Syncing /usr/share/ahenk to src and recreating ahenk.install

This commit is contained in:
Tuncay ÇOLAK 2021-03-26 15:31:05 +03:00
parent 5a0bc411c4
commit e01727a215
6 changed files with 178 additions and 79 deletions

View file

@ -70,6 +70,7 @@ usr/share/ahenk/base/registration/execute_sssd_authentication.py
usr/share/ahenk/base/registration/scripts/ldap-login.sh
usr/share/ahenk/base/registration/scripts/ad.sh
usr/share/ahenk/base/registration/scripts
usr/share/ahenk/base/registration/config-files/sssd_ad_dns.conf
usr/share/ahenk/base/registration/config-files/pam_script
usr/share/ahenk/base/registration/config-files/ldap
usr/share/ahenk/base/registration/config-files/krb5_ad.conf

View file

@ -26,11 +26,3 @@ access_provider = ad
ad_gpo_access_control = permissive
ad_gpo_ignore_unreadable = true
enumerate = true
auth_provider = ad
chpass_provider = ad
dyndns_update = true
dyndns_update_ptr = false
###ad_hostname###
ldap_schema = ad
ldap_sasl_mech = gssapi
ldap_krb5_init_creds = true

View file

@ -0,0 +1,36 @@
[nss]
filter_groups = root,adm
filter_users = root,adm
reconnection_retries = 3
[pam]
reconnection_retries = 3
[sssd]
###domains###
config_file_version = 2
services = nss, pam
###[domain/###
###ad_domain###
###krb5_realm###
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = False
fallback_homedir = /home/%u
access_provider = ad
ad_gpo_access_control = permissive
ad_gpo_ignore_unreadable = true
enumerate = true
auth_provider = ad
chpass_provider = ad
dyndns_update = true
dyndns_update_ptr = false
###ad_hostname###
ldap_schema = ad
ldap_sasl_mech = gssapi
ldap_krb5_init_creds = true

View file

@ -7,6 +7,7 @@ from base.util.util import Util
from base.system.system import System
import re
class ExecuteCancelSSSDAdAuthentication:
def __init__(self):
scope = Scope().get_instance()
@ -21,12 +22,22 @@ class ExecuteCancelSSSDAdAuthentication:
# Read information about AD
if self.util.is_exist(self.ad_info_path):
file_data = self.util.read_file_by_line(self.ad_info_path)
self.ip_address = file_data[0].strip("\n")
self.host_name = file_data[1].strip("\n")
self.ip_list = file_data[0].strip("\n").replace("[", "").replace("]", "")
self.host_list = file_data[1].strip("\n").replace("[", "").replace("]", "")
self.domain_name = file_data[2].strip("\n")
self.ip_address = self.ip_list.split(", ")
self.host_name = self.host_list.split(", ")
self.ip_address[0] = self.ip_address[0].replace("'", "")
self.host_name[0] = self.host_name[0].replace("'", "")
self.logger.info(self.ip_address)
self.logger.info(self.host_name)
self.logger.info(self.domain_name)
self.logger.info(self.ip_list)
self.logger.info(self.host_list)
self.logger.info("Information read successfully from ad_info.")
else:
self.logger.error("ad_info file not found")
@ -43,8 +54,8 @@ class ExecuteCancelSSSDAdAuthentication:
file_dhclient = open(dhclient_conf_path, 'r')
file_data = file_dhclient.read()
if "prepend domain-name-servers {};".format(self.ip_address) in file_data:
file_data = file_data.replace(("prepend domain-name-servers {};".format(self.ip_address)),
if "prepend domain-name-servers {};".format(self.ip_address[0]) in file_data:
file_data = file_data.replace(("prepend domain-name-servers {};".format(self.ip_address[0])),
"#prepend domain-name-servers 127.0.0.1;")
self.logger.info("dhclient is reconfigured")
else:
@ -60,17 +71,11 @@ class ExecuteCancelSSSDAdAuthentication:
file_hosts = open(hosts_conf_path, 'r')
file_data = file_hosts.read()
if ("{0} {1}".format(self.ip_address, self.domain_name)) in file_data:
file_data = file_data.replace(("{0} {1}".format(self.ip_address, self.domain_name)), " ")
self.logger.info("hosts is deleted")
else:
self.logger.error("hosts domain is not deleted")
if ("{0} {1}".format(self.ip_address, self.host_name)) in file_data:
file_data = file_data.replace(("{0} {1}".format(self.ip_address, self.host_name)), " ")
self.logger.info("hosts is deleted")
else:
self.logger.error("hosts hostname is not deleted")
for ip, host in zip(self.ip_address, self.host_name):
ip = ip.replace("'", "")
host = host.replace("'", "")
if ("{0} {1} {2}".format(ip, host, self.domain_name)) in file_data:
file_data = file_data.replace(("{0} {1} {2}".format(ip, host, self.domain_name)), " ")
file_hosts.close()
file_hosts = open(hosts_conf_path, 'w')
@ -98,8 +103,8 @@ class ExecuteCancelSSSDAdAuthentication:
file_resolv = open(resolv_conf_path, 'r')
file_data = file_resolv.read()
if ("nameserver {0}".format(self.ip_address)) in file_data:
file_data = file_data.replace(("nameserver {0}".format(self.ip_address)), "")
if ("nameserver {0}".format(self.ip_address[0])) in file_data:
file_data = file_data.replace(("nameserver {0}".format(self.ip_address[0])), "")
self.logger.info("resolv.conf is configured")
else:
self.logger.error("resolv is not configured")
@ -116,7 +121,6 @@ class ExecuteCancelSSSDAdAuthentication:
else:
self.logger.error("ad_info file not found")
self.logger.info("AD Login iptal etme işlemi başarı ile sağlandı.")
return True

