adept 0.2.0 → 0.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +2 -0
- data/Gemfile.lock +10 -1
- data/exe/adept_init +167 -0
- data/lib/adept/version.rb +1 -1
- metadata +6 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: d5bedad126846aebb4c2156acc53d8a8a7ae3b1f5148e59a781161bc1ace463e
|
4
|
+
data.tar.gz: 6fd92e3fbecc2f578dcd44fec7f9fd4ad800cfd95fd5129f5505f855d2537a93
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 3513db3b9ba465eca4ff5560204ea467dd886ab4c2f2f357f41c3c909cf0f8832cb6df46a16512fd75adca18247e1cf1c9199fab3f8793173fc005c4f7baef99
|
7
|
+
data.tar.gz: 94e11bf1cb30f1ed27f5877167c6030a23c26515a69931580bd51ab9ab1e11ab205b283ab0884247f574b156276c2034f352aafd713fbac77534a9d514f416c3
|
data/Gemfile
CHANGED
data/Gemfile.lock
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
adept (0.
|
4
|
+
adept (0.2.0)
|
5
5
|
|
6
6
|
GEM
|
7
7
|
remote: https://rubygems.org/
|
@@ -13,6 +13,7 @@ GEM
|
|
13
13
|
parallel (1.22.1)
|
14
14
|
parser (3.2.1.0)
|
15
15
|
ast (~> 2.4.1)
|
16
|
+
prettier_print (1.2.0)
|
16
17
|
rainbow (3.1.1)
|
17
18
|
rake (13.0.6)
|
18
19
|
regexp_parser (2.7.0)
|
@@ -45,11 +46,18 @@ GEM
|
|
45
46
|
rubocop-performance (1.15.2)
|
46
47
|
rubocop (>= 1.7.0, < 2.0)
|
47
48
|
rubocop-ast (>= 0.4.0)
|
49
|
+
ruby-lsp (0.3.8)
|
50
|
+
language_server-protocol (~> 3.17.0)
|
51
|
+
sorbet-runtime
|
52
|
+
syntax_tree (>= 5.0.0, < 6)
|
48
53
|
ruby-progressbar (1.11.0)
|
54
|
+
sorbet-runtime (0.5.10658)
|
49
55
|
standard (1.24.2)
|
50
56
|
language_server-protocol (~> 3.17.0.2)
|
51
57
|
rubocop (= 1.44.1)
|
52
58
|
rubocop-performance (= 1.15.2)
|
59
|
+
syntax_tree (5.3.0)
|
60
|
+
prettier_print (>= 1.2.0)
|
53
61
|
unicode-display_width (2.4.2)
|
54
62
|
|
55
63
|
PLATFORMS
|
@@ -59,6 +67,7 @@ DEPENDENCIES
|
|
59
67
|
adept!
|
60
68
|
rake (~> 13.0)
|
61
69
|
rspec (~> 3.0)
|
70
|
+
ruby-lsp (~> 0.3.8)
|
62
71
|
standard (~> 1.3)
|
63
72
|
|
64
73
|
BUNDLED WITH
|
data/exe/adept_init
ADDED
@@ -0,0 +1,167 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
# frozen_string_literal: true
|
3
|
+
require "socket"
|
4
|
+
require 'io/console'
|
5
|
+
|
6
|
+
# Make sure we run with super user privileges, also start in home directory
|
7
|
+
user = `whoami`.strip
|
8
|
+
if user != "root"
|
9
|
+
puts "adept_init: Please run this script with super user privileges"
|
10
|
+
exit 1
|
11
|
+
end
|
12
|
+
Dir.chdir ENV["HOME"]
|
13
|
+
|
14
|
+
# Get input from user on options to configure the domain controller
|
15
|
+
#
|
16
|
+
# Variables:
|
17
|
+
# fqdn Fully qualified domain name of the domain controller (i.e. dc1.example.com), we'll use this to extrapolate other values
|
18
|
+
# hostname The first part of the FQDN (the actual name of the domain controller, i.e. dc1)
|
19
|
+
# realm The kerberos realm, which is the part in the FQDN after the hostname, all uppercase
|
20
|
+
# domain Workgroup (typically take from a string in the FQDN, but can realistically be whatever)
|
21
|
+
# dns The DNS backend for samba (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_LMZ, NONE)
|
22
|
+
# password Domain administrator password
|
23
|
+
#
|
24
|
+
print "Enter the FQDN for the domain controller (i.e. dc1.example.com): "
|
25
|
+
fqdn = gets.chomp
|
26
|
+
hostname = fqdn.split(".")[0]
|
27
|
+
realm = fqdn.split(".")[1..].join(".").upcase
|
28
|
+
domain = realm.split(".")[0]
|
29
|
+
print "Enter the netbios domain [#{domain}]: "
|
30
|
+
domain_input = gets.chomp
|
31
|
+
domain = domain_input unless domain_input.empty?
