From d316a7b605d8161ddfb3944eed5d72be43eb7825 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20unbrot=20P=C3=A4tzold?= Date: Thu, 30 Apr 2026 12:52:41 +0200 Subject: [PATCH] Refactor configure.sh: per-variable validation loop with DNS domain check MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Each variable is now prompted in a retry loop so a failed test re-prompts that specific variable instead of restarting the whole wizard. Adds DNS-based IPA domain validation (_ldap._tcp SRV + _kerberos TXT + _kerberos._udp SRV), matching what ipa-client-install --domain performs. Fixes syntax errors (bare `do` → `while true; do`, `continue` → `break`). Expands VARS to include IPAVAULTNAME, CLIENT_SOFTWARE_SRC, DISTCONFIGPATH_SRC. Co-Authored-By: Claude Sonnet 4.6 --- system_setup/configure.sh | 116 +++++++++++++++++++++++++------------- 1 file changed, 76 insertions(+), 40 deletions(-) diff --git a/system_setup/configure.sh b/system_setup/configure.sh index b7653f0..3f7080d 100755 --- a/system_setup/configure.sh +++ b/system_setup/configure.sh @@ -52,12 +52,84 @@ do_configure() { echo "" source "$CONF_FILE" - VARS=("TLDOMAIN" "DOMAIN" "SERVERFQDN_IPA" "SERVERFQDN_NC" "CLIENTADMINGROUP" "IPAVAULTUSE" ) + VARS=("TLDOMAIN" "SERVERFQDN_IPA" "DOMAIN" "SERVERFQDN_NC" "IPAVAULTUSE" "IPAVAULTNAME" "CLIENT_SOFTWARE_SRC" "DISTCONFIGPATH_SRC" "CLIENTADMINGROUP" ) for ELE in "${VARS[@]}" do - new_ELE=$(prompt_value "${ELE}" "${!ELE}") - set_conf_var "${ELE}" "${new_ELE}" - source "$CONF_FILE" + while true; do + new_ELE=$(prompt_value "${ELE}" "${!ELE}") + set_conf_var "${ELE}" "${new_ELE}" + source "$CONF_FILE" + REPEAT_TEST=1 + case ${ELE} in + "SERVERFQDN_NC") echo "" + echo "=== Testing: Nextcloud server ===" + NC_STATUS=$(curl -fsSL "https://${SERVERFQDN_NC}/status.php" 2>/dev/null) + if echo "$NC_STATUS" | grep -q '"installed":true'; then + NC_VERSION=$(echo "$NC_STATUS" | grep -oP '(?<="versionstring":")[^"]+') + echo "Nextcloud confirmed at ${SERVERFQDN_NC} (version ${NC_VERSION})." + REPEAT_TEST=0 + else + echo "" + echo "WARNING: '${SERVERFQDN_NC}' does not appear to be a valid Nextcloud server." + echo " Could not reach https://${SERVERFQDN_NC}/status.php or response was unexpected." + read -rp "Start configuration again (a) or quit (q)? [a/q]: " ans + if [[ "${ans,,}" == "q" ]]; then + echo "Quitting." + exit 1 + fi + fi + ;; + "SERVERFQDN_IPA") echo "" + echo "=== Testing: FreeIPA server ===" + IPA_CODE=$(curl -s -o /dev/null -w "%{http_code}" \ + "https://${SERVERFQDN_IPA}/ipa/session/json" 2>/dev/null) + if [[ "$IPA_CODE" == "200" || "$IPA_CODE" == "401" ]]; then + echo "FreeIPA server confirmed at ${SERVERFQDN_IPA}." + REPEAT_TEST=0 + else + echo "" + echo "WARNING: '${SERVERFQDN_IPA}' does not appear to be a valid FreeIPA server." + echo " https://${SERVERFQDN_IPA}/ipa/session/json returned: ${IPA_CODE:-no response}" + read -rp "Start configuration again (a) or quit (q)? [a/q]: " ans + if [[ "${ans,,}" == "q" ]]; then + echo "Quitting." + exit 1 + fi + fi + ;; + "DOMAIN") echo "" + echo "=== Testing: IPA Domain DNS records ===" + if ! command -v dig &>/dev/null; then + echo "WARNING: 'dig' not found; skipping DNS check." + REPEAT_TEST=0 + else + LDAP_SRV=$(dig +short SRV "_ldap._tcp.${DOMAIN}" 2>/dev/null) + KRB_TXT=$(dig +short TXT "_kerberos.${DOMAIN}" 2>/dev/null) + KDC_SRV=$(dig +short SRV "_kerberos._udp.${DOMAIN}" 2>/dev/null) + if [[ -n "$LDAP_SRV" && -n "$KRB_TXT" ]]; then + REALM=$(echo "$KRB_TXT" | tr -d '"') + echo "IPA domain confirmed: ${DOMAIN}" + echo " Kerberos realm : ${REALM}" + [[ -n "$KDC_SRV" ]] && echo " KDC SRV : ${KDC_SRV}" + REPEAT_TEST=0 + else + echo "" + [[ -z "$LDAP_SRV" ]] && echo "WARNING: No _ldap._tcp.${DOMAIN} SRV record found." + [[ -z "$KRB_TXT" ]] && echo "WARNING: No _kerberos.${DOMAIN} TXT record found." + echo " '${DOMAIN}' does not appear to be a valid IPA domain." + read -rp "Start configuration again (a) or quit (q)? [a/q]: " ans + if [[ "${ans,,}" == "q" ]]; then + echo "Quitting." + exit 1 + fi + fi + fi + ;; + *) REPEAT_TEST=0 + ;; + esac + [[ $REPEAT_TEST == 0 ]] && break + done done echo "" @@ -67,42 +139,6 @@ do_configure() { while true; do do_configure - echo "" - echo "=== Testing: Nextcloud server ===" - NC_STATUS=$(curl -fsSL "https://${SERVERFQDN_NC}/status.php" 2>/dev/null) - if echo "$NC_STATUS" | grep -q '"installed":true'; then - NC_VERSION=$(echo "$NC_STATUS" | grep -oP '(?<="versionstring":")[^"]+') - echo "Nextcloud confirmed at ${SERVERFQDN_NC} (version ${NC_VERSION})." - else - echo "" - echo "WARNING: '${SERVERFQDN_NC}' does not appear to be a valid Nextcloud server." - echo " Could not reach https://${SERVERFQDN_NC}/status.php or response was unexpected." - read -rp "Start configuration again (a) or quit (q)? [a/q]: " ans - if [[ "${ans,,}" == "q" ]]; then - echo "Quitting." - exit 1 - fi - continue - fi - - echo "" - echo "=== Testing: FreeIPA server ===" - IPA_CODE=$(curl -s -o /dev/null -w "%{http_code}" \ - "https://${SERVERFQDN_IPA}/ipa/session/json" 2>/dev/null) - if [[ "$IPA_CODE" == "200" || "$IPA_CODE" == "401" ]]; then - echo "FreeIPA server confirmed at ${SERVERFQDN_IPA}." - else - echo "" - echo "WARNING: '${SERVERFQDN_IPA}' does not appear to be a valid FreeIPA server." - echo " https://${SERVERFQDN_IPA}/ipa/session/json returned: ${IPA_CODE:-no response}" - read -rp "Start configuration again (a) or quit (q)? [a/q]: " ans - if [[ "${ans,,}" == "q" ]]; then - echo "Quitting." - exit 1 - fi - continue - fi - echo "" echo "=== Select Kickstart Profile ===" KS_DIR="${SCRIPTDIR}/../ks_base_profiles"