483
edits
Changes
Jump to navigation
Jump to search
= FreeBSD =
== Bootstrapping a node ==
* Install base os
* Update base with security updates
** freebsd-update fetch
** freebsd-update install
* Reboot
* Update ports tree
** portsnap fetch extract
* Install base packages
** cd /usr/ports/ports-mgmt/portmaster
** make install distclean
** rehash
** portmaster -d shells/bash editors/vim-lite sysutils/tmux net/nss-pam-ldapd-sasl sysutils/msktutil security/cyrus-sasl2-gssapi
*** NOTE: Make sure to enable GSSAPI for openldap-sasl-client
** rehash
* Setup /etc/krb5.conf
* Setup /usr/local/etc/openldap/ldap.conf
* Install samba ssl root CA cert in /usr/local/etc/trusted.pem
* Join the box to the domain
** kinit [email protected]
** msktutil -c --server=bob
** Install /usr/local/sbin/renew.sh (chmod +x)
** Install /etc/periodic/hourly/100.renew (chmod +x)
** Enable hourly periodics in /etc/crontab
*** 0 * * * * root periodic hourly
== /etc/periodic/100.renew ==
<pre>
#!/bin/sh
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
/usr/local/sbin/renew.sh
exit 0
</pre>
== /usr/local/sbin/renew.sh ==
<pre>
#!/bin/sh
HOSTNAME=`/bin/hostname -s`
TMPFILE=`/usr/bin/mktemp /tmp/kinit_XXXXXX`
moveCC() {
/usr/bin/install -S -o root -g wheel -m 0600 $TMPFILE /tmp/krb5cc_0
/usr/bin/install -S -o nslcd -g nslcd -m 0600 $TMPFILE /tmp/krb5cc_928
/bin/rm $TMPFILE
}
for tries in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60
do
/usr/bin/kinit -c $TMPFILE -t /etc/krb5.keytab ${HOSTNAME}\$
if [ $? -eq 0 ]; then
moveCC
break; exit
fi
sleep 30
done
</pre>
Created page with " = FreeBSD = == Bootstrapping a node == * Install base os * Update base with security updates ** freebsd-update fetch ** freebsd-update install * Reboot * Update ports tree..."
= FreeBSD =
== Bootstrapping a node ==
* Install base os
* Update base with security updates
** freebsd-update fetch
** freebsd-update install
* Reboot
* Update ports tree
** portsnap fetch extract
* Install base packages
** cd /usr/ports/ports-mgmt/portmaster
** make install distclean
** rehash
** portmaster -d shells/bash editors/vim-lite sysutils/tmux net/nss-pam-ldapd-sasl sysutils/msktutil security/cyrus-sasl2-gssapi
*** NOTE: Make sure to enable GSSAPI for openldap-sasl-client
** rehash
* Setup /etc/krb5.conf
* Setup /usr/local/etc/openldap/ldap.conf
* Install samba ssl root CA cert in /usr/local/etc/trusted.pem
* Join the box to the domain
** kinit [email protected]
** msktutil -c --server=bob
** Install /usr/local/sbin/renew.sh (chmod +x)
** Install /etc/periodic/hourly/100.renew (chmod +x)
** Enable hourly periodics in /etc/crontab
*** 0 * * * * root periodic hourly
== /etc/periodic/100.renew ==
<pre>
#!/bin/sh
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
/usr/local/sbin/renew.sh
exit 0
</pre>
== /usr/local/sbin/renew.sh ==
<pre>
#!/bin/sh
HOSTNAME=`/bin/hostname -s`
TMPFILE=`/usr/bin/mktemp /tmp/kinit_XXXXXX`
moveCC() {
/usr/bin/install -S -o root -g wheel -m 0600 $TMPFILE /tmp/krb5cc_0
/usr/bin/install -S -o nslcd -g nslcd -m 0600 $TMPFILE /tmp/krb5cc_928
/bin/rm $TMPFILE
}
for tries in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60
do
/usr/bin/kinit -c $TMPFILE -t /etc/krb5.keytab ${HOSTNAME}\$
if [ $? -eq 0 ]; then
moveCC
break; exit
fi
sleep 30
done
</pre>