steffen: server/kolab/kolab kolab_bootstrap, 1.41, 1.42 kolab_ca.sh, 1.2, 1.3 kolabconf, 1.3, 1.4

cvs at intevation.de cvs at intevation.de
Thu Jul 8 03:49:35 CEST 2004 

Author: steffen

Update of /kolabrepository/server/kolab/kolab
In directory doto:/tmp/cvs-serv11035/kolab

Modified Files:
	kolab_bootstrap kolab_ca.sh kolabconf 
Log Message:
make cert. creation optional during bootstrap, fixed a few bugs, got rid of a few warnings by not restarting services during bootstrap

Index: kolab_bootstrap
===================================================================
RCS file: /kolabrepository/server/kolab/kolab/kolab_bootstrap,v
retrieving revision 1.41
retrieving revision 1.42
diff -u -d -r1.41 -r1.42
--- kolab_bootstrap	7 Jul 2004 09:11:31 -0000	1.41
+++ kolab_bootstrap	8 Jul 2004 01:49:32 -0000	1.42
@@ -413,10 +413,10 @@
    undef $cfg;
 
    #print " running $kolab_prefix/etc/kolab/kolab -v -o -l$ldap_uri\n";
-   print "running $kolab_prefix/sbin/kolabconf\n";
+   print "running $kolab_prefix/sbin/kolabconf -n\n";
 
    #system("$kolab_prefix/etc/kolab/kolab -v -o -l$ldap_uri");
-   system("$kolab_prefix/sbin/kolabconf");
+   system("$kolab_prefix/sbin/kolabconf -n");
 
    if ($ldap_uri =~ /127\.0\.0\.1/ || $ldap_uri =~ /localhost/) {
       print "\nkill temporary slapd\n\n";
@@ -426,22 +426,41 @@
    }
   }
   print <<'EOS';
+Kolab can create an manage a certificate authority that can be
+used to create SSL certificates for use within the Kolab environment.
+You can choose to skip this section if you already have certificates
+for the Kolab server.
+EOS
+
+  print "Do you want to create CA and certificates (y/n) [y]: ";
+  my $tmp = ReadLine;
+  chomp $tmp;
+  if( lc $tmp eq 'n' ) {
+    print <<'EOS';
+Skipping certificate creation. Please copy your certificate to 
+ at l_prefix@/etc/kolab/cert.pem and private key to
+ at l_prefix@/etc/kolab/key.pem when the bootstrap script is finished.
+
+EOS
+  } else {
+    print <<'EOS';
 Now we need to create a cerificate authority (CA) for Kolab and a server 
 certificate. You will be prompted for a passphrase for the CA.
 ################################################################################
 EOS
-  system("$kolab_prefix/etc/kolab/kolab_ca.sh -newca $fqdn");
-  system("$kolab_prefix/etc/kolab/kolab_ca.sh -newkey $fqdn $kolab_prefix/etc/kolab/key.pem");
-  system("$kolab_prefix/etc/kolab/kolab_ca.sh -newreq $fqdn $kolab_prefix/etc/kolab/key.pem $kolab_prefix/etc/kolab/newreq.pem ");
-  system("$kolab_prefix/etc/kolab/kolab_ca.sh -sign $kolab_prefix/etc/kolab/newreq.pem $kolab_prefix/etc/kolab/cert.pem");
-  system("chgrp @l_rusr@ $kolab_prefix/etc/kolab/key.pem;");
-  system("chmod 0640 $kolab_prefix/etc/kolab/key.pem;");
-  system("chgrp @l_rusr@ $kolab_prefix/etc/kolab/cert.pem;");
-  system("chmod 0640 $kolab_prefix/etc/kolab/cert.pem;");
-  print <<'EOS';
+    system("$kolab_prefix/etc/kolab/kolab_ca.sh -newca $fqdn");
+    system("$kolab_prefix/etc/kolab/kolab_ca.sh -newkey $fqdn $kolab_prefix/etc/kolab/key.pem");
+    system("$kolab_prefix/etc/kolab/kolab_ca.sh -newreq $fqdn $kolab_prefix/etc/kolab/key.pem $kolab_prefix/etc/kolab/newreq.pem ");
+    system("$kolab_prefix/etc/kolab/kolab_ca.sh -sign $kolab_prefix/etc/kolab/newreq.pem $kolab_prefix/etc/kolab/cert.pem");
+    system("chgrp @l_rusr@ $kolab_prefix/etc/kolab/key.pem;");
+    system("chmod 0640 $kolab_prefix/etc/kolab/key.pem;");
+    system("chgrp @l_rusr@ $kolab_prefix/etc/kolab/cert.pem;");
+    system("chmod 0640 $kolab_prefix/etc/kolab/cert.pem;");
+    print <<'EOS';
 ################################################################################
 CA and certificate creation complete
 EOS
+  }
 } else {
   ##### Slave server setup
 
