#!/bin/bash
set -e
# set -x
HOST=${HOST:-/host}
REALM=false
if [ -n "$1" ] ; then
if [ "$#" -eq "1" ] && [ "$1" == "--uninstall" ] ; then
exec /bin/uninstall.sh
exit 99
fi
if [ "$1" == 'realm' -o "$1" == "/sbin/realm" -o "$1" == "/usr/sbin/realm" ] ; then
if [ "$#" -eq "2" ] && [ "$2" == "--help" -o "$2" == "help" ] ; then
$1 $2
exit $?
fi
COMMAND="$1 $2"
shift ; shift
params=("--install=/")
REALM=true
elif [ "${1#-}" == "$1" ] ; then
COMMAND="$1"
shift
elif [ "$#" -eq "1" ] && [ "$1" == "--help" ] ; then
ipa-client-install --help
exit 0
fi
fi
function setup_service () {
if chroot $HOST systemctl -q is-active "$NAME" ; then
chroot $HOST systemctl stop "$NAME"
fi
sed "s%\${IMAGE}%${IMAGE:-sssd}%g; s%\${NAME}%${NAME:-sssd}%g;" /etc/sssd.service.template > $HOST/etc/systemd/system/$NAME.service
chroot $HOST systemctl daemon-reload
echo "Service $NAME.service configured to run SSSD container."
}
if [ -e "$HOST/etc/ipa/default.conf" ] ; then
echo 'IPA client is already configured on this system.' >&2
if [ "$#" -eq "1" ] && [ "$1" == "--migrate" ] ; then
setup_service
exit 0
fi
echo 'Run atomic uninstall $IMAGE first.' >&2
exit 1
fi
mkdir -p "$HOST/var/log/sssd/install/sssd"
mv /var/log /var/log-aside && ln -s "$HOST/var/log/sssd/install" /var/log
export _SYSTEMCTL_LITE_LOGFILE="$HOST/var/log/sssd/install/systemctl.log"
touch $_SYSTEMCTL_LITE_LOGFILE
params=()
function slurp_params () {
if [ -f "$1" ] ; then
readarray -t params < <( xargs -n 1 echo < "$1" )
fi
}
echo "Initializing configuration context from host ..."
( cd "$HOST" && while read f ; do
if [ -e "$f" ] ; then
cp --parents -rp -t / "$f"
fi
done ) < /etc/host-data-list
mkdir -p /etc/sssd/systemctl-lite-enabled
rm -rf /etc/systemctl-lite-enabled
ln -s /etc/sssd/systemctl-lite-enabled /etc/systemctl-lite-enabled
if [ -z "$COMMAND" ] ; then
if [ -f "$HOST/etc/$NAME/realm-join-options" ] ; then
COMMAND='realm join -v'
slurp_params "$HOST/etc/$NAME/realm-join-options"
REALM=true
else
COMMAND='ipa-client-install -U --no-ntp'
slurp_params "$HOST/etc/$NAME/ipa-client-install-options"
fi
fi
if $REALM ; then
for f in "$HOST/etc/$NAME/realm-join-password" ; do
if [ -f "$f" ] ; then
PASSWORD_FILE="$f"
break
fi
done
systemctl start dbus.service
fi
params+=("$@")
if [ -n "$PASSWORD_FILE" ] ; then
$COMMAND "${params[@]}" < "$PASSWORD_FILE"
else
$COMMAND "${params[@]}"
fi
if $REALM ; then
( echo ; echo includedir /var/lib/sss/pubconf/krb5.include.d/ ) >> /etc/krb5.conf
fi
echo "Copying new configuration to host ..."
while read f ; do
if [ -e "$f" ] ; then
cp --parents -rp -t "$HOST" "$f"
fi
done < /etc/host-data-list
chroot "$HOST" restorecon -ri -f - < /etc/host-data-list
setup_service