steffen: server/kolab/kolab kolab_bootstrap, 1.41, 1.42 kolab_ca.sh, 1.2, 1.3 kolabconf, 1.3, 1.4
cvs at intevation.de
cvs at intevation.de
Thu Jul 8 03:49:35 CEST 2004
Author: steffen
Update of /kolabrepository/server/kolab/kolab
In directory doto:/tmp/cvs-serv11035/kolab
Modified Files:
kolab_bootstrap kolab_ca.sh kolabconf
Log Message:
make cert. creation optional during bootstrap, fixed a few bugs, got rid of a few warnings by not restarting services during bootstrap
Index: kolab_bootstrap
===================================================================
RCS file: /kolabrepository/server/kolab/kolab/kolab_bootstrap,v
retrieving revision 1.41
retrieving revision 1.42
diff -u -d -r1.41 -r1.42
--- kolab_bootstrap 7 Jul 2004 09:11:31 -0000 1.41
+++ kolab_bootstrap 8 Jul 2004 01:49:32 -0000 1.42
@@ -413,10 +413,10 @@
undef $cfg;
#print " running $kolab_prefix/etc/kolab/kolab -v -o -l$ldap_uri\n";
- print "running $kolab_prefix/sbin/kolabconf\n";
+ print "running $kolab_prefix/sbin/kolabconf -n\n";
#system("$kolab_prefix/etc/kolab/kolab -v -o -l$ldap_uri");
- system("$kolab_prefix/sbin/kolabconf");
+ system("$kolab_prefix/sbin/kolabconf -n");
if ($ldap_uri =~ /127\.0\.0\.1/ || $ldap_uri =~ /localhost/) {
print "\nkill temporary slapd\n\n";
@@ -426,22 +426,41 @@
}
}
print <<'EOS';
+Kolab can create an manage a certificate authority that can be
+used to create SSL certificates for use within the Kolab environment.
+You can choose to skip this section if you already have certificates
+for the Kolab server.
+EOS
+
+ print "Do you want to create CA and certificates (y/n) [y]: ";
+ my $tmp = ReadLine;
+ chomp $tmp;
+ if( lc $tmp eq 'n' ) {
+ print <<'EOS';
+Skipping certificate creation. Please copy your certificate to
+ at l_prefix@/etc/kolab/cert.pem and private key to
+ at l_prefix@/etc/kolab/key.pem when the bootstrap script is finished.
+
+EOS
+ } else {
+ print <<'EOS';
Now we need to create a cerificate authority (CA) for Kolab and a server
certificate. You will be prompted for a passphrase for the CA.
################################################################################
EOS
- system("$kolab_prefix/etc/kolab/kolab_ca.sh -newca $fqdn");
- system("$kolab_prefix/etc/kolab/kolab_ca.sh -newkey $fqdn $kolab_prefix/etc/kolab/key.pem");
- system("$kolab_prefix/etc/kolab/kolab_ca.sh -newreq $fqdn $kolab_prefix/etc/kolab/key.pem $kolab_prefix/etc/kolab/newreq.pem ");
- system("$kolab_prefix/etc/kolab/kolab_ca.sh -sign $kolab_prefix/etc/kolab/newreq.pem $kolab_prefix/etc/kolab/cert.pem");
- system("chgrp @l_rusr@ $kolab_prefix/etc/kolab/key.pem;");
- system("chmod 0640 $kolab_prefix/etc/kolab/key.pem;");
- system("chgrp @l_rusr@ $kolab_prefix/etc/kolab/cert.pem;");
- system("chmod 0640 $kolab_prefix/etc/kolab/cert.pem;");
- print <<'EOS';
+ system("$kolab_prefix/etc/kolab/kolab_ca.sh -newca $fqdn");
+ system("$kolab_prefix/etc/kolab/kolab_ca.sh -newkey $fqdn $kolab_prefix/etc/kolab/key.pem");
+ system("$kolab_prefix/etc/kolab/kolab_ca.sh -newreq $fqdn $kolab_prefix/etc/kolab/key.pem $kolab_prefix/etc/kolab/newreq.pem ");
+ system("$kolab_prefix/etc/kolab/kolab_ca.sh -sign $kolab_prefix/etc/kolab/newreq.pem $kolab_prefix/etc/kolab/cert.pem");
+ system("chgrp @l_rusr@ $kolab_prefix/etc/kolab/key.pem;");
+ system("chmod 0640 $kolab_prefix/etc/kolab/key.pem;");
+ system("chgrp @l_rusr@ $kolab_prefix/etc/kolab/cert.pem;");
+ system("chmod 0640 $kolab_prefix/etc/kolab/cert.pem;");
+ print <<'EOS';
################################################################################
CA and certificate creation complete
EOS
+ }
} else {
##### Slave server setup
@@ -547,6 +566,23 @@
undef $cfg;
print <<'EOS';
+If you chose to create a CA on the master server, you will now need to create
+a certificate request and copy it to the master to get it signed. If you already
+have a certificate for this server, you can choose to skip this section.
