summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRich Megginson <rmeggins@redhat.com>2012-08-20 09:01:16 -0600
committerRich Megginson <rmeggins@redhat.com>2012-08-20 09:01:16 -0600
commit4fbdee32a7b73bfd1b70b5b1c080036498157e1e (patch)
tree76ec0a063700f9698ed06b4ae16dd3ee98988cc8
parent7c079e3402ee5cad6d12c972ae83b040b4435a2a (diff)
downloadauto-win-vm-ad-4fbdee32a7b73bfd1b70b5b1c080036498157e1e.tar.gz
auto-win-vm-ad-4fbdee32a7b73bfd1b70b5b1c080036498157e1e.tar.xz
auto-win-vm-ad-4fbdee32a7b73bfd1b70b5b1c080036498157e1e.zip
use $SUDOCMD to run vm commands - add user SetupComplete as last step
One of the problems with make-ad-vm.sh is that there was no way to know when it was complete. setupscript99.cmd will create an AD user called SetupComplete as the very last step. When this user is present, the setup process is finished. The make-ad-vm.sh script will delete this user entry. Some of the virsh and vm commands can only be run by root. These commands are now prefixed with $SUDOCMD. If you are running the script as a non-root user, and you have sudo setup to allow that user to run the commands, you can use SUDOCMD=sudo ..othervars.. make-ad-vm.sh .... Otherwise, if you are running as root, just leave SUDOCMD blank.
-rw-r--r--answerfiles/setupscript99.cmd.in3
-rw-r--r--make-ad-vm.sh55
2 files changed, 36 insertions, 22 deletions
diff --git a/answerfiles/setupscript99.cmd.in b/answerfiles/setupscript99.cmd.in
new file mode 100644
index 0000000..8a577b1
--- /dev/null
+++ b/answerfiles/setupscript99.cmd.in
@@ -0,0 +1,3 @@
+echo add a special user entry to let clients know setup is complete
+dsadd user "cn=SetupComplete,cn=users,@VM_AD_SUFFIX@"
+echo setup is complete
diff --git a/make-ad-vm.sh b/make-ad-vm.sh
index 7b1e206..d3517c2 100644
--- a/make-ad-vm.sh
+++ b/make-ad-vm.sh
@@ -19,13 +19,14 @@ SETUP_PATH=${SETUP_PATH:-"E:"}
# fix .in files
do_subst()
{
- sed -e "s/@ADMINPASSWORD@/$ADMINPASSWORD/g" \
+ $SUDOCMD sed -e "s/@ADMINPASSWORD@/$ADMINPASSWORD/g" \
-e "s/@DOMAINNAME@/$VM_AD_DOMAIN/g" \
-e "s/@ADMINNAME@/$ADMINNAME/g" \
-e "s/@VM_AD_DOMAIN@/$VM_AD_DOMAIN/g" \
-e "s/@VM_NETBIOS_NAME@/$VM_NETBIOS_NAME/g" \
-e "s/@VM_NAME@/$VM_NAME/g" \
-e "s/@VM_FQDN@/$VM_FQDN/g" \
+ -e "s/@VM_AD_SUFFIX@/$VM_AD_SUFFIX/g" \
-e "s/@PRODUCT_KEY@/$PRODUCT_KEY/g" \
-e "s/@SETUP_PATH@/$SETUP_PATH/g" \
$1
@@ -39,7 +40,7 @@ fi
if [ -z "$VM_MAC" ] ; then
# try to get the mac addr from virsh
- VM_MAC=`virsh net-dumpxml default | grep "'"$VM_NAME"'"|sed "s/^.*mac='\([^']*\)'.*$/\1/"`
+ VM_MAC=`$SUDOCMD virsh net-dumpxml default | grep "'"$VM_NAME"'"|sed "s/^.*mac='\([^']*\)'.*$/\1/"`
if [ -z "$VM_MAC" ] ; then
echo Error: your machine $VM_MAC has no mac address in virsh net-dumpxml default
echo Please use virsh net-edit default to specify the mac address for $VM_MAC
@@ -50,7 +51,7 @@ fi
if [ -z "$VM_FQDN" ] ; then
# try to get the ip addr from virsh
- VM_IP=`virsh net-dumpxml default | grep "'"$VM_NAME"'"|sed "s/^.*ip='\([^']*\)'.*$/\1/"`