View file

@ -7,6 +7,7 @@ from base.util.util import Util
from base.system.system import System
import time
class ExecuteSSSDAdAuthentication:
def __init__(self):
scope = Scope().get_instance()
@ -14,8 +15,9 @@ class ExecuteSSSDAdAuthentication:
self.util = Util()
self.system = System()
def authenticate(self, domain_name, host_name, ip_address, password, ad_username):
def authenticate(self, domain_name, host_name, ip_address, password, ad_username, dynamic_dns_update):
try:
# Installation of required packages
(result_code, p_out, p_err) = self.util.execute(
"sudo apt-get -y install realmd")
@ -24,6 +26,15 @@ class ExecuteSSSDAdAuthentication:
else:
self.logger.error("İndirmeler Başarısız : " + str(p_err))
# Split datas that Lider send
self.logger.info(host_name)
self.logger.info(ip_address)
ip_address_split = ip_address.split(",")
host_name_split = host_name.split(",")
ip_address = ip_address_split[0]
host_name = host_name_split[0]
# Execute the commands that require for leave
(result_code, p_out, p_err) = self.util.execute("realm leave")
if (result_code == 0):
@ -40,8 +51,10 @@ class ExecuteSSSDAdAuthentication:
file_default_ad_info = open(default_ad_info_path, 'r')
file_data = file_default_ad_info.read()
file_data = file_data + ("{}".format(ip_address)) + "\n" + ("{}".format(host_name)) + "\n" + (
file_data = file_data + ("{}".format(ip_address_split)) + "\n" + (
"{}".format(host_name_split)) + "\n" + (
"{}".format(domain_name)) + "\n" + ("{}".format(ad_username))
self.logger.info("/etc/ahenk/ad_info bilgiler girildi.")
file_default_ad_info.close()
file_default_ad_info = open(default_ad_info_path, 'w')
@ -101,17 +114,8 @@ class ExecuteSSSDAdAuthentication:
file_default_hosts = open(host_path, 'r')
file_data = file_default_hosts.read()
if ("{0} {1}".format(ip_address, host_name)) not in file_data:
file_data = file_data + "\n" + ("{0} {1}".format(ip_address, host_name))
self.logger.info("/etc/hosts is configured for hostname")
else:
self.logger.info("/etc/hosts is NOT configured for hostname")
if ("{0} {1}".format(ip_address, domain_name)) not in file_data:
file_data = file_data + "\n" + ("{0} {1}".format(ip_address, domain_name))
self.logger.info("/etc/hosts is configured for domainname")
else:
self.logger.info("/etc/hosts is NOT configured for domainname")
for ips, hostnames in zip(ip_address_split, host_name_split):
file_data = file_data + "\n" + ips + " " + hostnames + " " + domain_name
file_default_hosts.close()
file_default_hosts = open(host_path, 'w')
@ -119,15 +123,18 @@ class ExecuteSSSDAdAuthentication:
file_default_hosts.close()
# Execute the script that required for "samba-common" and "krb5"
(result_code, p_out, p_err) = self.util.execute("/bin/bash /usr/share/ahenk/base/registration/scripts/ad.sh {0} {1}".format(domain_name.upper(),host_name))
(result_code, p_out, p_err) = self.util.execute(
"/bin/bash /usr/share/ahenk/base/registration/scripts/ad.sh {0} {1}".format(domain_name.upper(),
host_name))
if(result_code == 0):
if (result_code == 0):
self.logger.info("Script başarılı bir şekilde çalıştırıldı.")
else:
self.logger.error("Script başarısız oldu : " + str(p_err))
