diff options
| author | Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | 2025-01-24 16:29:30 +0100 |
|---|---|---|
| committer | Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | 2025-01-24 16:39:44 +0100 |
| commit | 1852b6cf92e0b08db26d3398faf41b2c8a20b400 (patch) | |
| tree | d419d9d16a2c0bb130b80c3da6f565ecd3484762 /sbin/itzks-prepare-reinstall | |
| parent | f2c81d3bb484d27a9af019d3934fbf4620e9514d (diff) | |
| download | itzks-systems-1852b6cf92e0b08db26d3398faf41b2c8a20b400.tar.gz itzks-systems-1852b6cf92e0b08db26d3398faf41b2c8a20b400.tar.bz2 itzks-systems-1852b6cf92e0b08db26d3398faf41b2c8a20b400.zip | |
sbin/*puppet*: Rework puppet client/ca maintenance scripts.
Diffstat (limited to 'sbin/itzks-prepare-reinstall')
| -rwxr-xr-x | sbin/itzks-prepare-reinstall | 77 |
1 files changed, 0 insertions, 77 deletions
diff --git a/sbin/itzks-prepare-reinstall b/sbin/itzks-prepare-reinstall deleted file mode 100755 index 4e7945f..0000000 --- a/sbin/itzks-prepare-reinstall +++ /dev/null @@ -1,77 +0,0 @@ -#!/bin/bash - -# Copyright (C) 2023 Mike Gabriel <mike.gabriel@das-netzwerkteam.de> -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - -unset http_proxy -unset https_proxy - -DOMAIN="intern" -HOSTNAME="$(hostname -f)" -PUPPET_SERVER="puppetserver.intern" -TJENER_SERVER="tjener.intern" - -PUPPET_CLIENT_CN="${1}" -if [ -z "${PUPPET_CLIENT_CN}" ]; then - echo "usage: $(basename $0) <computer>" - exit -2 -fi - -if [ "${HOSTNAME}" != "${PUPPET_SERVER}" ] && [ "${HOSTNAME}" != "${TJENER_SERVER}" ]; then - echo "$(basename $0): Error: This script may only be run on 'tjener.intern' or 'puppetserver.intern'." - exit -1 -fi - -if ! echo ${PUPPET_CLIENT_CN} | grep -qE "\."; then - PUPPET_CLIENT_CN="${PUPPET_CLIENT_CN}.${DOMAIN}" -elif ! echo ${PUPPET_CLIENT_CN} | grep -qE "^[-_a-z0-9]+\.${DOMAIN}\$"; then - echo "$(basename $0): Error: Hostname '${PUPPET_CLIENT_CN}' is not in domain .${DOMAIN}." - exit -3 -fi - -if [ -z "$(dig ${PUPPET_CLIENT_CN} +short | head -n1)" ]; then - echo "$(basename $0): Error: Hostname '${PUPPET_CLIENT_CN}' unknown. Mistyped the hostname?" - exit -4 -fi - -### Puppet 5.x et al. (until Debian 11) - -# strip domain name -hostname_short="$(echo ${PUPPET_CLIENT_CN} | cut -d '.' -f1)" - -## lookup host and see if it exists in LDAP: -ldapsystem=`ldapsearch -xLLL "(&(cn=${hostname_short})(|(objectClass=GOHard)(|(objectClass=ipHost))))" cn 2>/dev/null | perl -p00e 's/\r?\n //g' | grep -E '^cn:' | sed -e 's/^cn: //g'` - -if [ -n "${ldapsystem}" ]; then - - source /etc/os-release - - if [ "${ID}" = "debian" ] && \ - ([ "${VERSION_CODENAME}" == "stretch" ] || \ - [ "${VERSION_CODENAME}" == "buster" ] || \ - [ "${VERSION_CODENAME}" == "bullseye" ]); then - - # yes, we should clean this host CRT/KEY, but the puppet 5.x way - puppet cert clean "${PUPPET_CLIENT_CN}" - - else - - # yes, we should clean this host CRT/KEY, but the puppet 7++ way - puppetserver ca clean --certname "${PUPPET_CLIENT_CN}" - - fi - -fi |