#!

/bin/bash
##################################
#### Instalacion del Servidor ####
##################################
## A continuacion muestro las lineas que
## debe cambiar de acuerdo a su configuracion
## Linea 21, 22, 23, 24, 25
## Linea 40
## Linea 72
## Linea 77, 78, 79
## Linea 83
## Linea 88, 89, 90, 91, 92
## El resto de las lineas al final del script
## las vamos a necesitar mas adelante
##
##
##
##

## Cargando Variables
IP_ADDR=192.168.4.xxx
HOSTNAME=SERVER_NAME.example.com
SHORTNAME=SERVER_NAME
DOMAIN=example.com
REALM=EXAMPLE.COM

## Starting and Enabling Firewalld

systemctl enable firewalld ; systemctl start firewalld

## Masquerade the Network

firewall-cmd --add-masquerade --permanent; firewall-cmd --reload

## Install IPA Server and Others tools

yum install -y ipa-server bind-dyndb-ldap ipa-server-dns

## Setting the right config on hosts file

echo "$IP_ADDR $HOSTNAME $SHORTNAME" >> /etc/hosts

## Starting the IPA Server Configurarion

ipa-server-install --domain=$DOMAIN --realm=$REALM --ds-password=password --admin-
password=password --hostname=$HOSTNAME --ip-address=$IP_ADDR --reverse-
zone=4.168.192.in-addr.arpa. --forwarder=8.8.8.8 --allow-zone-overlap --setup-dns --unattended

## Opening Ports
for i in http https ldap ldaps kerberos kpasswd dns ntp; do firewall-cmd --permanent --add-service $i;
done
firewall-cmd --reload

## Installing FTP
yum install -y vsftpd
systemctl enable vsftpd ; systemctl start vsftpd

firewall-cmd --add-service ftp --permanent; firewall-cmd --reload

## CA cert
cp /root/cacert.p12 /var/ftp/pub
cp /etc/ipa/ca.crt /var/ftp/pub

# Kerberos ticket for the rest of the configuration

echo -n 'password' | kinit admin

ipa user-add rob --first=rob --last=smith

echo 'password' | ipa passwd rob

ipa user-add blad --first=blad --last=smith

echo 'password' | ipa passwd blad

ipa user-add ken --first=ken --last=smith

echo 'password' | ipa passwd ken

## Aditional config
echo -e "Make sure the dns on the server point to itself\n"

# Fixing resolv.conf
sed -i 's/nameserver 127.0.0.1/nameserver 192.168.4.XXX/' /etc/resolv.conf

## Do echo /etc/resolv.conf and verify the nameserver directive

## Need to point to the server ip address
nmcli connection modify eth0 ipv4.dns 192.168.4.XXX
nmcli connection down eth0
nmcli connection up eth0

# Creating Network repo

mkdir -p /var/ftp/pub/repos/rhel7
cp -Rf /mnt/iso/* /var/ftp/pub/repos/rhel7

# Creating Base Repo File - base

## base:
## ftp://master.example.com/pub/repos/base.repo
echo "[base]" >> /var/ftp/pub/repos/base.repo
echo "name = Base Reporitory for RHEL 7.3" >> /var/ftp/pub/repos/base.repo
echo "baseurl = ftp://SERVER_NAME.example.com/pub/repos/rhel7" >> /var/ftp/pub/repos/base.repo
echo "enabled = 0" >> /var/ftp/pub/repos/base.repo
echo "gpgcheck = 0" >> /var/ftp/pub/repos/base.repo

systemctl restart vsftpd

####################################
####################################
## Better to run this manually
# On the master.example.com
# ipa service-add
# nfs/server1.example.com

## Run this on both servers (server1 and server2)

# Install the ipa-client
# ipa-client-install --mkhomedir --enable-dns-updates --force-ntpd

# On server1.example.com
# kinit admin
# ipa-getkeytab -s master.example.com -p nfs/server1.example.com -k /etc/krb5.keytab
# scp /etc/krb5.keytab master.example.com:/var/ftp/pub/nfs-server1.keytab
# kinit -k nfs/server1.example.com
# klist -k

# On server2.example.com
# ipa-getkeytab -s master.example.com -p host/server2.example.com@EXAMPLE.COM -k
/etc/krb5.keytab
# scp /etc/krb5.keytab master.example.com:/var/ftp/pub/host-server2.keytab

## Making Readable from others on master.example.com

# chmod +r /var/ftp/pub/*.keytab