-Take a pass at a functional RHEL6 domain join postscript

git-svn-id: https://svn.code.sf.net/p/xcat/code/xcat-core/trunk@7200 8638fb3e-16cb-4fca-ae20-7b5d299a9bcd
2010-08-24 15:00:22 +00:00 · 2010-08-24 15:00:22 +00:00 · ff1194f783
commit ff1194f783
parent d1e30c8f7b
2 changed files with 176 additions and 12 deletions
--- a/xCAT-server/share/xcat/install/rh/compute_domain.rhel6.tmpl
+++ b/xCAT-server/share/xcat/install/rh/compute_domain.rhel6.tmpl
@ -0,0 +1,147 @@
+#egan@us.ibm.com
+#
+cmdline
+
+lang en_US
+
+#
+# Where's the source?
+# nfs --server hostname.of.server or IP --dir /path/to/RH/CD/image
+#
+#nfs --server #XCATVAR:INSTALL_NFS# --dir #XCATVAR:INSTALL_SRC_DIR#
+url --url http://#TABLE:noderes:$NODE:nfsserver#/install/#TABLE:nodetype:$NODE:os#/#TABLE:nodetype:$NODE:arch#
+
+#device ethernet e100
+keyboard "us"
+
+#
+# Clear the MBR
+#
+zerombr yes
+
+#
+# Wipe out the disk
+#
+clearpart --all --initlabel
+#clearpart --linux
+key --skip
+
+#
+# Customize to fit your needs
+#
+
+#No RAID
+#/boot really significant for this sort of setup nowadays?
+#part /boot --size 50 --fstype ext3
+part swap --size 1024 
+part / --size 1 --grow --fstype ext4
+
+#RAID 0 /scr for performance
+#part / --size 1024 --ondisk sda
+#part swap --size 512 --ondisk sda
+#part /var --size 1024 --ondisk sdb
+#part swap --size 512 --ondisk sdb
+#part raid.01 --size 1 --grow --ondisk sda
+#part raid.02 --size 1 --grow --ondisk sdb
+#raid /scr --level 0 --device md0 raid.01 raid.02
+
+#Full RAID 1 Sample
+#part raid.01 --size 50 --ondisk sda
+#part raid.02 --size 50 --ondisk sdb
+#raid /boot --level 1 --device md0 raid.01 raid.02
+#
+#part raid.11 --size 1024 --ondisk sda
+#part raid.12 --size 1024 --ondisk sdb
+#raid / --level 1 --device md1 raid.11 raid.12
+#
+#part raid.21 --size 1024 --ondisk sda
+#part raid.22 --size 1024 --ondisk sdb
+#raid /var --level 1 --device md2 raid.21 raid.22
+#
+#part raid.31 --size 1024 --ondisk sda
+#part raid.32 --size 1024 --ondisk sdb
+#raid swap --level 1 --device md3 raid.31 raid.32
+#
+#part raid.41 --size 1 --grow --ondisk sda
+#part raid.42 --size 1 --grow --ondisk sdb
+#raid /scr --level 1 --device md4 raid.41 raid.42
+
+#
+# bootloader config
+# --append <args>
+# --useLilo
+# --md5pass <crypted MD5 password for GRUB>
+#
+bootloader
+
+#
+# install or upgrade
+#
+install
+
+#
+# text mode install (default is graphical)
+#
+text
+
+#
+# firewall
+#
+firewall --disabled
+
+#
+# Select a zone
+# Add the --utc switch if your hardware clock is set to GMT
+#
+#timezone US/Hawaii
+#timezone US/Pacific
+#timezone US/Mountain
+#timezone US/Central
+#timezone US/Eastern
+timezone --utc "#TABLE:site:key=timezone:value#"
+
+#
+# Don't do X
+#
+skipx
+
+
+#
+# To generate an encrypted root password use:
+#
+# perl -e 'print crypt("blah","Xa") . "\n";'p
+# openssl passwd -apr1 -salt xxxxxxxx password
+# 
+# where "blah" is your root password.