|
32
|
+
dns = "SAMBA_INTERNAL"
|
33
|
+
print "Enter the DNS backend for samba [#{dns}]: "
|
34
|
+
dns_input = gets.chomp
|
35
|
+
dns = dns_input unless dns_input.empty?
|
36
|
+
|
37
|
+
password = ""
|
38
|
+
while password.empty?
|
39
|
+
print "Enter the password for the domain administrator: "
|
40
|
+
password = STDIN.noecho(&:gets).chomp
|
41
|
+
puts ""
|
42
|
+
end
|
43
|
+
|
44
|
+
print "Re-enter domain administrator password: "
|
45
|
+
repassword = STDIN.noecho(&:gets).chomp
|
46
|
+
puts ""
|
47
|
+
|
48
|
+
if password != repassword
|
49
|
+
puts "adept_init: Passwords do not match"
|
50
|
+
exit 1
|
51
|
+
end
|
52
|
+
|
53
|
+
# Enable codeready-builder repo
|
54
|
+
puts "== adept_init: Enable codeready-builder repository =="
|
55
|
+
`subscription-manager repos --enable codeready-builder-for-rhel-9-x86_64-rpms`
|
56
|
+
|
57
|
+
# Install dependencies
|
58
|
+
puts "== adept_init: Install dependencies =="
|
59
|
+
`yum -y install docbook-style-xsl gcc gdb gnutls-devel gpgme-devel jansson-devel keyutils-libs-devel krb5-workstation libacl-devel libaio-devel libarchive-devel libattr-devel libblkid-devel libtasn1 libtasn1-tools libxml2-devel libxslt lmdb-devel openldap-devel pam-devel perl perl-ExtUtils-MakeMaker perl-Parse-Yapp popt-devel python3-cryptography python3-dns python3-gpg python3-devel readline-devel rpcgen systemd-devel tar flex bison dbus dbus-devel python3-markdown zlib-devel`
|
60
|
+
|
61
|
+
# Install JSON module for perl
|
62
|
+
`cpan install JSON`
|
63
|
+
|
64
|
+
# Download and extract samba
|
65
|
+
puts "== adept_init: Download and extract samba =="
|
66
|
+
# TODO: Grab the latest version, instead of a hardcoded version
|
67
|
+
`curl -LO https://download.samba.org/pub/samba/stable/samba-4.17.5.tar.gz`
|
68
|
+
`tar xzvf samba-4.17.5.tar.gz`
|
69
|
+
Dir.chdir "samba-4.17.5"
|
70
|
+
|
71
|
+
# Configure, build, and install samba
|
72
|
+
puts "== adept_init: Build and install samba =="
|
73
|
+
`./configure`
|
74
|
+
`make -j4`
|
75
|
+
`make install`
|
76
|
+
|
77
|
+
# Set the hostname
|
78
|
+
`hostnamectl hostname #{fqdn}`
|
79
|
+
|
80
|
+
# SELinux stuff
|
81
|
+
puts "== adept_init: Fix SELinux perms for samba =="
|
82
|
+
`setsebool -P samba_create_home_dirs=on samba_domain_controller=on samba_enable_home_dirs=on samba_portmapper=on use_samba_home_dirs=on`
|
83
|
+
`restorecon -Rv /`
|
84
|
+
|
85
|
+
# Allow active directory ports in firewall
|
86
|
+
puts "== adept_init: Setup active directory ports in the firewall =="
|
87
|
+
`firewall-cmd --permanent --add-port={53/udp,53/tcp,88/udp,88/tcp,123/udp,135/tcp,137/udp,138/udp,139/tcp,389/udp,389/tcp,445/tcp,464/udp,464/tcp,636/tcp,3268/tcp,3269/tcp,49152-65535/tcp}`
