Merge pull request #207 from ferricoxide/Issue_206

Update `leave` Logic to Include Requesting Directory-Service Delete the Client's `computerObject`
plus3it · Nov 16, 2023 · 69265f0 · 69265f0
2 parents 81806cf + 5c32f93
commit 69265f0
Show file tree

Hide file tree

Showing 2 changed files with 69 additions and 5 deletions.
diff --git a/join-domain/elx/sssd/config/clean.sls b/join-domain/elx/sssd/config/clean.sls
@@ -1,5 +1,6 @@
 {#- Get the `tplroot` from `tpldir` #}
 {%- set tplroot = tpldir.split('/')[0] %}
+{%- set joiner_files = tplroot ~ '/elx/sssd/files' %}
 
 {%- from tplroot ~ "/map.jinja" import mapdata as join_domain with context %}
 
@@ -8,10 +9,22 @@ Check Realm Status - {{ join_domain.dns_name }}:
     - name: '/sbin/realm list | grep -q ''^{{ join_domain.dns_name }}'''
 
 Leave Realm - {{ join_domain.dns_name }}:
-  cmd.run:
-    - name: '/sbin/realm leave {{ join_domain.dns_name }}'
+  cmd.script:
+    - env:
+      - DOMAIN_ACTION: 'leave'
+      - ENCRYPT_PASS: '{{ join_domain.encrypted_password }}'
+      - ENCRYPT_KEY: '{{ join_domain.key }}'
+      - JOIN_DOMAIN: '{{ join_domain.dns_name }}'
+      - JOIN_OU: '{{ join_domain.oupath }}'
+      - JOIN_USER: '{{ join_domain.username }}'
+    - cwd: '/root'
+    - name: 'join.sh'
+    - output_loglevel: quiet
     - require:
       - cmd: 'Check Realm Status - {{ join_domain.dns_name }}'
+    - source: 'salt://{{ joiner_files }}/join.sh'
+
+
 
 authselect Disable 'with-mkhomedir':
   cmd.run:

diff --git a/join-domain/elx/sssd/files/join.sh b/join-domain/elx/sssd/files/join.sh
@@ -4,11 +4,12 @@ set -eu -o pipefail
 # Script to join host to domain
 #
 #################################################################
+DOMAIN_ACTION="${DOMAIN_ACTION:-join}"
 JOIN_DOMAIN="${JOIN_DOMAIN:-UNDEF}"
 JOIN_OU="${JOIN_OU:-}"
 JOIN_USER="${JOIN_USER:-Administrator}"
 JOIN_CNAME="${JOIN_CNAME:-UNDEF}"
-JOIN_TRIES="${JOIN_TRIES:-UNDEF}"
+JOIN_TRIES="${JOIN_TRIES:-5}"
 OS_NAME_SET="${OS_NAME_SET:-False}"
 OS_VERS_SET="${OS_VERS_SET:-False}"
 PWCRYPT="${ENCRYPT_PASS:-UNDEF}"
@@ -149,5 +150,55 @@ function JoinDomain {
   return ${RET_CODE}
 }
 
-IsDiscoverable
-JoinDomain
+# Try to leave and remove host from domain
+function LeaveDomain {
+  local    LEAVE_CRED
+  local -a REALM_OPTS
+
+  REALM_OPTS=(
+    -U "${JOIN_USER}"
+    --unattended
+    --remove
+  )
+
+  # Get credentials used for leave operation
+  LEAVE_CRED="$( PWdecrypt )"
+
+
+  printf "Removing %s from to %s" "$( hostname -s )" "${JOIN_DOMAIN}"
+
+  if [[ $(
+    echo "${LEAVE_CRED}" |
+    realm leave \
+      "${REALM_OPTS[@]}" \
+      "${JOIN_DOMAIN}" > /dev/null 2>&1
+  )$? -eq 0 ]]
+  then
+    RET_CODE=0
+
+    echo "Success"
+
+  else
+      echo "FAILED: Getting system logs"
+      printf "\n==============================\n"
+      journalctl -u realmd | \
+        grep "$( date '+%b %d %H:%M' )" | \
+        sed 's/^.*]: /: /'
+      printf "\n==============================\n"
+
+      RET_CODE=1
+  fi
+
+  return "${RET_CODE}"
+
+}
+
+# Should I stay or should I go, now
+if [[ ${DOMAIN_ACTION:-} == "join" ]]
+then
+  IsDiscoverable
+  JoinDomain
+elif [[ ${DOMAIN_ACTION:-} == "leave" ]]
+then
+  LeaveDomain
+fi