@@ -547,6 +566,23 @@
     undef $cfg;
 
     print <<'EOS';
+If you chose to create a CA on the master server, you will now need to create 
+a certificate request and copy it to the master to get it signed. If you already
+have a certificate for this server, you can choose to skip this section.
+EOS
+    print "Do you want to create a certificate request and sign it (y/n) [y]: ";
+    my $tmp = ReadLine;
+    chomp $tmp;
+    if( lc $tmp eq 'n' ) {
+      print <<'EOS';
+Skipping certificate creation. Please copy your certificate to
+ at l_prefix@/etc/kolab/cert.pem and private key to
+ at l_prefix@/etc/kolab/key.pem when the bootstrap script is finished.
+
+EOS
+    } else {
+      
+      print <<'EOS';
 Now we need to create a cerificate request for this slave
 and then ssh to the master server to have the request signed.
 You will be asked multiple times for the root password of the
@@ -554,26 +590,27 @@
 ################################################################################
 EOS
 
-    # Create cert req
-    system("$kolab_prefix/etc/kolab/kolab_ca.sh -newkey $fqdn $kolab_prefix/etc/kolab/key.pem");
-    system("$kolab_prefix/etc/kolab/kolab_ca.sh -newreq $fqdn $kolab_prefix/etc/kolab/key.pem $kolab_prefix/etc/kolab/newreq.pem ");
-    # Log into master and sign cert request
-    system("scp $kolab_prefix/etc/kolab/newreq.pem $master_host:$kolab_prefix/etc/kolab/$fqdn-req.pem");
-    system("ssh -CA $master_host \"$kolab_prefix/etc/kolab/kolab_ca.sh -sign $kolab_prefix/etc/kolab/$fqdn-req.pem $kolab_prefix/etc/kolab/$fqdn.pem;\"");
-    system("scp $master_host:$kolab_prefix/etc/kolab/$fqdn.pem $kolab_prefix/etc/kolab/cert.pem");
-    system("ssh -CA $master_host \"rm $kolab_prefix/etc/kolab/$fqdn.pem $kolab_prefix/etc/kolab/$fqdn-req.pem\"");
-    die("Creation of $kolab_prefix/etc/kolab/cert.pem failed") unless -f "$kolab_prefix/etc/kolab/cert.pem";
-    system("chgrp @l_rusr@ $kolab_prefix/etc/kolab/key.pem;");
-    system("chmod 0640 $kolab_prefix/etc/kolab/key.pem;");
-    system("chgrp @l_rusr@ $kolab_prefix/etc/kolab/cert.pem;");
-    system("chmod 0640 $kolab_prefix/etc/kolab/cert.pem;");
-
-    print <<'EOS';
+      # Create cert req
+      system("$kolab_prefix/etc/kolab/kolab_ca.sh -newkey $fqdn $kolab_prefix/etc/kolab/key.pem");
+      system("$kolab_prefix/etc/kolab/kolab_ca.sh -newreq $fqdn $kolab_prefix/etc/kolab/key.pem $kolab_prefix/etc/kolab/newreq.pem ");
+      # Log into master and sign cert request
+      system("scp $kolab_prefix/etc/kolab/newreq.pem $master_host:$kolab_prefix/etc/kolab/$fqdn-req.pem");
+      system("ssh -CA $master_host \"$kolab_prefix/etc/kolab/kolab_ca.sh -sign $kolab_prefix/etc/kolab/$fqdn-req.pem $kolab_prefix/etc/kolab/$fqdn.pem;\"");
+      system("scp $master_host:$kolab_prefix/etc/kolab/$fqdn.pem $kolab_prefix/etc/kolab/cert.pem");
+      system("ssh -CA $master_host \"rm $kolab_prefix/etc/kolab/$fqdn.pem $kolab_prefix/etc/kolab/$fqdn-req.pem\"");
+      die("Creation of $kolab_prefix/etc/kolab/cert.pem failed") unless -f "$kolab_prefix/etc/kolab/cert.pem";
+      system("chgrp @l_rusr@ $kolab_prefix/etc/kolab/key.pem;");
+      system("chmod 0640 $kolab_prefix/etc/kolab/key.pem;");
+      system("chgrp @l_rusr@ $kolab_prefix/etc/kolab/cert.pem;");
+      system("chmod 0640 $kolab_prefix/etc/kolab/cert.pem;");
+      
+      print <<'EOS';
 ################################################################################
 Certificate creation done!
 EOS
+    }
 
