caguiclajmg · August 30, 2020 15:56
diff --git a/freeipa-centos8.sh b/freeipa-centos8.sh
 #!/bin/bash

 # Run this script directly from the raw gist: . <(curl -L https://git.io/JUvy1)

 function error {
 	echo -e "\033[0;31m[ERROR] ${1}\033[0m"
 	exit $2
 }

 function warn {
 	echo -e "\033[1;33m[WARN] ${1}\033[0m"
 }

 function info {
 	echo -e "\033[1;32m[INFO] ${1}\033[0m"
 }

 read -p "Role (1-Server, 2-Replica) [Server]: " role
 role=${role:-Server}
 case $role in
 	Server|1) role="Server" ;;
 	Replica|2) role="Replica" ;;
 	*) error "Unknown role" 1 ;;
 esac

 read -p "Hostname: " hostname
 [[ -z  "$hostname" ]] && error "Hostname cannot be blank" 1

 read -p "Timezone: " timezone
 timezone=${timezone:-$(cat /etc/timezone)}
 [[ -z "$timezone" ]] && error "Invalid timezone specified" 1

 read -p "Domain: " domain
 [[ -z "$domain" ]] && error "Invalid domain specified" 1

 read -p "Realm: " realm
 [[ -z "$realm" ]] && error "Invalid realm specified" 1

 read -s -p "Admin Password: " password_admin; printf "\n"
 [[ -z "$password_admin" ]] && error "Admin Password cannot be blank" 1

 read -p "Enable NTP (Y/N) [N]: " enable_ntp
 enable_ntp=${enable_ntp:-N}

 read -p "Enable DNS (Y/N) [Y]: " enable_dns
 enable_dns=${enable_dns:-Y}

 read -p "Enable automatic home directory creation (Y/N) [Y]: " enable_mkhomedir
 enable_mkhomedir=${enable_mkhomedir:-Y}

 read -p "Enable temporary swap during installation (Y/N) [N]: " enable_tmpswap
 enable_tmpswap=${enable_tmpswap:-N}

 if [[ "$role" == "Server" ]]; then
 	read -s -p "DM Password: " password_dm; printf "\n"
 	[[ -z "$password-dm" ]] && error "Invalid DM Password specified" 1
 else
 	read -p "Server: " server
 	[[ -z "$server" ]] && error "Invalid server specified" 1

 	read -p "Force Join (Y/N) [N]: " force_join
 	force_join=${force_join:-N}
 fi

 if [[ "$enable_tmpswap" == "Y" ]]; then
 	info "Setting up temporary swap file"
 	swap_path=/var/freeipa.swap.tmp

 	if [[ ! -z "$(swapon -s | grep ${swap_path})" ]]; then
 		swapoff $swap_path
 		rm -f $swap_path
 	fi

 	dd if=/dev/zero of=$swap_path bs=1M count=1024 >& /dev/null
 	chmod 600 $swap_path
 	mkswap $swap_path &> /dev/null
 	swapon $swap_path
 fi

 fqdn="${hostname}.${domain}"
 info "Setting up ${fqdn} as a FreeIPA ${role}"

 ip4="$(echo $(ip a | awk '/inet / {print $2}') | cut -d ' ' -f 2 | cut -d/ -f 1)"
 info "Primary IPv4 address: ${ip4}"

 ip6="$(echo $(ip a | awk '/inet6 / {print $2}') | cut -d ' ' -f 2 | cut -d/ -f 1)"
 info "Primary IPv6 address: ${ip6}"

 info "Setting up /etc/hosts"
 [[ -z "$(cat /etc/hosts | grep ${fqdn})" ]] && echo -e "${ip4}\t${fqdn}\t${hostname}" >> /etc/hosts
 [[ -z "$(cat /etc/hosts | grep ${fqdn})" ]] && echo -e "${ip6}\t${fqdn}\t${hostname}" >> /etc/hosts

 info "Setting timezone to ${timezone}"
 timedatectl set-timezone $timezone
 sleep 2

 info "Performing initial system update"
 dnf --quiet -y upgrade

 info "Setting hostname to ${fqdn}"
 hostnamectl set-hostname "$fqdn"

 info "Installing FreeIPA"
 dnf module install -y idm:DL1/{server,client,dns} &> /dev/null

