From 2b04539bf79a85c53f1738591b856000f35c7070 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Zolt=C3=A1n=20Felleg?= Date: Wed, 31 Mar 2021 14:52:07 +0200 Subject: [PATCH] Updated ldap.usr (create and copy data.ldif over ssh and scp). --- scripts/functions | 18 ++++++++++++++++-- sources/ldap.usr/config | 2 +- sources/ldap.usr/postinstall/copy.list | 1 + .../etc/ssh/ssh_host_ed25519_key-cert.pub | 1 + .../etc/ssh/sshd_config.d/99-host-cert.conf | 1 + .../etc/ssh/sshd_config.d/99-user-CA.conf | 1 + .../install/etc/ssh/trusted-user-ca.keys | 2 ++ .../install/root/.ssh/authorized_keys | 1 - .../postinstall/install/root/backupldapdb.sh | 6 ++++++ sources/ldap.usr/postinstall/run.list | 1 + .../ldap.usr/preinstall/01_backupldapdb.sh | 19 ------------------- .../ldap.usr/preinstall/user-lxcsetup-2020 | 7 ------- 12 files changed, 30 insertions(+), 30 deletions(-) create mode 100644 sources/ldap.usr/postinstall/copy.list create mode 100644 sources/ldap.usr/postinstall/install/etc/ssh/ssh_host_ed25519_key-cert.pub create mode 100644 sources/ldap.usr/postinstall/install/etc/ssh/sshd_config.d/99-host-cert.conf create mode 100644 sources/ldap.usr/postinstall/install/etc/ssh/sshd_config.d/99-user-CA.conf create mode 100644 sources/ldap.usr/postinstall/install/etc/ssh/trusted-user-ca.keys delete mode 100644 sources/ldap.usr/postinstall/install/root/.ssh/authorized_keys create mode 100755 sources/ldap.usr/postinstall/install/root/backupldapdb.sh create mode 100644 sources/ldap.usr/postinstall/run.list delete mode 100755 sources/ldap.usr/preinstall/01_backupldapdb.sh delete mode 100644 sources/ldap.usr/preinstall/user-lxcsetup-2020 diff --git a/scripts/functions b/scripts/functions index fbc1066..6f7308e 100644 --- a/scripts/functions +++ b/scripts/functions @@ -32,13 +32,27 @@ postinstall() if [ -d $CONTAINER_SOURCE_PATH/postinstall ] then cp --archive $CONTAINER_SOURCE_PATH/postinstall $CONTAINER_ROOTFS - if [ -f $CONTAINER_SOURCE_PATH/postinstall/copy.list ] + if [ -f $CONTAINER_ROOTFS/postinstall/run.list ] then - grep -v '^#' $CONTAINER_SOURCE_PATH/postinstall/copy.list | while read LINE + grep -v '^#' $CONTAINER_ROOTFS/postinstall/run.list | while read LINE + do + TGT_HOST=$(echo "$LINE" | cut -f 1 -d ' ') + TGT_USER=$(echo "$LINE" | cut -f 2 -d ' ') + TGT_PATH=$(echo "$LINE" | cut -f 3 -d ' ') + ssh -i $SSH_KEYS_PATH/scripts -l $TGT_USER $TGT_HOST $TGT_PATH + done + fi + if [ -f $CONTAINER_ROOTFS/postinstall/copy.list ] + then + grep -v '^#' $CONTAINER_ROOTFS/postinstall/copy.list | while read LINE do SRC_HOST=$(echo "$LINE" | cut -f 1 -d ' ') SRC_PATH=$(echo "$LINE" | cut -f 2 -d ' ') TGT_PATH=$(echo "$LINE" | cut -f 3 -d ' ') + if [ ! -d $CONTAINER_ROOTFS/postinstall/install/$TGT_PATH ] + then + mkdir $CONTAINER_ROOTFS/postinstall/install/$TGT_PATH + fi scp -pr -i $SSH_KEYS_PATH/scripts \ root@${SRC_HOST}:$SRC_PATH \ $CONTAINER_ROOTFS/postinstall/install/$TGT_PATH diff --git a/sources/ldap.usr/config b/sources/ldap.usr/config index ed9fade..8c42308 100644 --- a/sources/ldap.usr/config +++ b/sources/ldap.usr/config @@ -1,7 +1,7 @@ lxc.include = /usr/share/lxc/config/common.conf lxc.arch = x86_64 -lxc.uts.name = ldap.usr.user.hu +lxc.uts.name = ldap.in.useribm.hu lxc.rootfs.path = __CONTAINER_PATH__/rootfs lxc.mount.auto = proc:rw sys:ro diff --git a/sources/ldap.usr/postinstall/copy.list b/sources/ldap.usr/postinstall/copy.list new file mode 100644 index 0000000..f113c9a --- /dev/null +++ b/sources/ldap.usr/postinstall/copy.list @@ -0,0 +1 @@ +ldap.in.useribm.hu /tmp/data.ldif firstboot diff --git a/sources/ldap.usr/postinstall/install/etc/ssh/ssh_host_ed25519_key-cert.pub b/sources/ldap.usr/postinstall/install/etc/ssh/ssh_host_ed25519_key-cert.pub new file mode 100644 index 0000000..c8ec98e --- /dev/null +++ b/sources/ldap.usr/postinstall/install/etc/ssh/ssh_host_ed25519_key-cert.pub @@ -0,0 +1 @@ +ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAILjtjMrHvSbyzjUu5OhxkAnSTtnDUo0J2qVnUJHq7OwfAAAAIA+qL7znNNlRFw7TtkSQr/5Zs8TSN6puzl7Mh5+uJsXHAAAAAAAAAAAAAAACAAAAEmxkYXAuaW4udXNlcmlibS5odQAAABYAAAASbGRhcC5pbi51c2VyaWJtLmh1AAAAAAAAAAD//////////wAAAAAAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgRdggjOtRLHz8FDr+22RKvmgTIHkXliDhunUM6SoM430AAABTAAAAC3NzaC1lZDI1NTE5AAAAQCwoXaZKKq1b0072iGhd0C+DAbpxuEnrGCYSQRjS3epMcdX8jsDgXfql0s0y+PX12leqzNvpjADJQRzznCBcXAM= ssh_host_ed25519_key.pub diff --git a/sources/ldap.usr/postinstall/install/etc/ssh/sshd_config.d/99-host-cert.conf b/sources/ldap.usr/postinstall/install/etc/ssh/sshd_config.d/99-host-cert.conf new file mode 100644 index 0000000..173b545 --- /dev/null +++ b/sources/ldap.usr/postinstall/install/etc/ssh/sshd_config.d/99-host-cert.conf @@ -0,0 +1 @@ +HostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub diff --git a/sources/ldap.usr/postinstall/install/etc/ssh/sshd_config.d/99-user-CA.conf b/sources/ldap.usr/postinstall/install/etc/ssh/sshd_config.d/99-user-CA.conf new file mode 100644 index 0000000..115882b --- /dev/null +++ b/sources/ldap.usr/postinstall/install/etc/ssh/sshd_config.d/99-user-CA.conf @@ -0,0 +1 @@ +TrustedUserCAKeys /etc/ssh/trusted-user-ca.keys diff --git a/sources/ldap.usr/postinstall/install/etc/ssh/trusted-user-ca.keys b/sources/ldap.usr/postinstall/install/etc/ssh/trusted-user-ca.keys new file mode 100644 index 0000000..59a754e --- /dev/null +++ b/sources/ldap.usr/postinstall/install/etc/ssh/trusted-user-ca.keys @@ -0,0 +1,2 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJdSgSmeOIwnP90z5zXAK1x5jMpg4PU5iOVxJeTbndC7 user-CA (qqcs) +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICcf/XXU8dNVtbveGmwbdnRJfYIItzxKmgRkzlp0k6r5 user-CA (user) diff --git a/sources/ldap.usr/postinstall/install/root/.ssh/authorized_keys b/sources/ldap.usr/postinstall/install/root/.ssh/authorized_keys deleted file mode 100644 index 3aeca89..0000000 --- a/sources/ldap.usr/postinstall/install/root/.ssh/authorized_keys +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMH92PgPnxE5n+rlbiHosDQv6sftFoNulFtPcBzTHl+0 lxcsetup (2020) diff --git a/sources/ldap.usr/postinstall/install/root/backupldapdb.sh b/sources/ldap.usr/postinstall/install/root/backupldapdb.sh new file mode 100755 index 0000000..0e05fce --- /dev/null +++ b/sources/ldap.usr/postinstall/install/root/backupldapdb.sh @@ -0,0 +1,6 @@ +#!/bin/sh + + +systemctl stop slapd.service +slapcat -n 2 >/tmp/data.ldif +systemctl start slapd.service diff --git a/sources/ldap.usr/postinstall/run.list b/sources/ldap.usr/postinstall/run.list new file mode 100644 index 0000000..07e3d36 --- /dev/null +++ b/sources/ldap.usr/postinstall/run.list @@ -0,0 +1 @@ +ldap.in.useribm.hu root /root/backupldapdb.sh diff --git a/sources/ldap.usr/preinstall/01_backupldapdb.sh b/sources/ldap.usr/preinstall/01_backupldapdb.sh deleted file mode 100755 index 7159874..0000000 --- a/sources/ldap.usr/preinstall/01_backupldapdb.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/sh - - -REAL_PATH=$(realpath $(dirname $0)) -ENV_FILE=$1 -source $ENV_FILE - - -chmod 600 $REAL_PATH/user-lxcsetup-2020 -ssh -i $REAL_PATH/user-lxcsetup-2020 -l root ldap.usr.user.hu echo hello -RC=$? -if [ $RC -eq 0 ] -then - ssh -i $REAL_PATH/user-lxcsetup-2020 -l root ldap.usr.user.hu systemctl stop slapd.service - ssh -i $REAL_PATH/user-lxcsetup-2020 -l root ldap.usr.user.hu "slapcat -n 2 >/tmp/data.ldif" - scp -i $REAL_PATH/user-lxcsetup-2020 root@ldap.usr.user.hu:/tmp/data.ldif \ - $CONTAINER_SOURCE_PATH/firstboot/data.ldif - ssh -i $REAL_PATH/user-lxcsetup-2020 -l root ldap.usr.user.hu systemctl start slapd.service -fi diff --git a/sources/ldap.usr/preinstall/user-lxcsetup-2020 b/sources/ldap.usr/preinstall/user-lxcsetup-2020 deleted file mode 100644 index 5319049..0000000 --- a/sources/ldap.usr/preinstall/user-lxcsetup-2020 +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN OPENSSH PRIVATE KEY----- -b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW -QyNTUxOQAAACDB/dj4D58ROZ/q5W4h6LA0L+rH7RaDbpRbT3Ac0x5ftAAAAJhBQpFGQUKR -RgAAAAtzc2gtZWQyNTUxOQAAACDB/dj4D58ROZ/q5W4h6LA0L+rH7RaDbpRbT3Ac0x5ftA -AAAEBo/NKLeggP3e0TajKznXiAi1/mkK7mmHXgHit2OcyZQsH92PgPnxE5n+rlbiHosDQv -6sftFoNulFtPcBzTHl+0AAAAD2x4Y3NldHVwICgyMDIwKQECAwQFBg== ------END OPENSSH PRIVATE KEY----- -- 2.54.0