+#
+#rootpw --iscrypted XaLGAVe1C41x2
+#rootpw XaLGAVe1C41x2 --iscrypted
+rootpw --iscrypted #CRYPT:passwd:key=system,username=root:password#
+
+#
+# NIS setup: auth --enablenis --nisdomain sensenet 
+# --nisserver neptune --useshadow --enablemd5
+#
+# OR
+auth --useshadow --enablemd5
+
+#
+# SE Linux
+#
+selinux --disabled
+
+#
+# Reboot after installation
+#
+reboot
+
+#
+#end of section
+#
+%packages
+#INCLUDE_DEFAULT_PKGLIST#
+%pre
+#INCLUDE:#ENV:XCATROOT#/share/xcat/install/scripts/pre.rh#
+%post
+export TEMPHOSTPASS=#MACHINEPASSWORD#
+#INCLUDE:#ENV:XCATROOT#/share/xcat/install/scripts/post.rh#
--- a/xCAT/postscripts/joindomain
+++ b/xCAT/postscripts/joindomain
@ -1,18 +1,35 @@
-#First, set up kerberos, simple enough
+#step 1, determine the realm and such
 DNSDOMAIN=`dnsdomainname`
 UPDNSDOMAIN=`echo $DNSDOMAIN|tr a-z A-Z`
 LDAPBASEDN=dc=`echo $DNSDOMAIN|sed -e 's/\./,dc=/'`
 HOSTPRINC=`hostname`
-MYPASS=`dd if=/dev/urandom bs=1024 count=1|md5sum`
-authconfig --update --krb5realm=$UPDNSDOMAIN --enablekrb5kdcdns --enablekrb5
-(echo $TEMPHOSTPASS;echo $MYPASS;echo $MYPASS)|kpasswd $HOSTPRINC
-(echo $MYPASS)|kinit $HOSTPRINC
-KVNO=`kvno $HOSTPRINC|awk '{print $NF}'`
-(echo add_entry -password -p $HOSTPRINC -k $KVNO -e des;echo $MYPASS;wkt /etc/host.keytab)|ktutil
-
+#generate a random 32 character password
+MYPASS=$(tr -dc A-Za-z0-9 </dev/urandom|head -c 32)

+if [ "$OSVER" = "rhels6" ]; then 
+    #enable kerberos 
+    authconfig --update --krb5realm=$UPDNSDOMAIN --enablekrb5kdcdns --enablekrb5
+    #change password
+    (echo $TEMPHOSTPASS;echo $MYPASS;echo $MYPASS)|kpasswd $HOSTPRINC
+    (echo $MYPASS)|kinit $HOSTPRINC
+    #KVNO=`kvno $HOSTPRINC|awk '{print $NF}'`
+    #(echo add_entry -password -p $HOSTPRINC -k $KVNO -e des;echo $MYPASS;echo wkt /etc/host.keytab)|ktutil
+    OLDUMASK=`umask`
+    umask 0077
+    echo $MYPASS > /etc/krb5.hostpass
+    umask $OLDUMASK
 #ok, time for ldap
-LDAPSRV=`host -t SRV _ldap._tcp.$DNSDOMAIN|awk '{print $NF}'`
-sed -ie 's/#uri ldap:\/\/127.0.0.1/uri ldap:\/\/$LDAPSRV\//' /etc/nslcd.conf
-sed -ie 's/# base dc.*/base $LDAPBASEDN/' /etc/nslcd.conf
-authconfig --update --enableldap --ldapserver=$LDAPSRV --ldapbasedn=$LDAPBASEDN
+    LDAPSRV=`host -t SRV _ldap._tcp.$DNSDOMAIN|awk '{print $NF}'`
+#sed -ie 's/#uri ldap:\/\/127.0.0.1/uri ldap:\/\/$LDAPSRV\//' /etc/nslcd.conf
+#sed -ie 's/# base dc.*/base $LDAPBASEDN/' /etc/nslcd.conf
+    echo use_sasl on >> /etc/nslcd.conf
+    echo sasl_mech GSSAPI >> /etc/nslcd.conf
+    echo sasl_secprops maxssf=0 >> /etc/nslcd.conf
+    echo krb5_ccname /var/run/ldap_krb5cc >> /etc/nslcd.conf
+    authconfig --update --enableldap --ldapserver=$LDAPSRV --ldapbasedn=$LDAPBASEDN
+    echo 'kinit -c /var/run/ldap_krb5cc < /etc/krb5.hostpass' >> /etc/rc.local
+    echo 'kinit -c /var/run/ldap_krb5cc < /etc/krb5.hostpass' >> /etc/cron.hourly/nslcdkrb.cron
+    chmod +x /etc/cron.hourly/nslcdkrb.cron
+fi
+
+