|
88
|
+
`firewall-cmd --reload`
|
89
|
+
|
90
|
+
# Writing default config files
|
91
|
+
# TODO: Clean up these files, maybe use better defaults?
|
92
|
+
puts "== adept_init: Writing config files =="
|
93
|
+
ip_addr = Socket.ip_address_list.filter{|a| a.ip_address.include? "192"}.first.ip_address
|
94
|
+
|
95
|
+
# /etc/systemd/resolved.conf.d/custom.conf
|
96
|
+
# TODO: Need a better solution for the DNS IP, though this solution works for my network
|
97
|
+
resolved_custom_conf = %{[Resolve]
|
98
|
+
DNSStubListener=no
|
99
|
+
Domains=#{realm.downcase}
|
100
|
+
DNS=#{ip_addr}
|
101
|
+
}
|
102
|
+
Dir.mkdir("/etc/systemd/resolved.conf.d") unless Dir.exist?("/etc/systemd/resolved.conf.d")
|
103
|
+
File.open("/etc/systemd/resolved.conf.d/custom.conf", "w") {|f| f.write(resolved_custom_conf)}
|
104
|
+
|
105
|
+
# /etc/krb5.conf.d/samba-dc
|
106
|
+
krb5_samba_dc = %{[libdefaults]
|
107
|
+
default_realm = #{realm}
|
108
|
+
dns_lookup_realm = false
|
109
|
+
dns_lookup_kdc = true
|
110
|
+
|
111
|
+
[realms]
|
112
|
+
#{realm} = {
|
113
|
+
default_domain = #{domain}
|
114
|
+
}
|
115
|
+
|
116
|
+
[domain_realm]
|
117
|
+
#{fqdn} = #{realm}
|
118
|
+
}
|
119
|
+
File.open("/etc/krb5.conf.d/samba-dc", "w") {|f| f.write(krb5_samba_dc)}
|
120
|
+
|
121
|
+
# /etc/samba/smb.conf
|
122
|
+
smb_conf = %{[global]
|
123
|
+
dns forwarder = 1.1.1.1
|
124
|
+
netbios name = #{hostname.upcase}
|
125
|
+
realm = #{realm}
|
126
|
+
server role = active directory domain controller
|
127
|
+
workgroup = #{domain}
|
128
|
+
idmap_ldb:use rfc2307 = yes
|
129
|
+
|
130
|
+
[sysvol]
|
131
|
+
path = /var/lib/samba/sysvol
|
132
|
+
read only = No
|
133
|
+
|
134
|
+
[netlogon]
|
135
|
+
path = /var/lib/samba/sysvol/#{realm.downcase}/scripts
|
136
|
+
read only = No
|
137
|
+
}
|
138
|
+
File.open("/etc/samba/smb.conf", "w") {|f| f.write(smb_conf)}
|
139
|
+
|
140
|
+
# /etc/systemd/system/samba.service
|
141
|
+
samba_service = %{[Unit]
|
142
|
+
Description=Samba Active Directory Domain Controller
|
143
|
+
After=network.target remote-fs.target nss-lookup.target
|
144
|
+
|
145
|
+
[Service]
|
146
|
+
Type=forking
|
147
|
+
ExecStart=/usr/local/samba/sbin/samba -D
|
148
|
+
PIDFile=/usr/local/samba/var/run/samba.pid
|
149
|
+
ExecReload=/bin/kill -HUP $MAINPID
|
150
|
+
|
151
|
+
[Install]
|
152
|
+
WantedBy=multi-user.target
|
153
|
+
}
|
154
|
+
File.open("/etc/systemd/system/samba.service", "w") {|f| f.write(samba_service)}
|
155
|
+
`systemctl daemon-reload`
|
156
|
+
|
157
|
+
# /etc/hosts
|
158
|
+
File.open("/etc/hosts", "a") {|f| f.write("\n#{ip_addr}\t#{hostname} #{fqdn}")}
|
159
|
+
|
160
|
+
# Provision the active directory server
|
161
|
+
puts "== adept_init: Provisioning samba active directory =="
|
162
|
+
`/usr/local/samba/bin/samba-tool domain provision --server-role=dc --use-rfc2307 --dns-backend=#{dns} --realm=#{realm} --domain=#{domain} --adminpass=#{password}`
|
163
|
+
|
164
|
+
# Finishing up
|
165
|
+
puts "Samba should now be installed and ready to go!"
|
166
|
+
puts "Please reboot your system, then you may run \`systemctl enable --now samba\`."
|
167
|
+
puts "You may want to \`echo 'export PATH=/usr/local/samba/bin/:/usr/local/samba/sbin/:$PATH' >> ~/.bashrc && source ~/.bashrc\`, so that you have access to the samba tools."
|
data/lib/adept/version.rb
CHANGED
metadata
CHANGED
@@ -1,19 +1,20 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: adept
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.3.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Rory Dudley
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-02-
|
11
|
+
date: 2023-02-13 00:00:00.000000000 Z
|
12
12
|
dependencies: []
|
13
13
|
description: Extra tools to help manage active directory users on Linux.
|
14
14
|
email:
|
15
15
|
- rory.dudley@gmail.com
|
16
|
-
executables:
|
16
|
+
executables:
|
17
|
+
- adept_init
|
17
18
|
extensions: []
|
18
19
|
extra_rdoc_files: []
|
19
20
|
files:
|
@@ -24,6 +25,7 @@ files:
|
|
24
25
|
- README.md
|
25
26
|
- Rakefile
|
26
27
|
- adept.gemspec
|
28
|
+
- exe/adept_init
|
27
29
|
- lib/adept.rb
|
28
30
|
- lib/adept/version.rb
|
29
31
|
- sig/adept.rbs
|
@@ -50,7 +52,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
50
52
|
- !ruby/object:Gem::Version
|
51
53
|
version: '0'
|
52
54
|
requirements: []
|
53
|
-
rubygems_version: 3.4.
|
55
|
+
rubygems_version: 3.4.6
|
54
56
|
signing_key:
|
55
57
|
specification_version: 4
|
56
58
|
summary: Active directory extra package tools (for Linux).
|