+ VM_IP=`$SUDOCMD virsh net-dumpxml default | grep "'"$VM_NAME"'"|sed "s/^.*ip='\([^']*\)'.*$/\1/"`
if [ -z "$VM_IP" ] ; then
echo Error: your machine $VM_NAME has no IP address in virsh net-dumpxml default
echo Please use virsh net-edit default to specify the IP address for $VM_NAME
@@ -75,14 +76,14 @@ ADMIN_DN=${ADMIN_DN:-"cn=$ADMINNAME,cn=users,$VM_AD_SUFFIX"}
if [ -n "$USE_FLOPPY" ] ; then
if [ ! -f $ANS_FLOPPY ] ; then
- mkfs.vfat -C $ANS_FLOPPY 1440 || { echo error $? from mkfs.vfat -C $ANS_FLOPPY 1440 ; exit 1 ; }
+ $SUDOCMD mkfs.vfat -C $ANS_FLOPPY 1440 || { echo error $? from mkfs.vfat -C $ANS_FLOPPY 1440 ; exit 1 ; }
fi
if [ ! -d $FLOPPY_MNT ] ; then
- mkdir -p $FLOPPY_MNT || { echo error $? from mkdir -p $FLOPPY_MNT ; exit 1 ; }
+ $SUDOCMD mkdir -p $FLOPPY_MNT || { echo error $? from mkdir -p $FLOPPY_MNT ; exit 1 ; }
fi
- mount -o loop -t vfat $ANS_FLOPPY $FLOPPY_MNT || { echo error $? from mount -o loop -t vfat $ANS_FLOPPY $FLOPPY_MNT ; exit 1 ; }
+ $SUDOCMD mount -o loop -t vfat $ANS_FLOPPY $FLOPPY_MNT || { echo error $? from mount -o loop -t vfat $ANS_FLOPPY $FLOPPY_MNT ; exit 1 ; }
# replace .in files with the real data
# convert to DOS format to make them easier to read in Windows
@@ -93,15 +94,15 @@ if [ -n "$USE_FLOPPY" ] ; then
*) outfile=$FLOPPY_MNT/`basename $file .in` ;;
esac
case $file in
- *.in) do_subst $file | sed 's/$/ /' > $outfile || err=$? ;;
- *) sed 's/$/ /' $file > $outfile || err=$? ;;
+ *.in) do_subst $file | $SUDOCMD sed 's/$/ /' > $outfile || err=$? ;;
+ *) $SUDOCMD sed 's/$/ /' $file > $outfile || err=$? ;;
esac
if [ -n "$err" ] ; then
- echo error $err copying $file to $outfile ; umount $FLOPPY_MNT ; exit 1
+ echo error $err copying $file to $outfile ; $SUDOCMD umount $FLOPPY_MNT ; exit 1
fi
done
- umount $FLOPPY_MNT || { echo error $? from umount $FLOPPY_MNT ; exit 1 ; }
+ $SUDOCMD umount $FLOPPY_MNT || { echo error $? from umount $FLOPPY_MNT ; exit 1 ; }
VI_FLOPPY="--disk path=$ANS_FLOPPY,device=floppy"
else
# just put everything on the CD
@@ -114,18 +115,18 @@ else
*) outfile=$staging/`basename $file .in` ;;
esac
case $file in
- *.in) do_subst $file | sed 's/$/ /' > $outfile || err=$? ;;
- *.vbs|*.cmd|*.txt|*.inf|*.ini|*.xml) sed 's/$/ /' $file > $outfile || err=$? ;;
+ *.in) do_subst $file | $SUDOCMD sed 's/$/ /' > $outfile || err=$? ;;
+ *.vbs|*.cmd|*.txt|*.inf|*.ini|*.xml) $SUDOCMD sed 's/$/ /' $file > $outfile || err=$? ;;
# just assume everything else is binary or we don't want to convert it
- *) cp -p $file $outfile || err=$? ;;
+ *) $SUDOCMD cp -p $file $outfile || err=$? ;;
esac
if [ -n "$err" ] ; then
- echo error $err copying $file to $outfile ; umount $FLOPPY_MNT ; exit 1
+ echo error $err copying $file to $outfile ; exit 1
fi
done
EXTRAS_CD_ISO=${EXTRAS_CD_ISO:-$VM_IMG_DIR/$VM_NAME-extra-cdrom.iso}
- rm -f $EXTRAS_CD_ISO
