-
Notifications
You must be signed in to change notification settings - Fork 233
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
infra/image/system-services: Enhance checks, also fix reverse zone
Checks for IPv4 addresses have been added and reverse zone handling for fixipaip.sh The services are logging StandardOutput and StandardError to journal now.
- Loading branch information
Showing
4 changed files
with
115 additions
and
17 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,26 +1,82 @@ | ||
#!/bin/bash -eu | ||
|
||
function valid_fqdn() | ||
{ | ||
local name="${1}" | ||
|
||
[[ "${name}" =~ [[:space:]] ]] && return 1 | ||
[[ "${name}" =~ \. ]] || return 1 | ||
[[ "${name}" =~ \.\. ]] && return 1 | ||
for i in ${name//./ }; do | ||
[[ "${i}" =~ ^[a-z0-9_/]+$ ]] || return 1 | ||
done | ||
[[ "${name}" == "localhost.localdomain" ]] && return 1 | ||
return 0 | ||
} | ||
|
||
function valid_ipv4() | ||
{ | ||
local ip="${1}" | ||
local rematch="^([0-9]{1,3}\.){3}[0-9]{1,3}$" | ||
|
||
[[ "${ip}" =~ ${rematch} ]] || return 1 | ||
for i in ${ip//./ }; do | ||
[[ ${i} -le 255 ]] || return 1 | ||
done | ||
|
||
return 0 | ||
} | ||
|
||
HOSTNAME=$(hostname) | ||
IP=$(hostname -I | cut -d " " -f 1) | ||
export KRB5CCNAME=ansible_freeipa_cache | ||
|
||
if [ -z "${HOSTNAME}" ]; then | ||
echo "ERROR: Failed to retrieve hostname." | ||
if [ -z "${HOSTNAME}" ] || ! valid_fqdn "${HOSTNAME}" ; then | ||
echo "ERROR: Got invalid hostname: '${HOSTNAME}'" | ||
exit 1 | ||
fi | ||
if [ -z "${IP}" ]; then | ||
echo "ERROR: Failed to retrieve IP address." | ||
if [ -z "${IP}" ] || ! valid_ipv4 "${IP}" ; then | ||
echo "ERROR: Got invalid IPv4 address: '${IP}'" | ||
exit 1 | ||
fi | ||
PTR=$(echo "${IP}" | awk -F"." '{print $4}') | ||
if [ -z "${PTR}" ] || [ -n "${PTR//[0-9]}" ]; then | ||
echo "ERROR: Failed to get PTR from IPv4 address: '${PTR}'" | ||
exit 1 | ||
fi | ||
|
||
echo "Fix IPA IP:" | ||
echo " HOSTNAME: '${HOSTNAME}'" | ||
echo " IP: '${IP}'" | ||
echo " PTR: '${PTR}'" | ||
|
||
if ! echo "SomeADMINpassword" | kinit -c ansible_freeipa_cache admin | ||
if ! echo "SomeADMINpassword" | kinit -c "${KRB5CCNAME}" | ||
then | ||
echo "ERROR: Failed to obtain Kerberos ticket" | ||
exit 1 | ||
fi | ||
KRB5CCNAME=ansible_freeipa_cache \ | ||
ipa dnsrecord-mod test.local "${HOSTNAME%%.*}" --a-rec="$IP" | ||
KRB5CCNAME=ansible_freeipa_cache \ | ||
ipa dnsrecord-mod test.local ipa-ca --a-rec="$IP" | ||
kdestroy -c ansible_freeipa_cache -A | ||
|
||
ZONES=$(ipa dnszone-find --name-from-ip="${HOSTNAME}." --raw --pkey-only \ | ||
| grep "idnsname:" | awk -F": " '{print $2}') | ||