+EOS
+ print "Do you want to create a certificate request and sign it (y/n) [y]: ";
+ my $tmp = ReadLine;
+ chomp $tmp;
+ if( lc $tmp eq 'n' ) {
+ print <<'EOS';
+Skipping certificate creation. Please copy your certificate to
+ at l_prefix@/etc/kolab/cert.pem and private key to
+ at l_prefix@/etc/kolab/key.pem when the bootstrap script is finished.
+
+EOS
+ } else {
+
+ print <<'EOS';
Now we need to create a cerificate request for this slave
and then ssh to the master server to have the request signed.
You will be asked multiple times for the root password of the
@@ -554,26 +590,27 @@
################################################################################
EOS
- # Create cert req
- system("$kolab_prefix/etc/kolab/kolab_ca.sh -newkey $fqdn $kolab_prefix/etc/kolab/key.pem");
- system("$kolab_prefix/etc/kolab/kolab_ca.sh -newreq $fqdn $kolab_prefix/etc/kolab/key.pem $kolab_prefix/etc/kolab/newreq.pem ");
- # Log into master and sign cert request
- system("scp $kolab_prefix/etc/kolab/newreq.pem $master_host:$kolab_prefix/etc/kolab/$fqdn-req.pem");
- system("ssh -CA $master_host \"$kolab_prefix/etc/kolab/kolab_ca.sh -sign $kolab_prefix/etc/kolab/$fqdn-req.pem $kolab_prefix/etc/kolab/$fqdn.pem;\"");
- system("scp $master_host:$kolab_prefix/etc/kolab/$fqdn.pem $kolab_prefix/etc/kolab/cert.pem");
- system("ssh -CA $master_host \"rm $kolab_prefix/etc/kolab/$fqdn.pem $kolab_prefix/etc/kolab/$fqdn-req.pem\"");
- die("Creation of $kolab_prefix/etc/kolab/cert.pem failed") unless -f "$kolab_prefix/etc/kolab/cert.pem";
- system("chgrp @l_rusr@ $kolab_prefix/etc/kolab/key.pem;");
- system("chmod 0640 $kolab_prefix/etc/kolab/key.pem;");
- system("chgrp @l_rusr@ $kolab_prefix/etc/kolab/cert.pem;");
- system("chmod 0640 $kolab_prefix/etc/kolab/cert.pem;");
-
- print <<'EOS';
+ # Create cert req
+ system("$kolab_prefix/etc/kolab/kolab_ca.sh -newkey $fqdn $kolab_prefix/etc/kolab/key.pem");
+ system("$kolab_prefix/etc/kolab/kolab_ca.sh -newreq $fqdn $kolab_prefix/etc/kolab/key.pem $kolab_prefix/etc/kolab/newreq.pem ");
+ # Log into master and sign cert request
+ system("scp $kolab_prefix/etc/kolab/newreq.pem $master_host:$kolab_prefix/etc/kolab/$fqdn-req.pem");
+ system("ssh -CA $master_host \"$kolab_prefix/etc/kolab/kolab_ca.sh -sign $kolab_prefix/etc/kolab/$fqdn-req.pem $kolab_prefix/etc/kolab/$fqdn.pem;\"");
+ system("scp $master_host:$kolab_prefix/etc/kolab/$fqdn.pem $kolab_prefix/etc/kolab/cert.pem");
+ system("ssh -CA $master_host \"rm $kolab_prefix/etc/kolab/$fqdn.pem $kolab_prefix/etc/kolab/$fqdn-req.pem\"");
