From 93c02b5f9f876fc9b110e52cb737f95aa3463f32 Mon Sep 17 00:00:00 2001 From: Endi Sukma Dewata Date: Mon, 6 May 2013 03:53:38 -0400 Subject: Added new scripts. --- scripts/cert-request.sh | 8 +++-- scripts/ds-restart.sh | 3 ++ scripts/firefox-certs-import.sh | 67 ++++++++++++++++++++++++++++++++++++++++ scripts/firefox-certs-list.sh | 14 +++++++++ scripts/firefox-certs-reload.sh | 14 +++++++++ scripts/firefox-certs-remove.sh | 19 ++++++++++++ scripts/httpd-restart.sh | 3 ++ scripts/install-deps.sh | 5 +++ scripts/install-dogtag.sh | 7 +++-- scripts/install-rpms.sh | 5 +-- scripts/ipa_memcached-restart.sh | 3 ++ scripts/kadmin-restart.sh | 3 ++ scripts/krb5kdc-restart.sh | 3 ++ scripts/tomcat-restart.sh | 3 ++ 14 files changed, 149 insertions(+), 8 deletions(-) create mode 100755 scripts/ds-restart.sh create mode 100755 scripts/firefox-certs-import.sh create mode 100755 scripts/firefox-certs-list.sh create mode 100755 scripts/firefox-certs-reload.sh create mode 100755 scripts/firefox-certs-remove.sh create mode 100755 scripts/httpd-restart.sh create mode 100755 scripts/install-deps.sh create mode 100755 scripts/ipa_memcached-restart.sh create mode 100755 scripts/kadmin-restart.sh create mode 100755 scripts/krb5kdc-restart.sh create mode 100755 scripts/tomcat-restart.sh diff --git a/scripts/cert-request.sh b/scripts/cert-request.sh index 84b3e07..8bebb76 100755 --- a/scripts/cert-request.sh +++ b/scripts/cert-request.sh @@ -32,10 +32,12 @@ json="{ #echo $json curl\ - -H "Content-Type:application/json"\ - -H "Accept:applicaton/json"\ - --negotiate -u :\ + -H "Content-Type: application/json"\ + -H "Accept: applicaton/json"\ + -H "Referer: https://dev.example.com/ipa/xml"\ + --negotiate\ --cacert /etc/ipa/ca.crt\ + -u :\ -d "$json"\ -X POST\ $IPA_JSON_URL diff --git a/scripts/ds-restart.sh b/scripts/ds-restart.sh new file mode 100755 index 0000000..08c546d --- /dev/null +++ b/scripts/ds-restart.sh @@ -0,0 +1,3 @@ +#!/bin/sh + +systemctl restart dirsrv\@REDHAT-COM.service diff --git a/scripts/firefox-certs-import.sh b/scripts/firefox-certs-import.sh new file mode 100755 index 0000000..ed463d7 --- /dev/null +++ b/scripts/firefox-certs-import.sh @@ -0,0 +1,67 @@ +#!/bin/sh -x + +user=$1 + +if [ "$user" == "" ]; then + home=$HOME +else + home=/home/$user +fi + +echo HOME=$home + +SRC_DIR=`cd ../.. ; pwd` + +FIREFOX_DIR=$home/.mozilla/firefox +PROFILE=`grep Path= $FIREFOX_DIR/profiles.ini | awk -F= '{print $2}'` + +CA_INSTANCE_NAME=ca-master +KRA_INSTANCE_NAME=kra-master + +################################################################################ +# Importing CA certificate +################################################################################ + +CA_CERT_NAME="caSigningCert cert-$CA_INSTANCE_NAME CA" +CA_CERT_DIR=/var/lib/pki/$CA_INSTANCE_NAME/alias + +# export CA cert +certutil -L -d $CA_CERT_DIR -n "$CA_CERT_NAME" -a > $CA_CERT_DIR/ca.pem +AtoB $CA_CERT_DIR/ca.pem $CA_CERT_DIR/ca.crt + +# import CA cert +certutil -A -d $FIREFOX_DIR/$PROFILE -n "$CA_CERT_NAME" -i $CA_CERT_DIR/ca.pem -t CT,C,C + +################################################################################ +# Importing server certificate +################################################################################ + +SERVER_CERT_NAME="Server-Cert cert-$CA_INSTANCE_NAME" + +# export server cert +certutil -L -d $CA_CERT_DIR -n "$SERVER_CERT_NAME" -a > $CA_CERT_DIR/server.pem +AtoB $CA_CERT_DIR/server.pem $CA_CERT_DIR/server.crt + +# import server cert +certutil -A -d $FIREFOX_DIR/$PROFILE -n "$SERVER_CERT_NAME" -i $CA_CERT_DIR/server.pem -t CT,C,C + +################################################################################ +# Importing CA admin certificate +################################################################################ + +CA_CERT_P12=$CA_CERT_DIR/ca_admin_cert.p12 + +# import CA admin cert +pk12util -i $CA_CERT_P12 -d $FIREFOX_DIR/$PROFILE -W Secret123 +certutil -M -n caadmin -t u,u,u -d $FIREFOX_DIR/$PROFILE + +################################################################################ +# Importing KRA admin certificate +################################################################################ + +KRA_CERT_DIR=/var/lib/pki/$KRA_INSTANCE_NAME/alias +KRA_CERT_P12=$KRA_CERT_DIR/kra_admin_cert.p12 + +# import KRA admin cert +pk12util -i $KRA_CERT_P12 -d $FIREFOX_DIR/$PROFILE -W Secret123 +certutil -M -n kraadmin -t u,u,u -d $FIREFOX_DIR/$PROFILE diff --git a/scripts/firefox-certs-list.sh b/scripts/firefox-certs-list.sh new file mode 100755 index 0000000..4691a0c --- /dev/null +++ b/scripts/firefox-certs-list.sh @@ -0,0 +1,14 @@ +#!/bin/sh -x + +user=$1 + +if [ "$user" == "" ]; then + home=$HOME +else + home=/home/$user +fi + +FIREFOX_DIR=$home/.mozilla/firefox +PROFILE=`grep Path= $FIREFOX_DIR/profiles.ini | awk -F= '{print $2}'` + +certutil -L -d $FIREFOX_DIR/$PROFILE diff --git a/scripts/firefox-certs-reload.sh b/scripts/firefox-certs-reload.sh new file mode 100755 index 0000000..08100a2 --- /dev/null +++ b/scripts/firefox-certs-reload.sh @@ -0,0 +1,14 @@ +#!/bin/sh -x + +user=$1 + +if [ "$user" == "" ]; then + home=$HOME +else + home=/home/$user +fi + +echo HOME=$home + +./firefox-certs-remove.sh $user +./firefox-certs-import.sh $user diff --git a/scripts/firefox-certs-remove.sh b/scripts/firefox-certs-remove.sh new file mode 100755 index 0000000..3f66210 --- /dev/null +++ b/scripts/firefox-certs-remove.sh @@ -0,0 +1,19 @@ +#!/bin/sh -x + +user=$1 + +if [ "$user" == "" ]; then + home=$HOME +else + home=/home/$user +fi + +CA_INSTANCE_NAME=ca-master +FIREFOX_DIR=$home/.mozilla/firefox +PROFILE=`grep Path= $FIREFOX_DIR/profiles.ini | awk -F= '{print $2}'` + +cd $FIREFOX_DIR/$PROFILE + +certutil -D -n "$HOSTNAME" -d . +certutil -D -n "$HOSTNAME #2" -d . +certutil -D -n "$HOSTNAME #3" -d . diff --git a/scripts/httpd-restart.sh b/scripts/httpd-restart.sh new file mode 100755 index 0000000..ce7452a --- /dev/null +++ b/scripts/httpd-restart.sh @@ -0,0 +1,3 @@ +#!/bin/sh + +systemctl restart httpd.service diff --git a/scripts/install-deps.sh b/scripts/install-deps.sh new file mode 100755 index 0000000..d81381d --- /dev/null +++ b/scripts/install-deps.sh @@ -0,0 +1,5 @@ +#!/bin/sh -x + +cd ../../freeipa + +yum install rpm-build `grep "^BuildRequires" freeipa.spec.in | awk '{ print $2 }' | grep -v "^/"` diff --git a/scripts/install-dogtag.sh b/scripts/install-dogtag.sh index 52e7c9a..7a44a0a 100755 --- a/scripts/install-dogtag.sh +++ b/scripts/install-dogtag.sh @@ -10,7 +10,8 @@ ipa-server-install\ -n redhat.com\ -p Secret123\ -a Secret123\ - --no-pkinit\ - --setup-dns\ - --forwarder $FORWARDER\ --no-ntp + +# --no-pkinit\ +# --setup-dns\ +# --forwarder $FORWARDER\ diff --git a/scripts/install-rpms.sh b/scripts/install-rpms.sh index 48b9064..4901dd0 100755 --- a/scripts/install-rpms.sh +++ b/scripts/install-rpms.sh @@ -2,6 +2,7 @@ cd ../../freeipa/dist/rpms -yum install -y\ - bind-dyndb-ldap\ +yum install -y bind-dyndb-ldap + +yum localinstall -y\ `ls` diff --git a/scripts/ipa_memcached-restart.sh b/scripts/ipa_memcached-restart.sh new file mode 100755 index 0000000..c2c81ce --- /dev/null +++ b/scripts/ipa_memcached-restart.sh @@ -0,0 +1,3 @@ +#!/bin/sh + +systemctl restart ipa_memcached.service diff --git a/scripts/kadmin-restart.sh b/scripts/kadmin-restart.sh new file mode 100755 index 0000000..05a26fd --- /dev/null +++ b/scripts/kadmin-restart.sh @@ -0,0 +1,3 @@ +#!/bin/sh + +systemctl restart kadmin.service diff --git a/scripts/krb5kdc-restart.sh b/scripts/krb5kdc-restart.sh new file mode 100755 index 0000000..d16afa3 --- /dev/null +++ b/scripts/krb5kdc-restart.sh @@ -0,0 +1,3 @@ +#!/bin/sh + +systemctl restart krb5kdc.service diff --git a/scripts/tomcat-restart.sh b/scripts/tomcat-restart.sh new file mode 100755 index 0000000..5ecd6e7 --- /dev/null +++ b/scripts/tomcat-restart.sh @@ -0,0 +1,3 @@ +#!/bin/sh + +systemctl restart pki-tomcatd\@pki-tomcat.service -- cgit