From b128a5cb9f693cca2ca8d755675ae93112a292cc Mon Sep 17 00:00:00 2001 From: Thomas Woerner Date: Thu, 10 Oct 2024 12:04:02 +0200 Subject: [PATCH] fixipaip infra image service: No need for hard coded admin password The admin password is not needed for the system service as it running as root. The use of `-e in_server=true` is sufficient for all ipa calls. --- infra/image/system-service/fixipaip.sh | 30 +++++++++++--------------- 1 file changed, 13 insertions(+), 17 deletions(-) diff --git a/infra/image/system-service/fixipaip.sh b/infra/image/system-service/fixipaip.sh index ed11a2b6a4..bc895bb420 100755 --- a/infra/image/system-service/fixipaip.sh +++ b/infra/image/system-service/fixipaip.sh @@ -55,35 +55,31 @@ echo " IP: '${IP}'" echo " PTR: '${PTR}'" echo " FORWARDER: '${FORWARDER}'" -if ! echo "SomeADMINpassword" | kinit -c "${KRB5CCNAME}" admin >/dev/null -then - echo "ERROR: Failed to obtain Kerberos ticket" - exit 1 -fi - -ZONES=$(ipa dnszone-find --name-from-ip="${HOSTNAME}." --raw --pkey-only \ - | grep "idnsname:" | awk -F": " '{print $2}') +ZONES=$(ipa -e in_server=true dnszone-find --name-from-ip="${HOSTNAME}." \ + --raw --pkey-only | grep "idnsname:" | awk -F": " '{print $2}') for zone in ${ZONES}; do echo if [[ "${zone}" == *".in-addr.arpa."* ]]; then echo "Fixing reverse zone ${zone}:" - OLD_PTR=$(ipa dnsrecord-find "${zone}" --ptr-rec="${HOSTNAME}." \ - --raw | grep "idnsname:" | awk -F": " '{print $2}') + OLD_PTR=$(ipa -e in_server=true dnsrecord-find "${zone}" \ + --ptr-rec="${HOSTNAME}." --raw | grep "idnsname:" | \ + awk -F": " '{print $2}') if [ -z "${OLD_PTR}" ] || [ -n "${OLD_PTR//[0-9]}" ]; then echo "ERROR: Failed to get old PTR from '${zone}': '${OLD_PTR}'" else - ipa dnsrecord-mod "${zone}" "${OLD_PTR}" --ptr-rec="${HOSTNAME}." \ - --rename="${PTR}" || true + ipa -e in_server=true dnsrecord-mod "${zone}" "${OLD_PTR}" \ + --ptr-rec="${HOSTNAME}." --rename="${PTR}" || true fi else echo "Fixing forward zone ${zone}:" - ipa dnsrecord-mod test.local "${HOSTNAME%%.*}" --a-rec="$IP" || true - ipa dnsrecord-mod test.local ipa-ca --a-rec="$IP" || true + ipa -e in_server=true dnsrecord-mod test.local "${HOSTNAME%%.*}" \ + --a-rec="$IP" || true + ipa -e in_server=true dnsrecord-mod test.local ipa-ca \ + --a-rec="$IP" || true fi done -ipa dnsserver-mod "${HOSTNAME}" --forwarder="${FORWARDER}" || true - -kdestroy -c "${KRB5CCNAME}" -A +ipa -e in_server=true dnsserver-mod "${HOSTNAME}" \ + --forwarder="${FORWARDER}" || true exit 0