Systems/OS/FreeBSD
Revision as of 18:38, 20 September 2014 by Amishhammer (talk | contribs) (Created page with " = FreeBSD = == Bootstrapping a node == * Install base os * Update base with security updates ** freebsd-update fetch ** freebsd-update install * Reboot * Update ports tree...")
FreeBSD
Bootstrapping a node
- Install base os
- Update base with security updates
- freebsd-update fetch
- freebsd-update install
- Reboot
- Update ports tree
- portsnap fetch extract
- Install base packages
- cd /usr/ports/ports-mgmt/portmaster
- make install distclean
- rehash
- portmaster -d shells/bash editors/vim-lite sysutils/tmux net/nss-pam-ldapd-sasl sysutils/msktutil security/cyrus-sasl2-gssapi
- NOTE: Make sure to enable GSSAPI for openldap-sasl-client
- rehash
- Setup /etc/krb5.conf
- Setup /usr/local/etc/openldap/ldap.conf
- Install samba ssl root CA cert in /usr/local/etc/trusted.pem
- Join the box to the domain
- kinit [email protected]
- msktutil -c --server=bob
- Install /usr/local/sbin/renew.sh (chmod +x)
- Install /etc/periodic/hourly/100.renew (chmod +x)
- Enable hourly periodics in /etc/crontab
- 0 * * * * root periodic hourly
/etc/periodic/100.renew
#!/bin/sh if [ -r /etc/defaults/periodic.conf ] then . /etc/defaults/periodic.conf source_periodic_confs fi /usr/local/sbin/renew.sh exit 0
/usr/local/sbin/renew.sh
#!/bin/sh HOSTNAME=`/bin/hostname -s` TMPFILE=`/usr/bin/mktemp /tmp/kinit_XXXXXX` moveCC() { /usr/bin/install -S -o root -g wheel -m 0600 $TMPFILE /tmp/krb5cc_0 /usr/bin/install -S -o nslcd -g nslcd -m 0600 $TMPFILE /tmp/krb5cc_928 /bin/rm $TMPFILE } for tries in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 do /usr/bin/kinit -c $TMPFILE -t /etc/krb5.keytab ${HOSTNAME}\$ if [ $? -eq 0 ]; then moveCC break; exit fi sleep 30 done