Updated ldap.usr (create and copy data.ldif over ssh and scp).

diff --git a/scripts/functions b/scripts/functions
index fbc106632fa9029009d446300588b5170b518ab6..6f7308e031f0e559cd65597040a5bf01df52525e 100644 (file)
--- a/scripts/functions
+++ b/scripts/functions
@@ -32,13 +32,27 @@ postinstall()
     if [ -d $CONTAINER_SOURCE_PATH/postinstall ]
     then
         cp --archive $CONTAINER_SOURCE_PATH/postinstall $CONTAINER_ROOTFS
-        if [ -f $CONTAINER_SOURCE_PATH/postinstall/copy.list ]
+        if [ -f $CONTAINER_ROOTFS/postinstall/run.list ]
         then
-            grep -v '^#' $CONTAINER_SOURCE_PATH/postinstall/copy.list | while read LINE
+            grep -v '^#' $CONTAINER_ROOTFS/postinstall/run.list | while read LINE
+            do
+                TGT_HOST=$(echo "$LINE" | cut -f 1 -d ' ')
+                TGT_USER=$(echo "$LINE" | cut -f 2 -d ' ')
+                TGT_PATH=$(echo "$LINE" | cut -f 3 -d ' ')
+                ssh -i $SSH_KEYS_PATH/scripts -l $TGT_USER $TGT_HOST $TGT_PATH
+            done
+        fi
+        if [ -f $CONTAINER_ROOTFS/postinstall/copy.list ]
+        then
+            grep -v '^#' $CONTAINER_ROOTFS/postinstall/copy.list | while read LINE
             do
                 SRC_HOST=$(echo "$LINE" | cut -f 1 -d ' ')
                 SRC_PATH=$(echo "$LINE" | cut -f 2 -d ' ')
                 TGT_PATH=$(echo "$LINE" | cut -f 3 -d ' ')
+                if [ ! -d $CONTAINER_ROOTFS/postinstall/install/$TGT_PATH ]
+                then
+                    mkdir $CONTAINER_ROOTFS/postinstall/install/$TGT_PATH
+                fi
                 scp -pr -i $SSH_KEYS_PATH/scripts \
                     root@${SRC_HOST}:$SRC_PATH \
                     $CONTAINER_ROOTFS/postinstall/install/$TGT_PATH

diff --git a/sources/ldap.usr/config b/sources/ldap.usr/config
index ed9fadecebd10a7c1e93cc598e4c2f4ee3c42b28..8c423087110b7ae3986a1a607bd5b5c65dc3c771 100644 (file)
--- a/sources/ldap.usr/config
+++ b/sources/ldap.usr/config
@@ -1,7 +1,7 @@
 lxc.include = /usr/share/lxc/config/common.conf
 
 lxc.arch = x86_64
-lxc.uts.name = ldap.usr.user.hu
+lxc.uts.name = ldap.in.useribm.hu
 lxc.rootfs.path = __CONTAINER_PATH__/rootfs
 lxc.mount.auto = proc:rw sys:ro
 

diff --git a/sources/ldap.usr/postinstall/copy.list b/sources/ldap.usr/postinstall/copy.list
new file mode 100644 (file)
index 0000000..f113c9a
--- /dev/null
+++ b/sources/ldap.usr/postinstall/copy.list
@@ -0,0 +1 @@
+ldap.in.useribm.hu /tmp/data.ldif firstboot

diff --git a/sources/ldap.usr/postinstall/install/etc/ssh/ssh_host_ed25519_key-cert.pub b/sources/ldap.usr/postinstall/install/etc/ssh/ssh_host_ed25519_key-cert.pub
new file mode 100644 (file)
index 0000000..c8ec98e
--- /dev/null
+++ b/sources/ldap.usr/postinstall/install/etc/ssh/ssh_host_ed25519_key-cert.pub
@@ -0,0 +1 @@
+ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAILjtjMrHvSbyzjUu5OhxkAnSTtnDUo0J2qVnUJHq7OwfAAAAIA+qL7znNNlRFw7TtkSQr/5Zs8TSN6puzl7Mh5+uJsXHAAAAAAAAAAAAAAACAAAAEmxkYXAuaW4udXNlcmlibS5odQAAABYAAAASbGRhcC5pbi51c2VyaWJtLmh1AAAAAAAAAAD//////////wAAAAAAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgRdggjOtRLHz8FDr+22RKvmgTIHkXliDhunUM6SoM430AAABTAAAAC3NzaC1lZDI1NTE5AAAAQCwoXaZKKq1b0072iGhd0C+DAbpxuEnrGCYSQRjS3epMcdX8jsDgXfql0s0y+PX12leqzNvpjADJQRzznCBcXAM= ssh_host_ed25519_key.pub

diff --git a/sources/ldap.usr/postinstall/install/etc/ssh/sshd_config.d/99-host-cert.conf b/sources/ldap.usr/postinstall/install/etc/ssh/sshd_config.d/99-host-cert.conf
new file mode 100644 (file)
index 0000000..173b545
--- /dev/null
+++ b/sources/ldap.usr/postinstall/install/etc/ssh/sshd_config.d/99-host-cert.conf
@@ -0,0 +1 @@
+HostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub

diff --git a/sources/ldap.usr/postinstall/install/etc/ssh/sshd_config.d/99-user-CA.conf b/sources/ldap.usr/postinstall/install/etc/ssh/sshd_config.d/99-user-CA.conf
new file mode 100644 (file)
index 0000000..115882b
--- /dev/null
+++ b/sources/ldap.usr/postinstall/install/etc/ssh/sshd_config.d/99-user-CA.conf
@@ -0,0 +1 @@
+TrustedUserCAKeys /etc/ssh/trusted-user-ca.keys

diff --git a/sources/ldap.usr/postinstall/install/etc/ssh/trusted-user-ca.keys b/sources/ldap.usr/postinstall/install/etc/ssh/trusted-user-ca.keys
new file mode 100644 (file)
index 0000000..59a754e
--- /dev/null
+++ b/sources/ldap.usr/postinstall/install/etc/ssh/trusted-user-ca.keys
@@ -0,0 +1,2 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJdSgSmeOIwnP90z5zXAK1x5jMpg4PU5iOVxJeTbndC7 user-CA (qqcs)
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICcf/XXU8dNVtbveGmwbdnRJfYIItzxKmgRkzlp0k6r5 user-CA (user)

diff --git a/sources/ldap.usr/postinstall/install/root/.ssh/authorized_keys b/sources/ldap.usr/postinstall/install/root/.ssh/authorized_keys
deleted file mode 100644 (file)
index 3aeca89..0000000
--- a/sources/ldap.usr/postinstall/install/root/.ssh/authorized_keys
+++ /dev/null
@@ -1 +0,0 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMH92PgPnxE5n+rlbiHosDQv6sftFoNulFtPcBzTHl+0 lxcsetup (2020)

diff --git a/sources/ldap.usr/postinstall/install/root/backupldapdb.sh b/sources/ldap.usr/postinstall/install/root/backupldapdb.sh
new file mode 100755 (executable)
index 0000000..0e05fce
--- /dev/null
+++ b/sources/ldap.usr/postinstall/install/root/backupldapdb.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+
+systemctl stop slapd.service
+slapcat -n 2 >/tmp/data.ldif
+systemctl start slapd.service

diff --git a/sources/ldap.usr/postinstall/run.list b/sources/ldap.usr/postinstall/run.list
new file mode 100644 (file)
index 0000000..07e3d36
--- /dev/null
+++ b/sources/ldap.usr/postinstall/run.list
@@ -0,0 +1 @@
+ldap.in.useribm.hu root /root/backupldapdb.sh

diff --git a/sources/ldap.usr/preinstall/01_backupldapdb.sh b/sources/ldap.usr/preinstall/01_backupldapdb.sh
deleted file mode 100755 (executable)
index 7159874..0000000
--- a/sources/ldap.usr/preinstall/01_backupldapdb.sh
+++ /dev/null
@@ -1,19 +0,0 @@
-#!/bin/sh
-
-
-REAL_PATH=$(realpath $(dirname $0))
-ENV_FILE=$1
-source $ENV_FILE
-
-
-chmod 600 $REAL_PATH/user-lxcsetup-2020
-ssh -i $REAL_PATH/user-lxcsetup-2020 -l root ldap.usr.user.hu echo hello
-RC=$?
-if [ $RC -eq 0 ]
-then
-    ssh -i $REAL_PATH/user-lxcsetup-2020 -l root ldap.usr.user.hu systemctl stop slapd.service
-    ssh -i $REAL_PATH/user-lxcsetup-2020 -l root ldap.usr.user.hu "slapcat -n 2 >/tmp/data.ldif"
-    scp -i $REAL_PATH/user-lxcsetup-2020 root@ldap.usr.user.hu:/tmp/data.ldif \
-        $CONTAINER_SOURCE_PATH/firstboot/data.ldif
-    ssh -i $REAL_PATH/user-lxcsetup-2020 -l root ldap.usr.user.hu systemctl start slapd.service
-fi

diff --git a/sources/ldap.usr/preinstall/user-lxcsetup-2020 b/sources/ldap.usr/preinstall/user-lxcsetup-2020
deleted file mode 100644 (file)
index 5319049..0000000
--- a/sources/ldap.usr/preinstall/user-lxcsetup-2020
+++ /dev/null
@@ -1,7 +0,0 @@
------BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
-QyNTUxOQAAACDB/dj4D58ROZ/q5W4h6LA0L+rH7RaDbpRbT3Ac0x5ftAAAAJhBQpFGQUKR
-RgAAAAtzc2gtZWQyNTUxOQAAACDB/dj4D58ROZ/q5W4h6LA0L+rH7RaDbpRbT3Ac0x5ftA
-AAAEBo/NKLeggP3e0TajKznXiAi1/mkK7mmHXgHit2OcyZQsH92PgPnxE5n+rlbiHosDQv
-6sftFoNulFtPcBzTHl+0AAAAD2x4Y3NldHVwICgyMDIwKQECAwQFBg==
------END OPENSSH PRIVATE KEY-----