 info "Setting up firewall rules"
 firewall-cmd --add-port="22/tcp" --permanent &> /dev/null
 firewall-cmd --add-service={http,https,ldap,ldaps,kerberos,kpasswd} --permanent &> /dev/null
 [[ "$enable_ntp" == "Y" ]] && firewall-cmd --add-service=ntp --permanent &> /dev/null
 [[ "$enable_dns" == "Y" ]] && firewall-cmd --add-service=dns --permanent &> /dev/null
 firewall-cmd --add-port={9443,9444,9445,7389}/{tcp,udp} &> /dev/null
 firewall-cmd --reload &> /dev/null

 ipa_install_args="-U -n ${domain} -r ${realm} --hostname ${fqdn} --setup-kra --ssh-trust-dns"
 [[ "$enable_mkhomedir" == "Y" ]] && ipa_install_args+=" --mkhomedir"
 [[ "$enable_ntp" == "N" ]] && ipa_install_args+=" -N"
 [[ "$enable_dns" == "Y" ]] && ipa_install_args+=" --setup-dns --allow-zone-overlap --auto-reverse --no-forwarders --forward-policy first"

 if [[ "$role" == "Server" ]]; then
 	ipa_install_args+=" -p ${password_dm} -a ${password_admin}"
 	ipa_install_command="ipa-server-install"
 else
 	ipa_install_args+=" --server ${server} -P admin -p ${password_admin} --setup-ca"
 	[[ "$force_join" == "Y" ]] && ipa_install-args+=" --force-join"
 	ipa_install_command="ipa-replica-install"
 fi

 info "Setting up FreeIPA, this may take some time to complete"
 $ipa_install_command $ipa_install_args &> /tmp/freeipa-install.log
 retval=$?

 if [[ "$enable_tmpswap" == "Y" ]]; then
 	if [[ ! -z "$(swapon -s | grep ${swap_path})" ]]; then
 		info "Stopping FreeIPA services"	
 		ipactl stop
 		
 		info "Deactivating temporary swap file"
 		swapoff $swap_path
 		rm -f $swap_path
 		
 		info "Starting FreeIPA services"
 		ipactl start
 	fi
 fi

 if [[ $retval -ne 0 ]]; then
 	error "FreeIPA installation failed, please see /tmp/freeipa-install.log for details" 2
 else
 	info "FreeIPA installation complete"
 fi
	#!/bin/bash

	# Run this script directly from the raw gist: . <(curl -L https://git.io/JUvy1)

	function error {
	echo -e "\033[0;31m[ERROR] ${1}\033[0m"
	exit $2
	}

	function warn {
	echo -e "\033[1;33m[WARN] ${1}\033[0m"
	}

	function info {
	echo -e "\033[1;32m[INFO] ${1}\033[0m"
	}

	read -p "Role (1-Server, 2-Replica) [Server]: " role
	role=${role:-Server}
	case $role in
	Server\|1) role="Server" ;;
	Replica\|2) role="Replica" ;;
	*) error "Unknown role" 1 ;;
	esac

	read -p "Hostname: " hostname
	[[ -z "$hostname" ]] && error "Hostname cannot be blank" 1

	read -p "Timezone: " timezone
	timezone=${timezone:-$(cat /etc/timezone)}
	[[ -z "$timezone" ]] && error "Invalid timezone specified" 1

	read -p "Domain: " domain
	[[ -z "$domain" ]] && error "Invalid domain specified" 1

	read -p "Realm: " realm
	[[ -z "$realm" ]] && error "Invalid realm specified" 1

	read -s -p "Admin Password: " password_admin; printf "\n"
	[[ -z "$password_admin" ]] && error "Admin Password cannot be blank" 1

	read -p "Enable NTP (Y/N) [N]: " enable_ntp
	enable_ntp=${enable_ntp:-N}

	read -p "Enable DNS (Y/N) [Y]: " enable_dns
	enable_dns=${enable_dns:-Y}

	read -p "Enable automatic home directory creation (Y/N) [Y]: " enable_mkhomedir
	enable_mkhomedir=${enable_mkhomedir:-Y}

	read -p "Enable temporary swap during installation (Y/N) [N]: " enable_tmpswap
	enable_tmpswap=${enable_tmpswap:-N}

	if [[ "$role" == "Server" ]]; then
	read -s -p "DM Password: " password_dm; printf "\n"
	[[ -z "$password-dm" ]] && error "Invalid DM Password specified" 1
	else
	read -p "Server: " server
	[[ -z "$server" ]] && error "Invalid server specified" 1