# Installation of required packages
(result_code, p_out, p_err) = self.util.execute("sudo apt-get -y install sssd sssd-tools adcli packagekit samba-common-bin samba-libs dnsutils")
(result_code, p_out, p_err) = self.util.execute(
"sudo apt-get -y install sssd sssd-tools adcli packagekit samba-common-bin samba-libs")
if (result_code == 0):
self.logger.info("İndirmeler Başarılı")
else:
@ -172,7 +179,9 @@ class ExecuteSSSDAdAuthentication:
if (self.join_try_counter == 5):
break
else:
(result_code, p_out, p_err) = self.util.execute("echo \"{0}\" | realm join --user={1} {2}".format(password, ad_username, domain_name.upper()))
(result_code, p_out, p_err) = self.util.execute(
"echo \"{0}\" | realm join --user={1} {2}".format(password, ad_username,
domain_name.upper()))
if (result_code == 0):
self.logger.info("Realm Join komutu başarılı")
break
@ -183,6 +192,61 @@ class ExecuteSSSDAdAuthentication:
self.logger.error(e)
self.logger.info("Active Directory Join işlemi esnasında hata oluştu.")
# DynamicDNSUpdate in Active Directory
if dynamic_dns_update == True:
self.logger.info("dynamicDNSUpdate is Activated")
# Installation of required packages
(result_code, p_out, p_err) = self.util.execute(
"sudo apt-get -y install dnsutils")
if (result_code == 0):
self.logger.info("İndirmeler Başarılı")
else:
self.logger.error("İndirmeler Başarısız : " + str(p_err))
# Configure sssd template
sssd_config_template_path = "/usr/share/ahenk/base/registration/config-files/sssd_ad_dns.conf"
sssd_config_folder_path = "/etc/sssd"
sssd_config_file_path = "/etc/sssd/sssd.conf"
if not self.util.is_exist(sssd_config_folder_path):
self.util.create_directory(sssd_config_folder_path)
self.logger.info("{0} folder is created".format(sssd_config_folder_path))
if self.util.is_exist(sssd_config_file_path):
self.util.delete_file(sssd_config_file_path)
self.logger.info("delete sssd org conf")
self.util.copy_file(sssd_config_template_path, sssd_config_folder_path)
self.logger.info(
"{0} config file is copied under {1}".format(sssd_config_template_path, sssd_config_folder_path))
self.util.rename_file("/etc/sssd/sssd_ad_dns.conf", "/etc/sssd/sssd.conf")
# Configure sssd.conf
file_sssd = open(sssd_config_file_path, 'r')
file_data = file_sssd.read()
file_data = file_data.replace("###domains###", "domains = {}".format(domain_name))
file_data = file_data.replace("###[domain/###", "[domain/{}]".format(domain_name))
file_data = file_data.replace("###ad_domain###", "ad_domain = {}".format(domain_name))
file_data = file_data.replace("###krb5_realm###", "krb5_realm = {}".format(domain_name.upper()))
file_data = file_data.replace("###ad_hostname###",
"ad_hostname = {0}.{1}".format(self.system.Os.hostname(),
domain_name.lower()))
file_sssd.close()
file_sssd = open(sssd_config_file_path, 'w')
file_sssd.write(file_data)
file_sssd.close()
# Arrangement of chmod as 600 for sssd.conf
(result_code, p_out, p_err) = self.util.execute("chmod 600 {}".format(sssd_config_file_path))
if (result_code == 0):
self.logger.info("Chmod komutu başarılı bir şekilde çalıştırıldı")
else:
self.logger.error("Chmod komutu başarısız : " + str(p_err))
else:
self.logger.info("dynamicDNSUpdate is NOT Activated")
# Configure sssd template
sssd_config_template_path = "/usr/share/ahenk/base/registration/config-files/sssd_ad.conf"
