Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add IPA client-only mode #155

Closed
wants to merge 1 commit into from
Closed

Add IPA client-only mode #155

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions init-data
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,10 @@ if [ -n "$1" ] ; then
COMMAND="$1"
shift
;;
ipa-client-install)
COMMAND="$1"
shift
;;
-*)
:
;;
Expand All @@ -73,6 +77,8 @@ fi
if [ -z "$COMMAND" ] ; then
if [ -f $DATA/ipa-replica-install-options ] ; then
COMMAND=ipa-replica-install
elif [ -f $DATA/ipa-client-install-options ] ; then
COMMAND=ipa-client-install
else
COMMAND=ipa-server-install
fi
Expand Down Expand Up @@ -158,6 +164,11 @@ if ! [ -f /etc/ipa/ca.crt ] ; then
if ! grep -sq '^--admin-password' $OPTIONS_FILE $DATA_OPTIONS_FILE ; then
printf '%q\n' "--admin-password=$PASSWORD" >> $OPTIONS_FILE
fi
elif [ "$COMMAND" == 'ipa-client-install' ] ; then
printf '%q\n' "--password=$PASSWORD" >> $OPTIONS_FILE
if ! grep -sq '^--admin-password' $OPTIONS_FILE $DATA_OPTIONS_FILE ; then
printf '%q\n' "--admin-password=$PASSWORD" >> $OPTIONS_FILE
fi
else
echo "Warning: ignoring environment variable PASSWORD." >&2
fi
Expand Down
31 changes: 28 additions & 3 deletions ipa-server-configure-first
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -157,6 +157,7 @@ if [ -f /etc/ipa/ca.crt ] ; then
else
COMMAND=ipa-server-install
RUN_CMD="/usr/sbin/ipa-server-install"
CLIENT_ONLY=false
if [ -f /run/ipa/ipa-replica-install-options ] ; then
if [ -f /data/ipa-server-install-options ] ; then
usage "Too many install options files."
Expand All @@ -169,6 +170,15 @@ else
if [ -f /data/*.gpg ] ; then
RUN_CMD="/usr/sbin/ipa-replica-install /data/*.gpg"
fi
elif [ -f /run/ipa/ipa-client-install-options ] ; then
if [ -f /data/ipa-server-install-options \
-o -f /data/ipa-replica-install-options ] ; then
usage "Too many install options files."
fi
COMMAND=ipa-client-install
RUN_CMD="/usr/sbin/ipa-client-install "
CLIENT_ONLY=true

fi

(
Expand All @@ -193,10 +203,20 @@ else
fi

# Workaround 1409786
if grep -q -- --external.cert.file $( for i in /run/ipa /data ; do test -e $i/$COMMAND-options && echo $_ ; done ) ; then
if ! $CLIENT_ONLY && \
grep -q -- --external.cert.file \
$( for i in /run/ipa /data ; do \
test -e $i/$COMMAND-options && echo $_ ; \
done ) ; then
/usr/sbin/ipactl --force start || :
fi

if $CLIENT_ONLY; then
if [ -n "$IPA_PORT_53_UDP_ADDR" ] ; then
echo "nameserver $IPA_PORT_53_UDP_ADDR" > /etc/resolv.conf
fi
fi

STDIN=/dev/stdin
STDOUT=/dev/stdout
STDERR=/dev/stderr
Expand Down Expand Up @@ -237,8 +257,13 @@ else
else
echo "FreeIPA server does not run DNS server, skipping update-self-ip-address."
fi
systemctl enable ipa-server-update-self-ip-address.service
systemctl enable ipa-server-upgrade.service
if ! $CLIENT_ONLY; then
systemctl enable ipa-server-update-self-ip-address.service
systemctl enable ipa-server-upgrade.service
else
systemctl disable ipa.service
systemctl enable certmonger.service
fi
systemctl disable ipa-server-configure-first.service || rm -f /etc/systemd/system/multi-user.target.wants/ipa-server-configure-first.service
echo "FreeIPA server configured."
else
Expand Down