Skip to content
Snippets Groups Projects
Commit b128a5cb authored by Thomas Woerner's avatar Thomas Woerner
Browse files

fixipaip infra image service: No need for hard coded admin password 

The admin password is not needed for the system service as it running
as root. The use of `-e in_server=true` is sufficient for all ipa calls.
parent 220c4f00
No related merge requests found
Show whitespace changes
Inline Side-by-side
infra/image/system-service/fixipaip.sh
+ 13
17
View file @ b128a5cb
...@@ -55,35 +55,31 @@ echo " IP: '${IP}'" ...@@ -55,35 +55,31 @@ echo " IP: '${IP}'"
echo " PTR: '${PTR}'" echo " PTR: '${PTR}'"
echo " FORWARDER: '${FORWARDER}'" echo " FORWARDER: '${FORWARDER}'"
if ! echo "SomeADMINpassword" | kinit -c "${KRB5CCNAME}" admin >/dev/null ZONES=$(ipa -e in_server=true dnszone-find --name-from-ip="${HOSTNAME}." \
then --raw --pkey-only | grep "idnsname:" | awk -F": " '{print $2}')
echo "ERROR: Failed to obtain Kerberos ticket"
exit 1
fi
ZONES=$(ipa dnszone-find --name-from-ip="${HOSTNAME}." --raw --pkey-only \
| grep "idnsname:" | awk -F": " '{print $2}')
for zone in ${ZONES}; do for zone in ${ZONES}; do
echo echo
if [[ "${zone}" == *".in-addr.arpa."* ]]; then if [[ "${zone}" == *".in-addr.arpa."* ]]; then
echo "Fixing reverse zone ${zone}:" echo "Fixing reverse zone ${zone}:"
OLD_PTR=$(ipa dnsrecord-find "${zone}" --ptr-rec="${HOSTNAME}." \ OLD_PTR=$(ipa -e in_server=true dnsrecord-find "${zone}" \
--raw | grep "idnsname:" | awk -F": " '{print $2}') --ptr-rec="${HOSTNAME}." --raw | grep "idnsname:" | \
awk -F": " '{print $2}')
if [ -z "${OLD_PTR}" ] || [ -n "${OLD_PTR//[0-9]}" ]; then if [ -z "${OLD_PTR}" ] || [ -n "${OLD_PTR//[0-9]}" ]; then
echo "ERROR: Failed to get old PTR from '${zone}': '${OLD_PTR}'" echo "ERROR: Failed to get old PTR from '${zone}': '${OLD_PTR}'"
else else
ipa dnsrecord-mod "${zone}" "${OLD_PTR}" --ptr-rec="${HOSTNAME}." \ ipa -e in_server=true dnsrecord-mod "${zone}" "${OLD_PTR}" \
--rename="${PTR}" || true --ptr-rec="${HOSTNAME}." --rename="${PTR}" || true
fi fi
else else
echo "Fixing forward zone ${zone}:" echo "Fixing forward zone ${zone}:"
ipa dnsrecord-mod test.local "${HOSTNAME%%.*}" --a-rec="$IP" || true ipa -e in_server=true dnsrecord-mod test.local "${HOSTNAME%%.*}" \
ipa dnsrecord-mod test.local ipa-ca --a-rec="$IP" || true --a-rec="$IP" || true
ipa -e in_server=true dnsrecord-mod test.local ipa-ca \
--a-rec="$IP" || true
fi fi
done done
ipa dnsserver-mod "${HOSTNAME}" --forwarder="${FORWARDER}" || true ipa -e in_server=true dnsserver-mod "${HOSTNAME}" \
--forwarder="${FORWARDER}" || true
kdestroy -c "${KRB5CCNAME}" -A
exit 0 exit 0
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment