Tree - modules/sssd - src.fedoraproject.org

modules / sssd

Overview Files Commits Branches Forks Releases
Monitoring status:

Bugzilla Assignee:

Fedora:: lslebodn
Files

Blob Blame History Raw
#!/bin/bash

set -e
# set -x

HOST=${HOST:-/host}

REALM=false
if [ -n "$1" ] ; then
	if [ "$#" -eq "1" ] && [ "$1" == "--uninstall" ] ; then
		exec /bin/uninstall.sh
		exit 99
	fi
	if [ "$1" == 'realm' -o "$1" == "/sbin/realm" -o "$1" == "/usr/sbin/realm" ] ; then
		if [ "$#" -eq "2" ] && [ "$2" == "--help" -o "$2" == "help" ] ; then
			$1 $2
			exit $?
		fi
		COMMAND="$1 $2"
		shift ; shift
		params=("--install=/")
		REALM=true
	elif [ "${1#-}" == "$1" ] ; then
		COMMAND="$1"
		shift
	elif [ "$#" -eq "1" ] && [ "$1" == "--help" ] ; then
		ipa-client-install --help
		exit 0
	fi
fi

function setup_service () {
	if chroot $HOST systemctl -q is-active "$NAME" ; then
		chroot $HOST systemctl stop "$NAME"
	fi
	sed "s%\${IMAGE}%${IMAGE:-sssd}%g; s%\${NAME}%${NAME:-sssd}%g;" /etc/sssd.service.template > $HOST/etc/systemd/system/$NAME.service
	chroot $HOST systemctl daemon-reload
	echo "Service $NAME.service configured to run SSSD container."
}

if [ -e "$HOST/etc/ipa/default.conf" ] ; then
	echo 'IPA client is already configured on this system.' >&2
	if [ "$#" -eq "1" ] && [ "$1" == "--migrate" ] ; then
		setup_service
		exit 0
	fi
	echo 'Run atomic uninstall $IMAGE first.' >&2
	exit 1
fi

mkdir -p "$HOST/var/log/sssd/install/sssd"
mv /var/log /var/log-aside && ln -s "$HOST/var/log/sssd/install" /var/log

export _SYSTEMCTL_LITE_LOGFILE="$HOST/var/log/sssd/install/systemctl.log"
touch $_SYSTEMCTL_LITE_LOGFILE

params=()
function slurp_params () {
	if [ -f "$1" ] ; then
		readarray -t params < <( xargs -n 1 echo < "$1" )
	fi
}

echo "Initializing configuration context from host ..."
( cd "$HOST" && while read f ; do
	if [ -e "$f" ] ; then
		cp --parents -rp -t / "$f"
	fi
done ) < /etc/host-data-list
mkdir -p /etc/sssd/systemctl-lite-enabled
rm -rf /etc/systemctl-lite-enabled
ln -s /etc/sssd/systemctl-lite-enabled /etc/systemctl-lite-enabled

if [ -z "$COMMAND" ] ; then
	if [ -f "$HOST/etc/$NAME/realm-join-options" ] ; then
		COMMAND='realm join -v'
		slurp_params "$HOST/etc/$NAME/realm-join-options"
		REALM=true
	else
		COMMAND='ipa-client-install -U --no-ntp'
		slurp_params "$HOST/etc/$NAME/ipa-client-install-options"
	fi
fi

if $REALM ; then
	for f in "$HOST/etc/$NAME/realm-join-password" ; do
		if [ -f "$f" ] ; then
			PASSWORD_FILE="$f"
			break
		fi
	done
	systemctl start dbus.service
fi

params+=("$@")
if [ -n "$PASSWORD_FILE" ] ; then
	$COMMAND "${params[@]}" < "$PASSWORD_FILE"
else
	$COMMAND "${params[@]}"
fi

if $REALM ; then
	( echo ; echo includedir /var/lib/sss/pubconf/krb5.include.d/ ) >> /etc/krb5.conf
fi

echo "Copying new configuration to host ..."
while read f ; do
	if [ -e "$f" ] ; then
		cp --parents -rp -t "$HOST" "$f"
	fi
done < /etc/host-data-list
chroot "$HOST" restorecon -ri -f - < /etc/host-data-list

setup_service
modules / sssd

Source Code

Files
