50 lines
1.4 KiB
Bash
Executable File
50 lines
1.4 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
set -eufx
|
|
|
|
# ipa requires an UTF-8 locale
|
|
export LC_ALL=C.UTF-8
|
|
|
|
echo foobar | passwd --stdin root
|
|
|
|
dnf -y remove firewalld
|
|
dnf -y update
|
|
dnf -y install freeipa-server freeipa-server-dns bind bind-dyndb-ldap iptables
|
|
|
|
iptables -F
|
|
|
|
nmcli con add con-name "static-eth1" ifname eth1 type ethernet ip4 "10.111.112.100/20" ipv4.dns "10.111.112.100" gw4 "10.111.112.1"
|
|
nmcli con up "static-eth1"
|
|
hostnamectl set-hostname f0.cockpit.lan
|
|
|
|
# Let's make sure that ipa-server-install doesn't block on
|
|
# /dev/random.
|
|
#
|
|
rm -f /dev/random
|
|
ln -s /dev/urandom /dev/random
|
|
|
|
ipa-server-install -U -p foobarfoo -a foobarfoo -n cockpit.lan -r COCKPIT.LAN --setup-dns --no-forwarders
|
|
|
|
# Make sure any initial password change is overridden
|
|
printf 'foobarfoo\nfoobarfoo\nfoobarfoo\n' | kinit admin@COCKPIT.LAN
|
|
|
|
# Default password expiry of 90 days is impractical
|
|
ipa pwpolicy-mod --minlife=0 --maxlife=1000
|
|
# Change password to apply new password policy
|
|
printf 'foobarfoo\nfoobarfoo\n' | ipa user-mod --password admin
|
|
ipa user-show --all admin
|
|
|
|
# Allow "admins" IPA group members to run sudo
|
|
# This is an "unbreak my setup" step and ought to happen by default.
|
|
# See https://pagure.io/freeipa/issue/7538
|
|
ipa-advise enable-admins-sudo | sh -ex
|
|
|
|
ipa dnsconfig-mod --forwarder=8.8.8.8
|
|
|
|
ln -sf ../selinux/config /etc/sysconfig/selinux
|
|
echo 'SELINUX=permissive' > /etc/selinux/config
|
|
|
|
# reduce image size
|
|
dnf clean all
|
|
/var/lib/testvm/zero-disk.setup
|