def main():
# helper files for mailserver setup
msg = '* Creating helper files '
printScript(msg, '', False, False, True)
try:
# add binduser password to setup.ini
rc, content = readTextfile(setupini)
content = content + 'binduserpw = ' + binduserpw
rc = writeTextfile(setuptmp, content, 'w')
# create setup helper script
content = '#!/bin/bash\nmkdir -p ' + constants.SSLDIR
content = content + '\nmv /tmp/*.pem ' + constants.SSLDIR
content = content + '\nchmod 640 ' + constants.SSLDIR + '/*.key.pem'
content = content + '\nln -sf ' + constants.SSLDIR + '/cacert.pem /etc/ssl/certs/cacert.pem'
content = content + '\napt-get update\napt-get -y install linuxmuster-mail'
content = content + '\nlinuxmuster-mail.py -c ' + setuptmp
content = content + '\nsystemctl start linuxmuster-mail.service'
rc = writeTextfile(setuphelper, content, 'w')
printScript(' Success!', '', True, True, False, len(msg))
except:
printScript(' Failed!', '', True, True, False, len(msg))
sys.exit(1)
# open ssh connection
if mailip != serverip:
msg = '* Establishing ssh connection to mailserver '
printScript(msg, '', False, False, True)
ssh = paramiko.SSHClient()
ssh.load_system_host_keys()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
ssh.connect(mailip, 22, 'root', adminpw)
try:
ftp = ssh.open_sftp()
printScript(' Success!', '', True, True, False, len(msg))
except:
printScript(' Failed!', '', True, True, False, len(msg))
sys.exit(1)
# uploading data & certs
msg = '* Uploading files to mailserver '
printScript(msg, '', False, False, True)
for item in [setuptmp, setuphelper, mailcert, mailkey]:
if not ftp.put(item, '/tmp/' + os.path.basename(item)):
printScript(' ' + os.path.basename(item) + ' failed!', '',
True, True, False, len(msg))
sys.exit(1)
ftp.chmod(setuphelper, stat.S_IRWXU | stat.S_IRGRP | stat.S_IXGRP)
printScript(' Success!', '', True, True, False, len(msg))
# start mailserver setup per ssh
msg = '* Starting mailserver setup '
printScript(msg, '', False, False, True)
try:
stdin, stdout, stderr = ssh.exec_command(setuphelper)
printScript(' Success!', '', True, True, False, len(msg))
except:
printScript(' Failed!', '', True, True, False, len(msg))
sys.exit(1)
# close ssh connection
ftp.close()
ssh.close()
# local mailserver setup
else:
msg = '* Starting mailserver setup '
printScript(msg, '', False, False, True)
try:
subProc('apt update && apt -y install linuxmuster-mail', logfile)
subProc('linuxmuster-mail.py -s -c ' + setuptmp, logfile)
subProc('systemctl start linuxmuster-mail.service', logfile)
printScript(' Success!', '', True, True, False, len(msg))
except:
printScript(' Failed!', '', True, True, False, len(msg))
sys.exit(1)
os.unlink(setuptmp)
# add mail dns entry
msg = '* Creating dns entry '
printScript(msg, '', False, False, True)
try:
sambaTool('dns add localhost ' + domainname + ' mail A ' + mailip)
sambaTool('dns add localhost ' + domainname + ' mail MX "' + mailip +
' 10"')
printScript(' Success!', '', True, True, False, len(msg))
except:
printScript(' Failed!', '', True, True, False, len(msg))
sys.exit(1)
'sophomorix-user --user global-binduser --comment "' +
sophomorix_comment + '"', logfile)
printScript(' Success!', '', True, True, False, len(msg))
except Exception as error:
printScript(error, '', True, True, False, len(msg))
sys.exit(1)
# no expiry for Administrator password
msg = 'No expiry for administrative passwords '
printScript(msg, '', False, False, True)
try:
for i in [
'Administrator', 'global-admin', 'sophomorix-admin',
'global-binduser'
]:
sambaTool('user setexpiry ' + i + ' --noexpiry', logfile)
printScript(' Success!', '', True, True, False, len(msg))
except Exception as error:
printScript(error, '', True, True, False, len(msg))
sys.exit(1)
# create default-school, no connection to ad
msg = 'Creating ou for ' + schoolname + ' '
printScript(msg, '', False, False, True)
try:
subProc('sophomorix-school --create --school ' + schoolname, logfile)
subProc('sophomorix-school --gpo-create ' + schoolname, logfile)
printScript(' Success!', '', True, True, False, len(msg))
except Exception as error:
printScript(error, '', True, True, False, len(msg))
sys.exit(1)
try:
name_resolved = socket.gethostbyaddr(ip)[0].split('.')[0]
except:
name_resolved = ''
if cmd == 'add' and ip == ip_resolved and hostname == name_resolved:
print('DNS records for host ' + hostname + ' with ip ' + ip +
' are already up-to-date.')
sys.exit(0)
# delete existing dns records if there are any
domainname = socket.getfqdn().split('.', 1)[1]
fqdn = hostname + '.' + domainname
for item in ip_resolved, ip:
if item == '':
continue
if sambaTool('dns delete localhost ' + domainname + ' ' + hostname +
' A ' + item):
print('Deleted A record for ' + fqdn + ' -> ' + item + '.')
oc1, oc2, oc3, oc4 = item.split('.')
zone = oc3 + '.' + oc2 + '.' + oc1 + '.in-addr.arpa'
if sambaTool('dns delete localhost ' + zone + ' ' + oc4 + ' PTR ' + fqdn):
print('Deleted PTR record for ' + item + ' -> ' + fqdn + '.')
