eth0 -iface eth0 inet static - address 192.168.122.110/24 - post-up route add -net 0.0.0.0 netmask 0.0.0.0 gw 192.168.122.1 - pre-down route del -net 0.0.0.0 netmask 0.0.0.0 gw 192.168.122.1 - -source /etc/network/interfaces.d/*.cfg @@ -1,11 +1,11 @@ #!/bin/bash set -e -scripts/kerberos > logs/kerberos -lxc-info -n kerberos +scripts/krb > logs/krb +lxc-info krb scripts/nfs > logs/nfs -lxc-info -n nfs +lxc-info nfs scripts/ldap > logs/ldap -lxc-info -n ldap +lxc-info ldap @@ -1,13 +1,13 @@ #!/bin/bash -lxc-stop -n kerberos -lxc-destroy -n kerberos +lxc-stop krb +lxc-destroy krb ssh-keygen -R "192.168.122.100" -lxc-stop -n nfs -lxc-destroy -n nfs +lxc-stop nfs +lxc-destroy nfs ssh-keygen -R "192.168.122.110" -lxc-stop -n ldap -lxc-destroy -n ldap +lxc-stop ldap +lxc-destroy ldap ssh-keygen -R "192.168.122.120" diff --git a/scripts/debian_roll b/scripts/debian_roll index 83b7d76..caf652c 100755 --- a/scripts/debian_roll +++ b/scripts/debian_roll @@ -7,35 +7,36 @@ PASS=tom ROOT_PASS=root # init -lxc-create -n $NAME -t download -- --dist debian --release buster --arch amd64 -lxc-start -n $NAME +lxc-create $NAME -t download -- --dist debian --release buster --arch amd64 +lxc-start $NAME # TODO maybe just info until ip shows up? sleep 15 # install basics -lxc-attach -n $NAME -- apt-get update -lxc-attach -n $NAME -- apt-get dist-upgrade -lxc-attach -n $NAME -- apt-get install -y apt-utils -lxc-attach -n $NAME -- apt-get install -y sudo openssh-server x11-xserver-utils +lxc-attach $NAME -- apt-get update +lxc-attach $NAME -- apt-get dist-upgrade +lxc-attach $NAME -- apt-get install -y apt-utils +lxc-attach $NAME -- apt-get install -y sudo openssh-server x11-xserver-utils # setup users -lxc-attach -n $NAME -- bash -c 'echo -e "'$ROOT_PASS'\n'$ROOT_PASS'" | passwd' -lxc-attach -n $NAME -- adduser $USER --gecos "" --disabled-password -lxc-attach -n $NAME -- bash -c 'echo -e "'$PASS'\n'$PASS'" | passwd $USER' +lxc-attach $NAME -- bash -c 'echo -e "'$ROOT_PASS'\n'$ROOT_PASS'" | passwd' +lxc-attach $NAME -- adduser $USER --gecos "" --disabled-password +lxc-attach $NAME -- bash -c 'echo -e "'$PASS'\n'$PASS'" | passwd $USER' # setup x11 forwarding -lxc-attach -n $NAME -- bash -c 'echo "AllowTcpForwarding yes" >> /etc/ssh/sshd_config' -lxc-attach -n $NAME -- bash -c 'echo "X11UseLocalhost yes" >> /etc/ssh/sshd_config' -lxc-attach -n $NAME -- bash -c 'echo "PermitRootLogin yes" >> /etc/ssh/sshd_config' -lxc-attach -n $NAME -- systemctl restart sshd +lxc-attach $NAME -- bash -c 'echo "AllowTcpForwarding yes" >> /etc/ssh/sshd_config' +lxc-attach $NAME -- bash -c 'echo "X11UseLocalhost yes" >> /etc/ssh/sshd_config' +lxc-attach $NAME -- bash -c 'echo "PermitRootLogin yes" >> /etc/ssh/sshd_config' +lxc-attach $NAME -- systemctl restart sshd # setup networking -IP="$(lxc-info -n $NAME | grep IP | tr -s ' ' | cut -d ' ' -f 2)" -sshpass -p $ROOT_PASS ssh-copy-id -o "StrictHostKeyChecking=no" root@$IP -scp configs/$NAME/interfaces root@$IP:/etc/network/ -scp configs/hosts root@$IP:/etc/ -lxc-attach -n $NAME -- systemctl restart networking -ssh-keygen -R "$IP" - -IP="$(lxc-info -n $NAME | grep IP | tr -s ' ' | cut -d ' ' -f 2)" -sshpass -p $ROOT_PASS ssh-copy-id -o "StrictHostKeyChecking=no" root@$IP +IP="$(lxc-info $NAME | grep IP | tr -s ' ' | cut -d ' ' -f 2)" +DESIRED_IP="$(grep $NAME configs/hosts | cut -d ' ' -f 1)" + +sed "s/ADDRESS/$DESIRED_IP/" configs/interfaces > tmp/interfaces +sshpass -p $ROOT_PASS scp -o "StrictHostKeyChecking=no" tmp/interfaces root@$IP:/etc/network/interfaces +sshpass -p $ROOT_PASS scp -o "StrictHostKeyChecking=no" configs/hosts root@$IP:/etc/hosts +lxc-attach $NAME -- systemctl restart networking + +# add ssh key +sshpass -p $ROOT_PASS ssh-copy-id -o "StrictHostKeyChecking=no" root@$DESIRED_IP diff --git a/scripts/kerberos b/scripts/kerberos deleted file mode 100755 index 919ee7d..0000000 --- a/scripts/kerberos +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/bash -set -e - -ROOT_PASS=root -KRB5_PASS=krb5 -KRB5_ADMIN_PASS=pass -USER_PASS=tommie - -scripts/debian_roll kerberos -lxc-attach -n kerberos -v DEBIAN_FRONTEND=noninteractive -- apt-get -y install krb5-admin-server - -scp configs/kerberos/krb5.conf root@192.168.122.100:/etc/ -scp configs/kerberos/kdc.conf root@192.168.122.100:/etc/krb5kdc/ -scp configs/kerberos/kadm5.acl root@192.168.122.100:/etc/krb5kdc/ - -lxc-attach -n kerberos -- bash -c 'echo -e "'$KRB5_PASS'\n'$KRB5_PASS'" | krb5_newrealm' -lxc-attach -n kerberos -- bash -c 'echo -e "'$KRB5_ADMIN_PASS'\n'$KRB5_ADMIN_PASS'" | kadmin.local addprinc root/admin' - -lxc-attach -n kerberos -- systemctl restart krb5-admin-server -lxc-attach -n kerberos -- systemctl restart krb5-kdc - -lxc-attach --clear-env -n kerberos -- bash -c 'echo -e "'$KRB5_ADMIN_PASS'\n'$USER_PASS'\n'$USER_PASS'\n" | kadmin addprinc tom' diff --git a/scripts/krb b/scripts/krb new file mode 100755 index 0000000..4df7fef --- /dev/null +++ b/scripts/krb @@ -0,0 +1,23 @@ +#!/bin/bash +set -e + +ROOT_PASS=root +KRB5_PASS=krb5 +KRB5_ADMIN_PASS=pass +USER_PASS=tommie +IP="$(grep krb configs/hosts | cut -d ' ' -f 1)" + +scripts/debian_roll krb +lxc-attach krb -v DEBIAN_FRONTEND=noninteractive -- apt-get -y install krb5-admin-server + +scp configs/krb/krb5.conf root@$IP:/etc/ +scp configs/krb/kdc.conf root@$IP:/etc/krb5kdc/ +scp configs/krb/kadm5.acl root@$IP:/etc/krb5kdc/ + +lxc-attach krb -- bash -c 'echo -e "'$KRB5_PASS'\n'$KRB5_PASS'" | krb5_newrealm' +lxc-attach krb -- bash -c 'echo -e "'$KRB5_ADMIN_PASS'\n'$KRB5_ADMIN_PASS'" | kadmin.local addprinc root/admin' + +lxc-attach krb -- systemctl restart krb5-admin-server +lxc-attach krb -- systemctl restart krb5-kdc + +lxc-attach --clear-env krb -- bash -c 'echo -e "'$KRB5_ADMIN_PASS'\n'$USER_PASS'\n'$USER_PASS'\n" | kadmin addprinc tom' diff --git a/scripts/ldap b/scripts/ldap index 26afcf8..594f37b 100755 --- a/scripts/ldap +++ b/scripts/ldap @@ -2,4 +2,4 @@ set -e scripts/debian_roll ldap -#lxc-attach -n ldap -v DEBIAN_FRONTEND=noninteractive -- apt-get -y install slapd ldap-utils ldapscripts +#lxc-attach ldap -v DEBIAN_FRONTEND=noninteractive -- apt-get -y install slapd ldap-utils ldapscripts diff --git a/tmp/.gitignore b/tmp/.gitignore new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/tmp/.gitignore |