- genisoimage -iso-level 4 -J -l -R -o $EXTRAS_CD_ISO $staging/* || { echo Error $? from genisoimage $EXTRAS_CD_ISO $staging/* ; exit 1 ; }
+ $SUDOCMD rm -f $EXTRAS_CD_ISO
+ $SUDOCMD genisoimage -iso-level 4 -J -l -R -o $EXTRAS_CD_ISO $staging/* || { echo Error $? from genisoimage $EXTRAS_CD_ISO $staging/* ; exit 1 ; }
if [ -n "$VI_DEBUG" ] ; then
rm -rf $staging
fi
@@ -134,7 +135,7 @@ fi
serialpath=/tmp/serial-`date +'%Y%m%d%H%M%S'`.$$
-virt-install --connect=qemu:///system --hvm \
+$SUDOCMD virt-install --connect=qemu:///system --hvm \
--accelerate --name "$VM_NAME" --ram=$VM_RAM --vcpu=$VM_CPUS \
--cdrom $WIN_ISO --vnc --os-type windows \
--serial file,path=$serialpath --serial pty \
@@ -147,9 +148,11 @@ echo now we wait for everything to be set up
TRIES=100
SLEEPTIME=30
ii=0
+SETUPCOMPLETEDN="cn=SetupComplete,cn=Users,$VM_AD_SUFFIX"
while [ $ii -lt $TRIES ] ; do
- # this search will only return success if AD is TLS enabled
- if LDAPTLS_REQCERT=never ldapsearch -xLLL -ZZ -H ldap://$VM_FQDN -s base -b "" currenttime > /dev/null 2>&1 ; then
+ # this will only return success if AD is TLS enabled and the setup complete entry is available
+ if LDAPTLS_REQCERT=never ldapdelete -x -ZZ -H ldap://$VM_FQDN \
+ -D "$ADMIN_DN" -w "$ADMINPASSWORD" "$SETUPCOMPLETEDN" > /dev/null 2>&1 ; then
echo Server is running and configured
break
else
@@ -168,15 +171,21 @@ CA_CERT_DN="cn=$VM_CA_NAME,cn=certification authorities,cn=public key services,c
TMP_CACERT=/tmp/cacert.`date +'%Y%m%d%H%M%S'`.$$.pem
echo "-----BEGIN CERTIFICATE-----" > $TMP_CACERT
-ldapsearch -xLLL -H ldap://$VM_FQDN -D "$ADMIN_DN" -w "$ADMINPASSWORD" -s base -b "$CA_CERT_DN" "objectclass=*" cACertificate | perl -p0e 's/\n //g' | sed -e '/^cACertificate/ { s/^cACertificate:: //; s/\(.\{1,64\}\)/\1\n/g; p }' -e 'd' | grep -v '^$' >> $TMP_CACERT
+ldapsearch -xLLL -H ldap://$VM_FQDN -D "$ADMIN_DN" -w "$ADMINPASSWORD" -s base \
+ -b "$CA_CERT_DN" "objectclass=*" cACertificate | perl -p0e 's/\n //g' | \
+ sed -e '/^cACertificate/ { s/^cACertificate:: //; s/\(.\{1,64\}\)/\1\n/g; p }' -e 'd' | \
+ grep -v '^$' >> $TMP_CACERT
echo "-----END CERTIFICATE-----" >> $TMP_CACERT
echo Now test our CA cert
-if LDAPTLS_CACERT=$TMP_CACERT ldapsearch -xLLL -ZZ -H ldap://$VM_FQDN -s base -b "" currenttime > /dev/null 2>&1 ; then
+if LDAPTLS_CACERT=$TMP_CACERT ldapsearch -xLLL -ZZ -H ldap://$VM_FQDN \
+ -D "$ADMIN_DN" -w "$ADMINPASSWORD" -s base -b "" \
+ "objectclass=*" currenttime > /dev/null 2>&1 ; then
echo Success - the CA cert in $TMP_CACERT is working
else
echo Error: the CA cert in $TMP_CACERT is not working
- LDAPTLS_CACERT=$TMP_CACERT ldapsearch -d 1 -xLLL -ZZ -H ldap://$VM_FQDN -s base -b "" currenttime
+ LDAPTLS_CACERT=$TMP_CACERT ldapsearch -d 1 -xLLL -ZZ -H ldap://$VM_FQDN -s base \
+ -b "" "objectclass=*" currenttime
exit 1
fi
@@ -184,3 +193,5 @@ if [ -n "$WIN_CA_CERT_FILE" ] ; then
cp -p $TMP_CACERT $WIN_CA_CERT_FILE
rm -f $TMP_CACERT
fi
+
+exit 0