-    system("$kolab_prefix/sbin/kolabconf");
+    system("$kolab_prefix/sbin/kolabconf -n");
   } else {
     die "Error contacting LDAP server\n";
   }

Index: kolab_ca.sh
===================================================================
RCS file: /kolabrepository/server/kolab/kolab/kolab_ca.sh,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- kolab_ca.sh	7 Jul 2004 17:05:15 -0000	1.2
+++ kolab_ca.sh	8 Jul 2004 01:49:32 -0000	1.3
@@ -179,6 +179,7 @@
     if [ -n "$3" ]; then
 	keyfile=$3
     fi
+    shift 2
     echo "secret"|$GENRSA -des3 -passout fd:0 -out .tmp.pass.key 1024
     echo "secret"|$RSA -passin fd:0 -in .tmp.pass.key -out $keyfile
     rm .tmp.pass.key

Index: kolabconf
===================================================================
RCS file: /kolabrepository/server/kolab/kolab/kolabconf,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -d -r1.3 -r1.4
--- kolabconf	18 Jun 2004 01:25:58 -0000	1.3
+++ kolabconf	8 Jul 2004 01:49:32 -0000	1.4
@@ -34,22 +34,32 @@
 use Kolab::Util;
 use Kolab::Conf;
 use Kolab::LDAP;
-use vars qw($opt_d $opt_l);
+use vars qw($opt_d $opt_n $opt_h);
 
 openlog('kolabconf', 'cons, pid', 'user');
 
-getopts('dl');
+getopts('dnh');
+if ($opt_h) {
+  print <<'EOS';
+Usage: kolabconf [-d] [-n] [-h]
+
+Option d (debug) to print out the current config.
+Option n (noreload) to skip reloading services after changing configuration.
+Option h (help) to get this text.
+EOS
+exit 0;
+}
 if ($opt_d) {
     foreach my $key (sort keys %Kolab::config) {
         print "$key : " . $Kolab::config{$key} . "\n";
     }
     exit 0;
 }
-if ($opt_l) {
-  $SIG{__DIE__} = sub { Kolab::log( 'K', $_[0], KOLAB_ERROR ); }
+my $do_reload = 1;
+if($opt_n) {
+  $do_reload = 0;
 }
 
-
 print 'kolabconf - Kolab Configuration Generator
 
   Copyright (c) 2004  Klaraelvdalens Datakonsult AB
@@ -63,7 +73,9 @@
 Kolab::log('KC', 'Rebuilding templates');
 Kolab::Conf::rebuildTemplates;
 Kolab::log('KC', 'Reloading kolab components');
-Kolab::reload;
+if( $do_reload ) {
+  Kolab::reload;
+}
 #if ($pid) {
 #    Kolab::log('KC', "Refreshing the kolab daemon (w/ PID $pid)");
 #    kill('HUP', $pid);

More information about the commits mailing list