# in case of deletion job is already done
if cmd == 'delete':
sys.exit(0)
# add dns A record
try:
sambaTool('dns add localhost ' + domainname + ' ' + hostname + ' A ' + ip)
print('Added A record for ' + fqdn + '.')
except:
# check if ip has not changed or has to be updated
if cmd == 'add':
try:
ip_resolved = socket.gethostbyname(hostname)
if ip_resolved == ip:
print('IP for ' + hostname + ' has remained unchanged, doing nothing.')
sys.exit(0)
else:
cmd = 'update'
ip = ip_resolved + ' ' + ip
except Exception as error:
print(error)
# check if it is a dynamic ip device
if not isDynamicIpDevice(hostname):
print(hostname + ' is no dynamic ip device, doing nothing.')
sys.exit(0)
# print message
if cmd == 'add':
print('Creating A record for ' + hostname + '.')
elif cmd == 'update':
print('IP for ' + hostname + ' has changed, performing update.')
else:
print("Deleting " + hostname + "'s A record.")
domainname = socket.getfqdn().split('.', 1)[1]
sambaTool('dns ' + cmd + ' localhost ' + domainname + ' ' + hostname + ' A ' + ip)
def main():
# open ssh connection
if mailip != serverip:
# start mailserver setup per ssh
printScript('Remote mailserver setup')
sshcmd = 'ssh -q -oStrictHostKeyChecking=accept-new ' + mailip + ' '
try:
msg = '* Uploading certificates '
printScript(msg, '', False, False, True)
# create remote ssl cert dir
subProc(sshcmd + 'mkdir -p ' + constants.SSLDIR, logfile)
# upload certs
for item in [cacert, mailcert, mailkey]:
putSftp(mailip, item, item)
# link cacert
subProc(sshcmd + 'ln -sf ' + cacert + ' /etc/ssl/certs', logfile)
printScript(' Success!', '', True, True, False, len(msg))
msg = '* Uploading setup data '
printScript(msg, '', False, False, True)
# create remote dir for setup.ini
subProc(sshcmd + 'mkdir -p ' + constants.VARDIR, logfile)
# upload setup.ini
putSftp(mailip, setuptmp, setupini)
printScript(' Success!', '', True, True, False, len(msg))
msg = '* Installing linuxmuster-mail package '
printScript(msg, '', False, False, True)
# install linuxmuster-mail pkg
subProc(sshcmd + 'apt update', logfile)
subProc(sshcmd + 'apt -y install linuxmuster-mail', logfile)
# key permissions
subProc(sshcmd + 'chmod 640 ' + mailkey, logfile)
subProc(sshcmd + 'chgrp docker ' + mailkey, logfile)
printScript(' Success!', '', True, True, False, len(msg))
msg = '* Pulling mailserver image '
printScript(msg, '', False, False, True)
# pull image
subProc(sshcmd + 'docker pull ' + imagename, logfile)
printScript(' Success!', '', True, True, False, len(msg))
msg = '* Setting up mailserver container '
printScript(msg, '', False, False, True)
# invoke setup script
subProc(
sshcmd + '/usr/sbin/linuxmuster-mail-setup -f -c ' + setupini,
logfile)
printScript(' Success!', '', True, True, False, len(msg))
except:
msg = 'Remote mailserver setup '
printScript(msg, '', False, False, True)
printScript(' Failed!', '', True, True, False, len(msg))
sys.exit(1)
# local mailserver setup
else:
msg = 'Local mailserver setup '
printScript(msg, '', False, False, True)
try:
subProc('apt update && apt -y install linuxmuster-mail', logfile)
subProc('/usr/sbin/linuxmuster-mail-setup -f -c ' + setuptmp,
logfile)
printScript(' Success!', '', True, True, False, len(msg))
except:
printScript(' Failed!', '', True, True, False, len(msg))
sys.exit(1)
# add mail dns entry
msg = '* Creating dns entry '
printScript(msg, '', False, False, True)
try:
sambaTool('dns add localhost ' + domainname + ' mail A ' + mailip,
logfile)
sambaTool(
'dns add localhost ' + domainname + ' mail MX "' + mailip + ' 10"',
logfile)
printScript(' Success!', '', True, True, False, len(msg))
except:
printScript(' Failed!', '', True, True, False, len(msg))
sys.exit(1)
try:
students = os.popen(
"sophomorix-query --schoolbase default-school --student --user-minimal | grep [1-9]: | awk '{ print $2 }'"
).read().split('\n')
teachers = os.popen(
"sophomorix-query --schoolbase default-school --teacher --user-minimal | grep [1-9]: | awk '{ print $2 }'"
).read().split('\n')
printScript(' Success!', '', True, True, False, len(msg))
except:
printScript(' Failed!', '', True, True, False, len(msg))
sys.exit(1)
# change password to Muster!
pw = constants.ROOTPW
msg = 'Setting user passwords to "' + pw + '" '
printScript(msg)
for user in students + teachers:
if user == '':
continue
msg = ' * ' + user + ' '
printScript(msg, '', False, False, True)
try:
sambaTool('user setpassword ' + user + ' --newpassword="******"')
printScript(' Success!', '', True, True, False, len(msg))
except:
printScript(' Failed!', '', True, True, False, len(msg))
msg = 'done! '
printScript(msg)
printScript('', 'end')