sssd_config_folder_path = "/etc/sssd"
@ -197,7 +261,8 @@ class ExecuteSSSDAdAuthentication:
self.logger.info("delete sssd org conf")
self.util.copy_file(sssd_config_template_path, sssd_config_folder_path)
self.logger.info("{0} config file is copied under {1}".format(sssd_config_template_path, sssd_config_folder_path))
self.logger.info(
"{0} config file is copied under {1}".format(sssd_config_template_path, sssd_config_folder_path))
self.util.rename_file("/etc/sssd/sssd_ad.conf", "/etc/sssd/sssd.conf")
# Configure sssd.conf
@ -208,7 +273,6 @@ class ExecuteSSSDAdAuthentication:
file_data = file_data.replace("###[domain/###", "[domain/{}]".format(domain_name))
file_data = file_data.replace("###ad_domain###", "ad_domain = {}".format(domain_name))
file_data = file_data.replace("###krb5_realm###", "krb5_realm = {}".format(domain_name.upper()))
file_data = file_data.replace("###ad_hostname###", "ad_hostname = {0}.{1}".format(self.system.Os.hostname(), domain_name.lower()))
file_sssd.close()
file_sssd = open(sssd_config_file_path, 'w')
@ -217,7 +281,7 @@ class ExecuteSSSDAdAuthentication:
# Arrangement of chmod as 600 for sssd.conf
(result_code, p_out, p_err) = self.util.execute("chmod 600 {}".format(sssd_config_file_path))
if(result_code == 0):
if (result_code == 0):
self.logger.info("Chmod komutu başarılı bir şekilde çalıştırıldı")
else:
self.logger.error("Chmod komutu başarısız : " + str(p_err))
@ -236,7 +300,8 @@ class ExecuteSSSDAdAuthentication:
self.logger.info("delete krb5 org conf")
self.util.copy_file(krb5_config_template_path, krb5_config_folder_path)
self.logger.info("{0} config file is copied under {1}".format(krb5_config_template_path, krb5_config_folder_path))
self.logger.info(
"{0} config file is copied under {1}".format(krb5_config_template_path, krb5_config_folder_path))
self.util.rename_file("/etc/krb5_ad.conf", "/etc/krb5.conf")
# Configure krb5_ad.conf
@ -250,7 +315,7 @@ class ExecuteSSSDAdAuthentication:
# Arrangement of chmod as 644 for krb5_ad.conf
(result_code, p_out, p_err) = self.util.execute("chmod 644 {}".format(krb5_config_file_path))
if(result_code == 0):
if (result_code == 0):
self.logger.info("Chmod komutu başarılı bir şekilde çalıştırıldı")
else:
self.logger.error("Chmod komutu başarısız : " + str(p_err))
@ -268,7 +333,7 @@ class ExecuteSSSDAdAuthentication:
self.util.delete_file(default_sssd_path)
self.logger.info("delete sssd org conf")
if "LC_ALL=\"tr_CY.UTF-8\"" not in file_data :
if "LC_ALL=\"tr_CY.UTF-8\"" not in file_data:
file_data = file_data + "\n" + "LC_ALL=\"tr_CY.UTF-8\""
self.logger.info("/etc/default/sssd is configured")

View file

@ -201,12 +201,13 @@ class Registration:
ip_address = str(reg_reply['adIpAddress'])
password = str(reg_reply['adAdminPassword'])
ad_username = str(reg_reply['adAdminUserName'])
dynamic_dns_update = reg_reply['dynamicDNSUpdate']
if domain_name is None or host_name is None or ip_address is None or password is None :
self.logger.error("Registration params is null")
return
self.ad_login.authenticate(domain_name, host_name, ip_address, password, ad_username)
self.ad_login.authenticate(domain_name, host_name, ip_address, password, ad_username, dynamic_dns_update)
def registration_error(self, reg_reply):
self.re_register()