	read -p "Force Join (Y/N) [N]: " force_join
	force_join=${force_join:-N}
	fi

	if [[ "$enable_tmpswap" == "Y" ]]; then
	info "Setting up temporary swap file"
	swap_path=/var/freeipa.swap.tmp

	if [[ ! -z "$(swapon -s \| grep ${swap_path})" ]]; then
	swapoff $swap_path
	rm -f $swap_path
	fi

	dd if=/dev/zero of=$swap_path bs=1M count=1024 >& /dev/null
	chmod 600 $swap_path
	mkswap $swap_path &> /dev/null
	swapon $swap_path
	fi

	fqdn="${hostname}.${domain}"
	info "Setting up ${fqdn} as a FreeIPA ${role}"

	ip4="$(echo $(ip a \| awk '/inet / {print $2}') \| cut -d ' ' -f 2 \| cut -d/ -f 1)"
	info "Primary IPv4 address: ${ip4}"

	ip6="$(echo $(ip a \| awk '/inet6 / {print $2}') \| cut -d ' ' -f 2 \| cut -d/ -f 1)"
	info "Primary IPv6 address: ${ip6}"

	info "Setting up /etc/hosts"
	[[ -z "$(cat /etc/hosts \| grep ${fqdn})" ]] && echo -e "${ip4}\t${fqdn}\t${hostname}" >> /etc/hosts
	[[ -z "$(cat /etc/hosts \| grep ${fqdn})" ]] && echo -e "${ip6}\t${fqdn}\t${hostname}" >> /etc/hosts

	info "Setting timezone to ${timezone}"
	timedatectl set-timezone $timezone
	sleep 2

	info "Performing initial system update"
	dnf --quiet -y upgrade

	info "Setting hostname to ${fqdn}"
	hostnamectl set-hostname "$fqdn"

	info "Installing FreeIPA"
	dnf module install -y idm:DL1/{server,client,dns} &> /dev/null

	info "Setting up firewall rules"
	firewall-cmd --add-port="22/tcp" --permanent &> /dev/null
	firewall-cmd --add-service={http,https,ldap,ldaps,kerberos,kpasswd} --permanent &> /dev/null
	[[ "$enable_ntp" == "Y" ]] && firewall-cmd --add-service=ntp --permanent &> /dev/null
	[[ "$enable_dns" == "Y" ]] && firewall-cmd --add-service=dns --permanent &> /dev/null
	firewall-cmd --add-port={9443,9444,9445,7389}/{tcp,udp} &> /dev/null
	firewall-cmd --reload &> /dev/null

	ipa_install_args="-U -n ${domain} -r ${realm} --hostname ${fqdn} --setup-kra --ssh-trust-dns"
	[[ "$enable_mkhomedir" == "Y" ]] && ipa_install_args+=" --mkhomedir"
	[[ "$enable_ntp" == "N" ]] && ipa_install_args+=" -N"
	[[ "$enable_dns" == "Y" ]] && ipa_install_args+=" --setup-dns --allow-zone-overlap --auto-reverse --no-forwarders --forward-policy first"

	if [[ "$role" == "Server" ]]; then
	ipa_install_args+=" -p ${password_dm} -a ${password_admin}"
	ipa_install_command="ipa-server-install"
	else
	ipa_install_args+=" --server ${server} -P admin -p ${password_admin} --setup-ca"
	[[ "$force_join" == "Y" ]] && ipa_install-args+=" --force-join"
	ipa_install_command="ipa-replica-install"
	fi

	info "Setting up FreeIPA, this may take some time to complete"
	$ipa_install_command $ipa_install_args &> /tmp/freeipa-install.log
	retval=$?

	if [[ "$enable_tmpswap" == "Y" ]]; then
	if [[ ! -z "$(swapon -s \| grep ${swap_path})" ]]; then
	info "Stopping FreeIPA services"
	ipactl stop

	info "Deactivating temporary swap file"
	swapoff $swap_path
	rm -f $swap_path

	info "Starting FreeIPA services"
	ipactl start
	fi
	fi

	if [[ $retval -ne 0 ]]; then
	error "FreeIPA installation failed, please see /tmp/freeipa-install.log for details" 2
	else
	info "FreeIPA installation complete"
	fi