Update for 15

turnkeylinux-apps · Mar 23, 2018 · a72dbeb · a72dbeb
1 parent 8e4bc50
commit a72dbeb
Show file tree

Hide file tree

Showing 5 changed files with 62 additions and 31 deletions.
diff --git a/changelog b/changelog
@@ -1,3 +1,14 @@
+turnkey-domain-controller-15.0 (1) turnkey; urgency=low
+
+  * Install Adminer directly from stretch/main repo
+
+  * Replace MySQL with MariaDB
+
+  * Note: Please refer to turnkey-core's changelog for changes common to all
+    appliances. Here we only describe changes specdific to this appliance.
+
+ -- Vlad Kuzmenko <vlad.work.here@gmail.com>  Thu, 24 Mar 2018 00:30:42 +0200
+
 turnkey-domain-controller-14.2 (1) turnkey; urgency=low
 
   * Updated first boot inithooks to use updated Dialog password prompt

diff --git a/conf.d/main b/conf.d/main
@@ -13,3 +13,5 @@ ln -s /usr/share/doc/samba-doc/htmldocs /var/www/samba
 # tweak tkl-webcp
 sed -i "s|padding: 5pt 8px;|padding: 5pt 8px 25pt 8px;|" /var/www/css/base.css
 
+chmod +x /usr/lib/inithooks/bin/sambaconf.sh
+systemctl unmask samba-ad-dc
diff --git a/overlay/usr/lib/inithooks/bin/domain-controller.py b/overlay/usr/lib/inithooks/bin/domain-controller.py
@@ -89,37 +89,8 @@ def main():
                 "Enter new password for the samba 'administrator' account.",
                 pass_req=8, min_complexity=3)
 
-    # stop Samba service(s) - in case it's already running
-    system("/etc/init.d/samba stop >/dev/null || true")
-    system("/etc/init.d/samba-ad-dc stop >/dev/null || true")
-
-    # just in case Samba4 has been set up Samba3 style
-    system("/etc/init.d/smbd stop >/dev/null || true")
-    system("/etc/init.d/nmbd stop >/dev/null || true")
-
-    remove('/etc/samba/smb.conf')
-
-    system('samba-tool domain provision --realm {REALM} --domain {DOMAIN} --adminpass {ADMIN_PASSWORD} --server-role=dc --use-rfc2307 --option="dns forwarder = 8.8.8.8"'.format(REALM = realm, DOMAIN = domain, ADMIN_PASSWORD = admin_password))
-
-    system('samba-tool user setexpiry {ADMIN_USER} --noexpiry'.format(ADMIN_USER=ADMIN_USER))
-
-    system('samba-tool domain exportkeytab /etc/krb5.keytab')
-
-    system('chown root:root /etc/krb5.keytab; chmod 600 /etc/krb5.keytab')
 
-    system('ln -sf /var/lib/samba/private/krb5.conf /etc/krb5.conf')
-
-    system('sed -i "s/domain.*/domain {REALM}/" /etc/resolvconf/resolv.conf.d/head'.format(REALM = realm))
-    system('sed -i "s/search.*/search {REALM}/" /etc/resolvconf/resolv.conf.d/head'.format(REALM = realm))
-
-    system('service samba-ad-dc start')
-
-    system('sleep 5')
-
-    system('echo {ADMIN_PASSWORD} | kinit {ADMIN_USER}@{REALM}'.format(ADMIN_PASSWORD=admin_password, ADMIN_USER=ADMIN_USER, REALM=realm.upper()))
-
-    system("/etc/init.d/samba-ad-dc restart >/dev/null || true")
+    system('/usr/lib/inithooks/bin/sambaconf.sh -r {REALM} -d {DOMAIN} -u {ADMIN_USER} -p {ADMIN_PASSWORD}'.format(DOMAIN = domain, ADMIN_PASSWORD=admin_password, ADMIN_USER=ADMIN_USER, REALM=realm))
 
 if __name__ == "__main__":
     main()
-
diff --git a/overlay/usr/lib/inithooks/bin/sambaconf.sh b/overlay/usr/lib/inithooks/bin/sambaconf.sh
@@ -0,0 +1,45 @@
+#!/bin/bash -e
+
+while getopts d:r:u:p: option
+    do
+        case "${option}"
+        in
+        d) DOMAIN=${OPTARG};;
+        r) REALM=${OPTARG};;
+        u) ADMIN_USER=${OPTARG};;
+        p) ADMIN_PASSWORD=$OPTARG;;
+    esac
+done
+
+# stop Samba service(s) - in case it's already running
+/etc/init.d/samba stop >/dev/null || true
+/etc/init.d/samba-ad-dc stop >/dev/null || true
+
+# just in case Samba4 has been set up Samba3 style
+/etc/init.d/smbd stop >/dev/null || true
+/etc/init.d/nmbd stop >/dev/null || true
+
+rm /etc/samba/smb.conf
+
+samba-tool domain provision --realm $REALM --domain $DOMAIN --adminpass $ADMIN_PASSWORD --server-role=dc --use-rfc2307 --option="dns forwarder = 8.8.8.8"
+
+samba-tool user setexpiry $ADMIN_USER --noexpiry
+
+samba-tool domain exportkeytab /etc/krb5.keytab
+
+chown root:root /etc/krb5.keytab; chmod 600 /etc/krb5.keytab
+
+ln -sf /var/lib/samba/private/krb5.conf /etc/krb5.conf
+
+sed -i "s/domain.*/domain $REALM/" /etc/resolvconf/resolv.conf.d/head
+sed -i "s/search.*/search $REALM/" /etc/resolvconf/resolv.conf.d/head
+
+service samba-ad-dc start
+
+sleep 5
+
+REALM=$(echo "$REALM" | tr '[:lower:]' '[:upper:]')
+
+echo $ADMIN_PASSWORD | kinit $ADMIN_USER@$REALM
+
+/etc/init.d/samba-ad-dc restart >/dev/null || true
diff --git a/plan/main b/plan/main
@@ -8,7 +8,9 @@ acl
 attr  /* Samba AD dependency */
 krb5-user
 samba-vfs-modules
-samba-doc
+
+samba-dsdb-modules
+ldb-tools
 
 lighttpd
 winbind