+ die("Creation of $kolab_prefix/etc/kolab/cert.pem failed") unless -f "$kolab_prefix/etc/kolab/cert.pem";
+ system("chgrp @l_rusr@ $kolab_prefix/etc/kolab/key.pem;");
+ system("chmod 0640 $kolab_prefix/etc/kolab/key.pem;");
+ system("chgrp @l_rusr@ $kolab_prefix/etc/kolab/cert.pem;");
+ system("chmod 0640 $kolab_prefix/etc/kolab/cert.pem;");
+
+ print <<'EOS';
################################################################################
Certificate creation done!
EOS
+ }
- system("$kolab_prefix/sbin/kolabconf");
+ system("$kolab_prefix/sbin/kolabconf -n");
} else {
die "Error contacting LDAP server\n";
}
Index: kolab_ca.sh
===================================================================
RCS file: /kolabrepository/server/kolab/kolab/kolab_ca.sh,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- kolab_ca.sh 7 Jul 2004 17:05:15 -0000 1.2
+++ kolab_ca.sh 8 Jul 2004 01:49:32 -0000 1.3
@@ -179,6 +179,7 @@
if [ -n "$3" ]; then
keyfile=$3
fi
+ shift 2
echo "secret"|$GENRSA -des3 -passout fd:0 -out .tmp.pass.key 1024
echo "secret"|$RSA -passin fd:0 -in .tmp.pass.key -out $keyfile
rm .tmp.pass.key
Index: kolabconf
===================================================================
RCS file: /kolabrepository/server/kolab/kolab/kolabconf,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -d -r1.3 -r1.4
--- kolabconf 18 Jun 2004 01:25:58 -0000 1.3
+++ kolabconf 8 Jul 2004 01:49:32 -0000 1.4
@@ -34,22 +34,32 @@
use Kolab::Util;
use Kolab::Conf;
use Kolab::LDAP;
-use vars qw($opt_d $opt_l);
+use vars qw($opt_d $opt_n $opt_h);
openlog('kolabconf', 'cons, pid', 'user');
-getopts('dl');
+getopts('dnh');
+if ($opt_h) {
+ print <<'EOS';
+Usage: kolabconf [-d] [-n] [-h]
+
+Option d (debug) to print out the current config.
+Option n (noreload) to skip reloading services after changing configuration.
+Option h (help) to get this text.
+EOS
+exit 0;
+}
if ($opt_d) {
foreach my $key (sort keys %Kolab::config) {
print "$key : " . $Kolab::config{$key} . "\n";
}
exit 0;
}
-if ($opt_l) {
- $SIG{__DIE__} = sub { Kolab::log( 'K', $_[0], KOLAB_ERROR ); }
+my $do_reload = 1;
+if($opt_n) {
+ $do_reload = 0;
}
-
print 'kolabconf - Kolab Configuration Generator
Copyright (c) 2004 Klaraelvdalens Datakonsult AB
@@ -63,7 +73,9 @@
Kolab::log('KC', 'Rebuilding templates');
Kolab::Conf::rebuildTemplates;
Kolab::log('KC', 'Reloading kolab components');
-Kolab::reload;
+if( $do_reload ) {
+ Kolab::reload;
+}
#if ($pid) {
# Kolab::log('KC', "Refreshing the kolab daemon (w/ PID $pid)");
# kill('HUP', $pid);
More information about the commits
mailing list