for zone in ${ZONES}; do | ||
echo | ||
if [[ "${zone}" == *".in-addr.arpa."* ]]; then | ||
echo "Fixing reverse zone ${zone}:" | ||
OLD_PTR=$(ipa dnsrecord-find "${zone}" --ptr-rec="${HOSTNAME}." \ | ||
--raw | grep "idnsname:" | awk -F": " '{print $2}') | ||
if [ -z "${OLD_PTR}" ] || [ -n "${OLD_PTR//[0-9]}" ]; then | ||
echo "ERROR: Failed to get old PTR from '${zone}': '${OLD_PTR}'" | ||
else | ||
ipa dnsrecord-mod "${zone}" "${OLD_PTR}" --ptr-rec="${HOSTNAME}." \ | ||
--rename="${PTR}" | ||
fi | ||
else | ||
echo "Fixing forward zone ${zone}:" | ||
ipa dnsrecord-mod test.local "${HOSTNAME%%.*}" --a-rec="$IP" | ||
ipa dnsrecord-mod test.local ipa-ca --a-rec="$IP" | ||
fi | ||
done | ||
|
||
kdestroy -c "${KRB5CCNAME}" -A | ||
|
||
exit 0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,24 +1,62 @@ | ||
#!/bin/bash -eu | ||
|
||
function valid_fqdn() | ||
{ | ||
local name="${1}" | ||
|
||
[[ "${name}" =~ [[:space:]] ]] && return 1 | ||
[[ "${name}" =~ \. ]] || return 1 | ||
[[ "${name}" =~ \.\. ]] && return 1 | ||
for i in ${name//./ }; do | ||
[[ "${i}" =~ ^[a-z0-9_/]+$ ]] || return 1 | ||
done | ||
[[ "${name}" == "localhost.localdomain" ]] && return 1 | ||
return 0 | ||
} | ||
|
||
function valid_ipv4() | ||
{ | ||
local ip="${1}" | ||
local rematch="^([0-9]{1,3}\.){3}[0-9]{1,3}$" | ||
|
||
[[ "${ip}" =~ ${rematch} ]] || return 1 | ||
for i in ${ip//./ }; do | ||
[[ ${i} -le 255 ]] || return 1 | ||
done | ||
|
||
return 0 | ||
} | ||
|
||
HOSTNAME=$(hostname) | ||
IP=$(hostname -I | cut -d " " -f 1) | ||
|
||
if [ -z "${HOSTNAME}" ]; then | ||
if [ -z "${HOSTNAME}" ] || ! valid_fqdn "${HOSTNAME}" ; then | ||
echo "ERROR: Failed to retrieve hostname." | ||
exit 1 | ||
fi | ||
if [ -z "${IP}" ]; then | ||
echo "ERROR: Failed to retrieve IP address." | ||
if [ -z "${IP}" ] || ! valid_ipv4 "${IP}" ; then | ||
echo "ERROR: Got invalid IPv4 address: '${IP}'" | ||
exit 1 | ||
fi | ||
|
||
# shellcheck disable=SC2143 | ||
if [ -n "$(grep -P "[[:space:]]${HOSTNAME}" /etc/hosts)" ]; then | ||
sed -ie "s/.*${HOSTNAME}/${IP}\t${HOSTNAME}/" /etc/hosts | ||
echo "Fix NET:" | ||
echo " HOSTNAME: '${HOSTNAME}'" | ||
echo " IP: '${IP}'" | ||
echo | ||
|
||
if grep -qE "^[^(#\s*)][0-9\.]+\s$HOSTNAME(\s|$)" /etc/hosts | ||
then | ||
sed -i.bak -e "s/.*${HOSTNAME}/${IP}\t${HOSTNAME}/" /etc/hosts | ||
else | ||
echo -e "$IP\t${HOSTNAME}" >> /etc/hosts | ||
echo -e "$IP\t${HOSTNAME} ${HOSTNAME%%.*}" >> /etc/hosts | ||
fi | ||
|
||
echo "nameserver 127.0.0.1" > /etc/resolv.conf | ||
|
||
echo "/etc/hosts:" | ||
cat "/etc/hosts" | ||
echo | ||
echo "/etc/resolv.conf:" | ||
cat "/etc/resolv.conf" | ||
|
||
exit 0 |